LSCITS Engineering<br />Prof. Ian Sommerville<br />St Andrews University<br />
Objectives<br />To discuss why the traditional approach to engineering is not adequate for building LSCITS<br />To introdu...
What is an LSCITS?<br />The key difference between an LSCITS and other classes of large system is that there are significa...
LSCITS have a close and entangled relationships with the socio-technical systems that rely on these LSCITS</li></li></ul><...
The basis of engineering<br />	A discussion of the fundamental assumption that is a foundation for engineering and systems...
Reductionism<br />Reductionism<br /> “an approach to understanding the nature of complex things by reducing them to the in...
We see reductionism in notions such as
Contractor/sub-contractor relationships
Top-down design</li></li></ul><li>Reductionist assumptions<br />Control<br />Reductionist approaches assume that we have c...
Software engineering<br />Developments in software engineering have largely adopted a reductionist perspective:<br />Desig...
Problems with reductionism<br /><ul><li>Scale
When things get too big, then reductionist approaches become intellectually unmanageable because of the complexity of the ...
Environment
The relationships between a system and its environment are often uncontrollable
People
Who refuse to behave in a rational and deterministic way</li></li></ul><li>Engineering project failures<br />Engineering p...
Complex and complicated systems<br />Reductionist approaches are intended to help deal with complicated systems i.e. syste...
LSCITS engineering<br />Reductionism + Reality<br />
LSCITS development<br />Systems contribute<br />capabilities<br />Software capabilities<br />S1<br />Creates<br />new<br /...
Continuous development<br />It is rare (perhaps unknown) for an LSCITS to be developed from ‘scratch’<br />Rather, an LSCI...
Brownfield development<br />LSCITS are never developed from scratch <br />It is often the case that an LSCITS emerges afte...
Alternatives to reductionism<br />Bricolage<br />Systems are developed opportunistically by integrating available systems ...
Alternatives to reductionism<br />Emergence<br />Systems are developed using an evolutionary ‘survival of the fittest’ app...
Has reductionism had its day?<br />At the moment, reductionism is the only tool that we have for the specification, design...
Better software engineering?<br />LSCITS engineering problems cannot be solved by<br />improved software processes, proces...
LSCITS Engineering<br />LSCITS Engineering (LSCITS-E) is the process of creating, evolving and managing LSCITSs. <br />Not...
The realities of LSCITS-E<br />Social and technical are inseparable<br />Focus on the social and the technical together ra...
LSCITS-E Challenges<br />	Problems that we have to address to make LSCITS engineering a reality<br />
LSCITS – E challenges<br />Managing scale<br />Dealing with uncertainty<br />Thinking and reasoning about LSCITS<br />Maki...
Scale causes problems<br />No centralised or unified understanding of the ‘system as a whole’<br />The ability to understa...
Coping with uncertainty<br />Uncertainty is a universal characteristics of LSCITS and the principal cause of system proble...
Upcoming SlideShare
Loading in...5
×

L6 LSCITS Engineering

417

Published on

Thoughts on the issues that affect LSCITS engineering - in truth, we really have no idea how to do this

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
417
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

L6 LSCITS Engineering

  1. 1. LSCITS Engineering<br />Prof. Ian Sommerville<br />St Andrews University<br />
  2. 2. Objectives<br />To discuss why the traditional approach to engineering is not adequate for building LSCITS<br />To introduce the notion of LSCITS engineering and to introduce LSCITS engineering challenges<br />To suggest a research agenda for LSCITS engineering<br />
  3. 3. What is an LSCITS?<br />The key difference between an LSCITS and other classes of large system is that there are significant ‘unknowns’ in the environments in which LSCITS is procured, developed and operated.<br /><ul><li>An LSCITS is an LSITS (or a collection of LSITSs) where unknown, unstable and uncontrollable factors in the systems procurement, development and operational environment affect the design and use of the system
  4. 4. LSCITS have a close and entangled relationships with the socio-technical systems that rely on these LSCITS</li></li></ul><li>An LSCITS model<br />STS 1<br />STS 2<br />S2<br />S5<br />S7<br />S4<br />S1<br />S3<br />S6<br />
  5. 5. The basis of engineering<br /> A discussion of the fundamental assumption that is a foundation for engineering and systems development<br />
  6. 6. Reductionism<br />Reductionism<br /> “an approach to understanding the nature of complex things by reducing them to the interactions of their parts, or to simpler or more fundamental things”.<br /><ul><li>Reductionism underpins most engineering, including software engineering
  7. 7. We see reductionism in notions such as
  8. 8. Contractor/sub-contractor relationships
  9. 9. Top-down design</li></li></ul><li>Reductionist assumptions<br />Control<br />Reductionist approaches assume that we have control over the organisation of the system. It is then possible to decompose the system into parts that can themselves be engineered using reductionist approaches<br />Understandable relationships<br />The relationships between the parts are visible and understandable<br />A rational world<br />Reductionist approaches assume that rationality will be the principal influence in decision making<br />Definable problems<br />Reductionist approaches assume that the problem can be defined and the system boundaries established<br />
  10. 10. Software engineering<br />Developments in software engineering have largely adopted a reductionist perspective:<br />Design methodologies<br />Formal methods<br />Agile approaches<br />Software architecture<br />Model-driven engineering<br />Reductionist approaches to software engineering have been successful in allowing us to construct larger software systems<br />More effective reductionist approaches allow us to deal with increasingly complicated systems.<br />
  11. 11. Problems with reductionism<br /><ul><li>Scale
  12. 12. When things get too big, then reductionist approaches become intellectually unmanageable because of the complexity of the interactions between the parts of the whole
  13. 13. Environment
  14. 14. The relationships between a system and its environment are often uncontrollable
  15. 15. People
  16. 16. Who refuse to behave in a rational and deterministic way</li></li></ul><li>Engineering project failures<br />Engineering projects ‘fail’ (go over schedule and budget) when reductionist assumptions break down <br />Edinburgh tramways project<br />Environment problems. There are no maps of existing utilities and there have been complex problems of moving pipes and cabling to accommodate the tram system<br />There has been considerable political wrangling between the local government and the national government<br />Software project failures<br />Relatively common because, even for LSITS, reductionist assumptions are dubious<br />
  17. 17. Complex and complicated systems<br />Reductionist approaches are intended to help deal with complicated systems i.e. systems where there are many interactions between components but which can (in principle) be understood and controlled<br />However, LSCITS are complex systems where is is impossible to acquire and maintain a complete understanding of the system and where elements are independently controlled and often have undocumented side-effects<br />
  18. 18. LSCITS engineering<br />Reductionism + Reality<br />
  19. 19. LSCITS development<br />Systems contribute<br />capabilities<br />Software capabilities<br />S1<br />Creates<br />new<br />S2<br />Used to construct<br />S3<br />Systems Development<br />???<br />S4<br />LSCITS<br />???<br />
  20. 20. Continuous development<br />It is rare (perhaps unknown) for an LSCITS to be developed from ‘scratch’<br />Rather, an LSCITS emerges from an assembly of existing technical and socio-technical systems that are supplemented by the development of new software to help achieve a broad set of goals<br />LSCITS engineering is a continual process of procurement, development, deployment, operation and de-commissioning<br />
  21. 21. Brownfield development<br />LSCITS are never developed from scratch <br />It is often the case that an LSCITS emerges after experience with a range of individual systems<br />By the time we recognise the need for an LSCITS, we have already accumulated a range of constraints:<br />Legacy systems<br />Technologies<br />Socio-technical systems<br />Laws and regulations<br />
  22. 22. Alternatives to reductionism<br />Bricolage<br />Systems are developed opportunistically by integrating available systems and components and by using whatever integration mechanisms work at the time<br />Mashups, where different web services are combined opportunistically, are examples of bricolage<br />Problems with fit to socio-technical world, security, dependability, maintainability<br />
  23. 23. Alternatives to reductionism<br />Emergence<br />Systems are developed using an evolutionary ‘survival of the fittest’ approach based on genetic algorithms, etc.<br />The argument is made that this is what underlies the development of the web<br />Problems<br />Uncontrollable. You cannot be sure that you get the system that you need or that the system will not have undesirable properties<br />Visibility. It is hard to demonstrate compliance, safety, etc.<br />Scale. Notwithstanding the example of the web, there is no evidence that current approaches based on emergence scale to large systems <br />
  24. 24. Has reductionism had its day?<br />At the moment, reductionism is the only tool that we have for the specification, design and construction of LSCITS<br />The problem is not in reductionism in itself, but in believing that it is all that is required to engineering complex systems<br />We need to move to a situation where we use reductionism as far as possible but recognise that we need to temper this with a dose of reality<br />
  25. 25. Better software engineering?<br />LSCITS engineering problems cannot be solved by<br />improved software processes, process maturity, quality management etc.<br />better tools and technology<br />more rigorous methods of development<br />Better project management<br />These can all contribute and are worth doing but break down in the face of large-scale uncertainty<br />A key requirement for LSCITS engineering is the ability to represent, model and demanage both scale and uncertainty<br />
  26. 26. LSCITS Engineering<br />LSCITS Engineering (LSCITS-E) is the process of creating, evolving and managing LSCITSs. <br />Not just a technical discipline – needs involvement of people with a wide range of expertise (social science, psychology, engineering, management, etc.)<br />We need new systems and software engineering approaches (e.g. designing for failure) that take into account the inherent complexities of LSCITS and the need to cope with uncertainty<br />LSCITS-E will incorporate current software engineering activities(notably requirements engineering and system architecture), you should bear in mind that current methods are what we’ve got rather than what we need<br />
  27. 27. The realities of LSCITS-E<br />Social and technical are inseparable<br />Focus on the social and the technical together rather than consider technical issues in isolation<br />Perfection is unattainable<br />Adopt a pragmatic acceptance of the world as it is, populated by imperfect people<br />You can’t win<br />Accept that systems will always be a compromise, with multiple, often conflicting, notions of what is meant by ‘success’ and where the system boundaries lie<br />Things will go wrong<br />Adopt a view of dependability where partial failure is normal and tolerable<br />
  28. 28. LSCITS-E Challenges<br /> Problems that we have to address to make LSCITS engineering a reality<br />
  29. 29. LSCITS – E challenges<br />Managing scale<br />Dealing with uncertainty<br />Thinking and reasoning about LSCITS<br />Making systems work together effectively<br />Standards for LSCITS<br />
  30. 30. Scale causes problems<br />No centralised or unified understanding of the ‘system as a whole’<br />The ability to understand an individual constituent of the system and its relationships decreases as the number of constituents increases<br />Problems of management and governance are exacerbated and increase as new systems are added and the overall LCSITS increases in size<br />The (socio-technical) effects of changes to constituents of the system become impossible to predict<br />Size makes it more difficult to reach consensus about system requirements<br />
  31. 31. Coping with uncertainty<br />Uncertainty is a universal characteristics of LSCITS and the principal cause of system problems is unpredicted events and behaviour in both the technical and socio-technical systems<br />Aleatory uncertainty<br />Uncertainty that relates to the fact that the world is uncertain.<br />Epistemic uncertainty<br />Uncertainty that arises because our knowledge of the world is incomplete<br />Coping with uncertainty is about designing for flexibility and utilising the abilities of people to deal with unseen problems<br />Will be discussed in more detail in the following lecture<br />
  32. 32. LSCITS abstractions<br />Our existing abstractions (functions, objects, component, etc.) that we use in defining software systems are based on a reductionist view of the world<br />We need new abstractions which are more effective at representing large-scale systems and accommodating uncertainty to allow us to represent and reason about LSCITS<br />Examples of possible abstractions<br />Responsibilities<br />A duty to achieve, maintain or avoid some state, subject to constraints.<br />Capabilities<br />The ability to completely or partially discharge a responsibility<br />
  33. 33. Interoperability and integration<br />The constituents of LSCITS have to interoperate (ensuring that constituent systems that can operate smoothly together) and integrate (ensuring that constituent systems can exchange information in a controlled way)<br />Interoperability is about control; integration is about data<br />Integration is not just about physical data exchange but also must take into account business rules and data regulations<br />To achieve effective interoperation and integration, we need to pay attention to socio-technical issues, system requirements and architecture<br />
  34. 34. Standards<br />General interoperability/integration can only be achieved if standards are widely adopted and systems are built that implement these standards<br />Currently, the standards that have been accepted and that are widely adopted are low-level standards<br />Standards for data exchange<br />Standards for service syntax<br />We need standards based on semantics if true interoperability is to be achieved<br />
  35. 35. Research agenda for LSCITS engineering<br />Requirements engineering for LSCITS<br />LSCITS means uncertainty and we need better tools and techniques for understanding where uncertainties exist and how the system should cope with these uncertainties.<br />Better techniques are required to understand the requirements from the socio-technical environment in which the LSCITS is used<br />Managing failure<br />Moving from a world where failure is something to be avoided to a world where failure is normal and simply has to be lived with<br />Ensuring the ‘small failures’ do not cascade to ‘large failures’<br />
  36. 36. Research agenda for LSCITS engineering<br />LSCITS architecture<br />Abstractions for representing LSCITS architecture<br />Architectural styles and patterns for LSCITS<br />Architecture trade-offs and system consequences<br />Dynamic systems<br />Integration mechanisms that allow systems to evolve rapidly in response to changing demands and capabilities, governance, standards and regulation<br />Methods of understanding and managing these systems<br />
  37. 37. Key points<br />Reductionism is the basis of engineering, including software engineering. However reductionism cannot cope effectively with complexity<br />Better reductionist approaches are not adequate, in themselves, for building LSCITS but we cannot simply discard our current approaches<br />Key challenges for LSCITS engineering are managing scale, developing new abstractions to model LSCITS, integration and interoperation and challenges<br />
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×