Requirements Evolution Drives Software Evolution

Requirements Evolution Drives Software Evolution Neil Ernst, Alexander Borgida, John Mylopoulosnernst@cs.ubc.ca -‐ borgida@cs.rutgers.edu -‐ jm@disi.unitn.it 1

The Position • If we dont know what, or more importantly, why we are doing something, "how" we do it is inconsequential. • Changing requirements are costly and a major source of software errors. • Requirements drift from implementation. • Lack of tool support for requirements evolution. • Requirements are ultimately about business value.2

Outline • Other positions and examples • What is a requirement? What is software evolution? • How can we use requirements in SW Evol? • One approach to the problem • Discussion questions3

Other researchers agree • A challenge for software migration is “How to ensure that the resulting system has the desired quality and functionality?”1 • How to accommodate “. . . evolution of higher-‐ level artifacts such as analysis and design models, software architectures, requirement speciﬁcations, and so on.”2 • Agreement on importance of requirements re-‐ use and requirements integration [1] T. Mens. Future Research Challenges in Software Evolution. Presentation to ERCIM Working Group on Software Evolution, Brussels, 2009.4 [2] Mens et al. Challenges in Software Evolution, IWPSE/EVOL 2005.

Some examples • Recent study on million € government IT project1 • 16 months, 4222 person-‐days of work, 282 changes (50% of eﬀort) • 24% of changes at requirements phase • Most expensive changes originate with organization and strategic concerns • Changes in solution domain very low value [1] S. McGee and D. Greer, “Software Requirements Change Taxonomy: Evaluation by Case Study,” ICRE, August 2011.5

PCI Data Security Standard (PCI-DSS) 1. Build and Maintain a Secure Network 2. Protect Cardholder Data 3. Maintain a Vulnerability Management Program 4. Implement Strong Access Control Measures 5. Regularly Monitor and Test Networks 6. Maintain an Information Security Policy6

PCI-DSS changes • Multiple root logins • WEP -‐> WPA • Server virtualization7

Requirements problems: Goals, tasks, and assumptions • Requirements describe stakeholder desires for the new system (e.g., “protect cardholder data”). • These desired states we call goals. • Goals are iteratively reﬁned until operationalized by an implementation task. • A goal model deﬁnes a space of alternative designs for satisfying goals, constrained by domain assumptions. The requirements problem: given a set of goals, which tasks and assumptions satisfy those goals?1 [1] [1] P. Zave and M. Jackson, “Four Dark Corners of Requirements Engineering,” TOSEM, vol. 6, pp. 1-30, 1997.8

PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server servers instances9

PCI-DSS model Increase Goal revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server servers instances9

PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept cash Accept credit card Reﬁnement Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server servers instances9

PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server Task No money for new servers Virtualize Use multiple server servers instances9

PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Domain Buy strongbox Implement only one primary function per assumption server No money for new servers Virtualize Use multiple server servers instances9

PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per Alternatives server No money for new servers Virtualize Use multiple server servers instances9

PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server instances servers Conﬂict9

The requirements evolution problem • Given an existing solution Si which satisfies D, Si ⊢ G, and • modified entities (δ(G), δ(D), δ(S)); • Find Ŝ so that δ(D), Ŝ ⊢ δ(G), such that this satisfies some desired property π, relating Ŝ to Si.10

Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server servers instances11

Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new serversSi Virtualize Use multiple server servers instances11

Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per Use Secure Hash server on CC # No money for new serversSi Virtualize Use multiple server servers instances11

Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per Use Secure Hash server on CC # No money for new serversSi Virtualize Use multiple server servers instances New Requirement11

Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per Use Secure Hash server on CC # No money for new servers Virtualize Use multiple server servers instances New Requirement11

Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per Use Secure Hash server on CC # No money for new servers Virtualize Use multiple server serversŜ instances New Requirement11

Maintenance implications • New implementation tasks: • switch payment system providers • add secure hash function12

Useful properties π 1. Minimal implementation eﬀort. 2. Minimal change eﬀort solutions. 3. Maximal familiarity solutions. Si Sa Sb Sc a b c a c a b c f g h d e d f d g13

Implementing the REKB • Implemented a tool for answering these questions. • For case study, tell user • what compliance strategy to use • what business goals will be satisﬁed • what changes are important14

Discussion questions 1. Is it important to support full traceability? 2. How do we capture business objectives (and value) in software evolution tools? 3. Why has there been relatively little focus on requirements in Software Evolution? http://neilernst.net @neilernst github.com/neilernst15

Thanks! http://neilernst.net @neilernst github.com/neilernst16

Requirements Evolution Drives Software Evolution

by Neil Ernst on Sep 09, 2011

Accessibility

Categories

Tags

Upload Details

Usage Rights

Statistics

Requirements Evolution Drives Software Evolution — Presentation Transcript