Successfully reported this slideshow.
Your SlideShare is downloading. ×

Requirements Evolution Drives Software Evolution

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 35 Ad

More Related Content

Slideshows for you (20)

Similar to Requirements Evolution Drives Software Evolution (20)

Advertisement

Recently uploaded (20)

Advertisement

Requirements Evolution Drives Software Evolution

  1. 1. Requirements Evolution Drives Software Evolution Neil  Ernst,  Alexander  Borgida,  John  Mylopoulos nernst@cs.ubc.ca  -­‐  borgida@cs.rutgers.edu  -­‐  jm@disi.unitn.it 1
  2. 2. The Position • If  we  don't  know  what,  or  more  importantly,   why  we  are  doing  something,  "how"  we  do  it  is   inconsequential.   • Changing  requirements  are  costly  and  a  major   source  of  software  errors.   • Requirements  drift  from  implementation.   • Lack  of  tool  support  for  requirements  evolution. • Requirements  are  ultimately  about  business   value. 2
  3. 3. Outline • Other  positions  and  examples • What  is  a  requirement?  What  is  software   evolution? • How  can  we  use  requirements  in  SW  Evol? • One  approach  to  the  problem • Discussion  questions 3
  4. 4. Other researchers agree • A  challenge  for  software  migration  is  “How  to   ensure  that  the  resulting  system  has  the   desired  quality  and  functionality?”1 • How  to  accommodate  “.  .  .  evolution  of  higher-­‐ level  artifacts  such  as  analysis  and  design   models,  software  architectures,  requirement   specifications,  and  so  on.”2 • Agreement  on  importance  of  requirements  re-­‐ use  and  requirements  integration [1] T. Mens. Future Research Challenges in Software Evolution. Presentation to ERCIM Working Group on Software Evolution, Brussels, 2009. 4 [2] Mens et al. Challenges in Software Evolution, IWPSE/EVOL 2005.
  5. 5. Some examples • Recent  study  on  million  €  government  IT   project1 • 16  months,  4222  person-­‐days  of  work,  282   changes  (50%  of  effort) • 24%  of  changes  at  requirements  phase • Most  expensive  changes  originate  with   organization  and  strategic  concerns • Changes  in  solution  domain  very  low  value [1] S. McGee and D. Greer, “Software Requirements Change Taxonomy: Evaluation by Case Study,” ICRE, August 2011. 5
  6. 6. PCI Data Security Standard (PCI-DSS) 1. Build  and  Maintain  a  Secure  Network   2. Protect  Cardholder  Data 3. Maintain  a  Vulnerability  Management  Program 4. Implement  Strong  Access  Control  Measures 5. Regularly  Monitor  and  Test  Networks 6. Maintain  an  Information  Security  Policy 6
  7. 7. PCI-DSS changes • Multiple  root  logins • WEP  -­‐>  WPA • Server  virtualization 7
  8. 8. Requirements problems: Goals, tasks, and assumptions • Requirements  describe  stakeholder  desires  for  the  new   system  (e.g.,  “protect  cardholder  data”). • These  desired  states  we  call  goals. • Goals  are  iteratively  refined  until  operationalized  by  an   implementation  task. • A  goal  model  defines  a  space  of  alternative  designs  for   satisfying  goals,  constrained  by  domain  assumptions. The  requirements  problem:  given  a  set  of  goals,  which  tasks   and  assumptions  satisfy  those  goals?1 [1] [1] P. Zave and M. Jackson, “Four Dark Corners of Requirements Engineering,” TOSEM, vol. 6, pp. 1-30, 1997. 8
  9. 9. PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server servers instances 9
  10. 10. PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server servers instances 9
  11. 11. PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server servers instances 9
  12. 12. PCI-DSS model Increase Goal revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server servers instances 9
  13. 13. PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept cash Accept credit card Refinement Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server servers instances 9
  14. 14. PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server Task No money for new servers Virtualize Use multiple server servers instances 9
  15. 15. PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Domain Buy strongbox Implement only one primary function per assumption server No money for new servers Virtualize Use multiple server servers instances 9
  16. 16. PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per Alternatives server No money for new servers Virtualize Use multiple server servers instances 9
  17. 17. PCI-DSS model Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server instances servers Conflict 9
  18. 18. The requirements evolution problem • Given  an  existing  solution  Si  which  satisfies D,  Si  ⊢  G,  and • modified  entities  (δ(G),  δ(D),  δ(S)); • Find  Ŝ  so  that  δ(D),  Ŝ  ⊢  δ(G),  such  that  this   satisfies  some  desired  property  π,  relating  Ŝ  to  Si. 10
  19. 19. Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Virtualize Use multiple server servers instances 11
  20. 20. Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per server No money for new servers Si Virtualize Use multiple server servers instances 11
  21. 21. Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per Use Secure Hash server on CC # No money for new servers Si Virtualize Use multiple server servers instances 11
  22. 22. Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per Use Secure Hash server on CC # No money for new servers Si Virtualize Use multiple server servers instances New Requirement 11
  23. 23. Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per Use Secure Hash server on CC # No money for new servers Virtualize Use multiple server servers instances New Requirement 11
  24. 24. Increase revenues Accept payment Avoid financial losses and penalties Accept credit Accept cash card Use Verifone Use Moneris Be PCI POS POS compliant Buy strongbox Implement only one primary function per Use Secure Hash server on CC # No money for new servers Virtualize Use multiple server servers Ŝ instances New Requirement 11
  25. 25. Maintenance implications • New  implementation  tasks: • switch  payment  system  providers • add  secure  hash  function 12
  26. 26. Useful properties π 1. Minimal  implementation  effort. 2. Minimal  change  effort  solutions. 3. Maximal  familiarity  solutions. Si Sa Sb Sc a b c a c a b c f g h d e d f d g 13
  27. 27. Useful properties π 1. Minimal  implementation  effort. 2. Minimal  change  effort  solutions. 3. Maximal  familiarity  solutions. Si Sa Sb Sc a b c a c a b c f g h d e d f d g 13
  28. 28. Useful properties π 1. Minimal  implementation  effort. 2. Minimal  change  effort  solutions. 3. Maximal  familiarity  solutions. Si Sa Sb Sc a b c a c a b c f g h d e d f d g 13
  29. 29. Useful properties π 1. Minimal  implementation  effort. 2. Minimal  change  effort  solutions. 3. Maximal  familiarity  solutions. Si Sa Sb Sc a b c a c a b c f g h d e d f d g 13
  30. 30. Useful properties π 1. Minimal  implementation  effort. 2. Minimal  change  effort  solutions. 3. Maximal  familiarity  solutions. Si Sa Sb Sc a b c a c a b c f g h d e d f d g 13
  31. 31. Useful properties π 1. Minimal  implementation  effort. 2. Minimal  change  effort  solutions. 3. Maximal  familiarity  solutions. Si Sa Sb Sc a b c a c a b c f g h d e d f d g 13
  32. 32. Useful properties π 1. Minimal  implementation  effort. 2. Minimal  change  effort  solutions. 3. Maximal  familiarity  solutions. Si Sa Sb Sc a b c a c a b c f g h d e d f d g 13
  33. 33. Implementing the REKB • Implemented  a  tool  for  answering  these   questions. • For  case  study,  tell  user • what  compliance  strategy  to  use • what  business  goals  will  be  satisfied • what  changes  are  important 14
  34. 34. Discussion questions 1. Is  it  important  to  support  full  traceability? 2. How  do  we  capture  business  objectives  (and   value)  in  software  evolution  tools? 3. Why  has  there  been  relatively  little  focus  on   requirements  in  Software  Evolution? http://neilernst.net @neilernst github.com/neilernst 15
  35. 35. Thanks! http://neilernst.net @neilernst github.com/neilernst 16

×