Secure Software Development Lectures 1 - 7
Architectural Design
The design process for identifying the subsystems making up a system and the framework for sub-system control and communication is architectural design.
Sub-System Development
Typically refers to parallel projects developing hardware, software and communications. May involve some commercial software.
What is a problem of Domain Requirements?
Understandability O Requirements are expressed in the language of the application domain; O This is often not understood by software engineers developing the system. Implicitness O Domain specialists understand the area so well that they do not think of making the domain requirements explicit.
What does Requirements prototyping mostly accomplish?
User Interface (UI) part of the requirement in terms of: 1. Visual looks (size, shape, position, color) 2. Flow (control and logical flow; depth of flow)
Safety
a property of a system that reflects the system's ability to operate, normally or abnormally, without danger of causing human injury or death and without damage to the system's environment.
What are UML sequence diagram used for and what do they look like?
used to depict a flow of interactions
3 Stages of System Engineering
1. Procurement (acquisition) 2. Development 3. Operation
What are the "simple" software engineering steps?
1 - Understand the problem 2 - Perform Some Design 3 - Code/Implement 4 - Validate/Test the program
Implementation (Rational Unified Process)
The components in the system are implemented and structured into implementation sub-systems. Automatic code generation from design models helps accelerate this process.
What are the core principals of Agile Development?
1. "Fits just right" process 2. Continuous testing and validation 3. Consistent team collaboration 4. Rapid response to change 5. Ongoing customer involvement 6. Frequent delivery of working software
What are the family of software development Agile Methodologies?
1. "Short" releases and multiple iterations 2. Incremental design/development 3. User involvement (especially for in-house) 4. Minimal documentation 5. Informal communications 6. Assumes changes
Design Patterns
1. A pattern is a description of the problem and the essence of its solution. 2. It should be sufficiently abstract to be reused in different settings. 3. Pattern descriptions usually make use of object-oriented characteristics such as inheritance and polymorphism.
Secondary safety-critical systems
1. A system whose failure could result in faults in other (socio-technical) systems resulting in safety consequences. E.g. A hospital patient management system.
Acceptability (Attributes of good software)
1. Acceptable to type of users designed for. 2. Understandable, usable and compatible with other systems in use.
Safety Termonology
1. Accident (or mishap) 2. Hazard 3. Damage 4. Hazard severity 5. Hazard probability 6. Probability 7. Risk
Development and Deployment - 4 Points
1. After completion, the system has to be installed in the customer's environment 2. Decisions are made on dependability and security requirements and trade-offs made between costs, schedule, performance and dependability. 3. Human errors may lead to the introduction of faults into the system. 4. Testing and validation processes may be limited because of limited budgets.
List 2 other Requirement Problem failures
1. Ariane 5 Rocket - 4th of June 1996 2. Patriot missile defence system- 25th of February 1991
What are the problems of Incremental delivery?
1. As requirements are not defined in detail until an increment is to be implemented, it can be hard to identify common facilities that are needed by all increments. 2. However, this conflicts with the procurement model of many organizations, where the complete system specification is part of the system development contract.
Security Terminology
1. Asset 2. Exposure 3. Vulnerability 4. Attack 5. Threats 6. Control
Dependability achievement 3 Points
1. Avoid the introduction of accidental errors when developing the system. 2. Design protection mechanisms that guard against external attacks. 3. Include recovery mechanisms to help restore normal system service after a failure.
Explain Intellectual property rights (ethical and professional responsibility)
1. Be aware of local laws governing use of intellectual property such as patents and copyright. 2. Ensure intellectual property of employers and clients is protected
What is Class Design?
1. Classes represent real-world entities or system concepts 2. Organized into classes: objects in a class have similar characteristics 3. Classes have properties (attributes or data) 4. Classes also have methods (perform functions)
What does a Three Tier Style Repository offer? and how does it look
1. Clients do not access DB directly 2. Better Flexibility, integrity
What did the Capers Jones Study find in September 2012 ?(code errors) 5 Points
1. Code errors : 38.33% 2. Design errors : 24.17% 3. Documentation errors : 13.33% 4. Requirements errors : 12.50% 5. Bad-fix errors : 11.67%
What are XP's Core Values?
1. Communication (between team and with customers) 2. Simplicity (in design and code) 3. Feedback (at many levels) 4. Courage (to make and implement difficult decisions)
What are the Process stages of Reuse-oriented software engineering?
1. Component analysis; 2. Requirements modification; 3. System design with reuse; 4. Development and integration.
List 8 system characteristics?
1. Components 2. Interrelationships 3. Boundaries 4. Input/Output 5. Purpose 6. Environment 7. Interface 8. Constraints
What is the difference between software engineering and computer science?
1. Computer science - theory and fundamentals 2. Software engineering - developing and delivering software
What are the different Database Design types?
1. Conceptual modeling (done during analysis/requirement phase) produces ER diagram 2. Logical design (to relational) 3. Physical design (decide data types, etc.) 4. Deployment/maintenance O Low-level physical (which hard-drive etc) O Adjustment of indexes
What makes good software (McCall's quality model)?
1. Correctness 2. Reliability 3. Efficiency 4. Integrity 5. Usability 6. Maintainability 7. Testability 8. Flexibility 9. Portability 10. Re-usability 11. Interoperability
Correctness (McCall's Quality model) cons
1. Correctness is subjective. 2. What if specifications are wrong?
What are the benefits of Incremental delivery?
1. Customer value can be delivered with each increment so system functionality is available earlier. 2. Early increments act as a prototype to help elicit requirements for later increments. 3. Lower risk of overall project failure. 4. The highest priority system services tend to receive the most testing.
Software specification
1. Customers and engineers describe software to be produced 2. and constraints.
What are common design processes
1. Define the context and modes of use of the system; 2. Design the system architecture; 3. Identify the principal system objects; 4. Develop design models; 5. Specify object interfaces.
What are the attributes of good software?
1. Deliver required functionality 2. Deliver performance 3. Be maintainable, dependable and usable.
Dependability (Attributes of good software)
1. Dependability includes a range of characteristics including reliability, security and safety. 2. Should not cause physical or economic damage in the event of system failure. Malicious users should not be able to access or damage the system.
What is contained within the detailed descriptions of the Requirements Specification document?
1. Details of each functionality (input-out-process) 2. Interfaces, including user interfaces and network interfaces 3. Performance requirements (response time, throughput, etc.) etc
Client-server architecture
1. Distributed system model which shows how data and processing is distributed across a range of components. 2. Can be implemented on a single computer. 3. Set of stand-alone servers which provide specific services such as printing, data management, etc. 4. Set of clients which call on these services. 5. Network which allows clients to access servers.
What 3 perspectives is Rational Unified Process?
1. Dynamic perspective that shows phases over time; 2. Static perspective that shows process activities; 3. Practice perspective that suggests good practice.
3 characteristics of a socio-technical system?
1. Emergent properties 2. Non-deterministic 3. Complex relationships with organisational objectives
What are the Layers in the STS stack?
1. Equipment Hardware devices, some of which may be computers. Most devices will include an embedded system of some kind. 2. Operating system Provides a set of common facilities for higher levels in the system. 3. Communications and data management Middleware that provides access to remote systems and databases. 4. Application systems Specific functionality to meet some organization requirements. 5. Business processes A set of processes involving people and computer systems that support the activities of the business. 6. Organizations Higher level strategic business activities that affect the operation of the system. 7. Society Laws, regulation and culture that affect the operation of the system.
What are the characteristics of an event dispatcher?
1. Events may be a simple notification or may include associated data 2. Events may be prioritized or be based on constraints such as time 3. Events may require synchronous or asynchronous processing 4. Events may be "registered" or "unregistered" by components
What impact can System Evolution have? 4 Points
1. Evolution is inherently costly 2. Changes must be analysed from a technical and business perspective; 3. Sub-systems interact so unanticipated problems can arise; 4. There is rarely a rationale for original design decisions;
List 3 Agile Methodologies
1. Extreme Programming (XP) --- the first by Beck (1990's) 2. Crystal Clear/Orange - by Alistair Cockburn 3. SCRUM ---- currently popular (not really part of Agile --- partially agile)
Reliability (Emergent Properties) 3 points
1. Faults or failure can propagate occur because of component inter-dependencies. 2. Practically impossible to anticipate all possible component relationships. 3. Software reliability measures give a false picture of overall system reliability
How is Agile Development different?
1. Focus on collaboration 2. Focus on working software 3. Agilists are generalizing specialists 4. Agile is based on practice, not theory
What are 3 problems with "Traditional" development Processes
1. Focused on and oriented towards "large projects" and lengthy development time (years)--- started SWE 2. Inability to cope with changes in requirements and technology fast enough --- "formal" change mgmt 3. Assumes requirements are completely understood at beginning of project --- stable requirements
What are Reference Architectures?
1. Full-fledged architectures 2. Serves as "templates" or as "a reference" for a class of systems 3. Example: J2EE Reference Architecture (MVC2)
System Integration 3 Points
1. Hardware, software and people should be brought together incrementally. So sub-systems are integrated one at a time. 2. The system is tested as it is integrated. 3. Interface problems between sub-systems are usually found at this stage.
Software design
1. Identify software components 2. Identify relationships Based on customer requirements.
What are the benefits of prototyping?
1. Improved system usability. 2. A closer match to users' real needs. 3. Improved design quality.
What is a Layered Style?
1. The "outer" layer can only ask for service from the "inner" layer or " upper" layer can only ask for service from "lower" layer. 2. strict layering: only directly inside or below layer 3. relaxed layering: any inside or below layers
How do you decide whether to build or buy?
1. In a wide range of domains, it is now possible to buy off-the-shelf systems (COTS) that can be adapted and tailored to the users' requirements. 2. When you develop an application in this way, the design process becomes concerned with how to use the configuration features of that system to deliver the system requirements.
Explain RUP phases
1. Inception Establish the business case for the system. 2. Elaboration Develop an understanding of the problem domain and the system architecture. 3. Construction System design, programming and testing. 4. Transition Deploy the system in its operating environment.
Chaos Report - Profiling attributes for projects "impaired and ultimately cancelled" 3 Points
1. Incomplete requirements 2. Lack of user involvement 3. Lack of resources
Requirements are categorized by 6 detailed requirements areas:
1. Individual functionality 2. Business flow (usage 'scenarios') 3. Data and information needs 4. User interfaces 5. Other interfaces to external systems/platforms 6. Various constraints (non-functional)
What is the Requirements Specification document
1. Introduction 2. High Level description 3. Detailed descriptions
4 software testing axioms
1. It is impossible to test a program completely. 2. Software testing is a risk-based exercise. 3. Testing cannot show the absence of bugs. 4. The more bugs you find, the more bugs there are.
Chaos Report - Profiling attributes for "challenged" projects (completed & operational - but over-budget and over-time-estimate) 3 Points
1. Lack of user input 2. Incomplete user requirements and specification 3. Changing requirements and specifications
List 3 Security and Dependability considerations
1. Limited design options 2. Human errors 3. Inadequate testing
Debugging
1. Locating and fixing errors in code. 2. Errors noticed by testing, inspection, use. Four phases 1. Stabilization (reproduction) 2. Localization 3. Correction 4. Verification
4+1 views (by Krutchen)
1. Logical (OO decomposition - key abstractions) 2. Process (run-time, concurrency/distribution of functions) 3. Subsystem decomposition 4. Physical architecture 5. +1: use cases/scenarios
What modes of requirement Prototyping are there?
1. Low fidelity : using paper/cardboard to represent screens and human to move the boards 2. High fidelity : using automated tools such as Visual Basic to code the screens and direct the logical flow of these screens
Complexity (Depth)
1. More Connections 2. Data sharing among functionalities & logic 3. Control Passing among functionalities
Complexity (Breadth)
1. More Functionalities 2. More Features within each functionality 3. More varieties of Interfaces (internal & external) 4. More Users and varieties of users 5. More data, varieties of data, data structures
What are the elements of Design Patterns?
1. Name 2. Problem description. 3. Solution description. 4. Consequences
What are the sectors of Boehm's spiral model?
1. Objective setting Specific objectives for the phase are identified. 2. Risk assessment and reduction Risks are assessed and activities put in place to reduce the key risks. 3. Development and validation A development model for the system is chosen which can be any of the generic models. 4. Planning The project is reviewed and the next phase of the spiral is planned.
Explain The System Design Process 5 Points
1. Partition requirements 2. Identify sub-systems 3. Assign requirements to sub-systems 4. Specify sub-system functionality. 5. Critical activity for parallel sub-system development.
How should Architectural patterns be presented and what should they include?
1. Patterns should include information about when they are and when they are not useful. 2. Patterns may be represented using tabular and graphical descriptions.
What are the Architectural Styles/Patterns as "reusable" starting point for Design activities
1. Pipes-and-Filters 2. Event-Driven 3. Client-Server 4. Model-View-Controller (MVC) 5. Layered 6. Repository 7. Three tier
How would we ensure Rational Unified Process is followed in good practice?
1. Plan increments based on customer priorities and deliver highest priority increments first. 2. Explicitly document customer requirements and keep track of changes to these requirements. 3. Organize the system architecture as a set of reusable components. 4. Use graphical UML models to present static and dynamic views of the software. 5. Ensure that the software meet's organizational quality standards.
Based on the concept of quick and constant "feedback mechanism". What are XP's Key Practices?
1. Planning Game (Small Units of Requirements) 2. Onsite Customer (Immediate and better feedback) 3. Metaphor (Use one set of metaphor for design/architecture) 4. Simple Design (Just enough to cover what's needed) 5. Coding Standard (Facilitates better communication)
Assertions
1. Pre-condition: condition your module requires in order to work 2. Post-condition: condition that should be true if your module worked 3. Assertion: Executable statement that checks a condition and produces an error if it is not met 4. Assertions supported by many languages
How do we prepare for Requirements Engineering?
1. Prior to actually performing the requirements engineering activities,it is important to plan for the resources, methodology and time needed to perform this crucial step in software engineering. 2. Some organizations even perform requirements engineering as a separate ,stand-alone activity and price it separately, with the option of folding the cost into the whole project if they get the call to complete the software project.
What is the Boehm's spiral model?
1. Process is represented as a spiral rather than as a sequence of activities with backtracking. 2. Each loop in the spiral represents a phase in the process. 3. No fixed phases such as specification or design - loops in the spiral are chosen depending on what is required. 4. Risks are explicitly assessed and resolved throughout the process.
Define System Engineering
1. Procuring, specifying, designing, implementing, validating, deploying and maintaining socio-technical systems. - Developing 2. Concerned with the services provided by the system, constraints on its construction and operation and the ways in which it is used to fulfill its purpose or purposes. - Maintaining
Within Prototype Development, what may we leave out?
1. Prototype should focus on areas of the product that are not well-understood. 2. Error checking and recovery may not be included in the prototype. 3. Focus on function rather than non-function requirements such as reliability and security.
What are XP's Fundamental Principles?
1. Rapid feedback 2. Simplicity 3. Incremental change 4. Embrace change 5. Quality work
what is agile development approach: Incremental delivery
1. Rather than deliver the system as a single delivery, the development and delivery is broken down into increments with each increment delivering part of the required functionality. 2. User requirements are prioritised and the highest priority requirements are included in early increments. 3. Once the development of an increment is started, the requirements are frozen though requirements for later increments can continue to evolve.
List 7 Good implementations
1. Readability 2. Maintainability 3. Performance 4. Traceability 5. Correctness 6. Completeness 7. Other issues: Relative importance ? Tradeoffs ?
What does Relational Database Design entail?
1. Relations (tables) 2. Two-dimensional sets 3. Rows (tuples), Columns (attributes) 4. A Row may be an entity, Columns may be relationship or attributes 5. Primary key (unique identifier) - for search 6. Foreign keys (connects tables) 7. Normalisation
Development (Stages of System Engineering) 3 Points
1. Requirements are defined in detail 2. System is implemented and tested 3. Operational processes are defined
What are the Requirements validation techniques?
1. Requirements reviews Systematic manual analysis of the requirements. 2. Prototyping Using an executable model of the system to check requirements. 3. Test-case generation Developing tests for requirements to check testability. Test Driven Development (TDD)
What several activities are required to build a "Mission critical" or "Business critical" system?
1. Requirements: gathering, analysis, specification, and agreement 2. Design: abstraction, decomposition, cohesion, interaction and coupling analysis 3. Implementation: coding and unit testing 4. Integration: and tracking of pieces and parts 5. Separate testing: functional testing, component testing, system testing, and performance testing 6. Packaging: the system 7. Releasing: the system
Dependability attribute dependencies 3 Points
1. Safe system operation depends on the system being available and operating reliably. 2. A system may be unreliable because its data has been corrupted by an external attack. 3. Denial of service attacks on a system are intended to make it unavailable.
3 Points Before procurement, decisions are made on:
1. Scope of the system 2. System budgets and timescales 3. High-level system requirements
Why are Software Systems are usually not dependable?
1. Security vulnerabilities 2. Safety-critical faults 3. Requirements errors 4. Programming mistakes
What is Model View Control (MVC)?
1. Separates model (data) from view 2. Controller often integrated with view
Why do we agreed to and signed off on requirements?
1. Serves as a milestone marker and formally exits a phase of software of engineering 2. Serves as baseline from which any future changes can be monitored and controlled
Efficiency (Attributes of good software)
1. Should not wasteful of system resources such as memory and processor cycles. 2. Efficiency therefore includes responsiveness, processing time, memory utilisation, etc.
What are the different forms requirements definitions may be written in?
1. Simple Input/Process/Output (I-P-U) descriptions in English 2. Dataflow diagrams (DFD) 3. Entity Relations diagram (ERD)
Integrated development environments (IDEs)
1. Software development tools are often grouped to create an integrated development environment (IDE). 2. An IDE is a set of software tools that supports different aspects of software development, within some common framework and user interface. 3. IDEs are created to support development in a specific programming language such as Java. The language IDE may be developed specially, or may be an instantiation of a general-purpose IDE, with specific language-support tools.
What are the fundamental software engineering activities?
1. Software specification 2. Software development 3. Software validation 4. Software evolution
Define Maintainability (Attributes of good software)
1. Software written so it can evolve to meet changing needs of customers. 2. This is a critical attribute as change is an inevitable requirement
What does the software process involve?
1. Specification - defining what the system should do; 2. Design and implementation - defining the organization of the system and implementing the system; 3. Validation - checking that it does what the customer wants; 4. Evolution - changing the system in response to changing customer needs.
What is the object-oriented design process
1. Structured object-oriented design processes involve developing a number of different system models. 2. They require a lot of effort for development and maintenance of these models and, for small systems, this may not be cost-effective 3. However, for large systems developed by different groups design models are an important communication mechanism.
Operation (Stages of System Engineering)
1. System is deployed and put into use. 2. Changes are made as new requirements emerge. 3. Eventually, system is decommissioned.
Procurement - acquisition (Stages of System Engineering) 4 Points
1. System purpose is established 2. High-level system requirements are defined 3. Decisions distributed on functionality 4. System components are purchased.
What are the benefits of Incremental development?
1. The cost of accommodating changing customer requirements is reduced. 2. It is easier to get customer feedback on the development work that has been done. 3. More rapid delivery and deployment of useful software to the customer is possible.
What are the main problems with the Waterfall model?
1. The main drawback of the waterfall model is the difficulty of accommodating change after the process is underway. In principle, a phase has to be complete before moving onto the next phase 2. The waterfall model is mostly used for large systems engineering projects where a system is developed at several sites. In those circumstances, the plan-driven nature of the waterfall model helps coordinate the work.
What are the problems of Incremental development?
1. The process is not visible. 2. System structure tends to degrade as new increments are added.
What are the different threat classes?
1. Threats to confidentiality of the system and its data 2. Threats to the integrity of the system and its data 3. Threats to the availability of the system and its data
Chaos Report - Profiling attributes for projects that "succeeded" 4 Points
1. User Involvement 2. Executive Management Support 3. Clear Requirements 4. Proper Planning
What do you need to consider when checking requirements?
1. Validity 2. Consistency 3. Completeness 4. Realism 5. Verifiability
List 5 Emergent properties
1. Volume 2. Reliability 3. Security 4. Reparability 5. Usability
What are the types of Software Component?
1. Web services that are developed according to service standards and which are available for remote invocation. 2. Collections of objects that are developed as a package to be integrated with a component framework such as .NET or J2EE. 3. Stand-alone software systems (COTS) that are configured for use in a particular environment.
When is the repository model of sharing most commonly used?
1. When large amounts of data are to be shared
What does an architectural model show?
1. one view or perspective of the system. 2. how run-time processes interact 3. the different ways in which system components are distributed across a network.
What is the Waterfall Model?
1.Requirements must be specified first. 2. Main tasks completed in sequence: requirements, design, code and test, followed by packaging. 3.Output of one stage feeds into the next: easily tracked ("controlled") by management
What did Pfleeger & Hatton in IEEE Computer say about computer faults in February 1997.
6-30 faults delivered for every 1000 lines of software
System fault (Reliability terminology)
A characteristic of a software system that can lead to a system error. The fault is the inclusion of the code to add 1 hour to the time of the last transmission, without a check if the time is greater than or equal to 23.00.
What is a system component
A component is an irreducible part of the system or an aggregate of parts (subsystem) Components depend on each other to perform tasks
Analysis and design (Rational Unified Process)
A design model is created and documented using architectural models, component models, object models and sequence models.
What is a system control?
A process that measures performance and adjusts the system towards a specific goal (e.g. desired room temperature )
Deployment (Rational Unified Process)
A product release is created, distributed to users and installed in their workplace.
What are relationships and system boundaries?
A relationship defines the interaction among entities and activities System boundaries determine the origin of inputs and the destination of outputs
Define an Information System
A set of interacting components for the collection, processing and storing of data that has, as output, the data required to perform a business task
What are Non functional Requirements?
A single non-functional requirement, such as a security requirement, may generate a number of related functional requirements that define system services that are required. O It may also generate requirements that restrict existing requirements.
What is the Software Process?
A structured set of activities required to develop a software system.
Safety-critical systems (Types of Critical Systems)
A system whose failure may result in injury, loss of life or serious environmental damage. An example of a safety-critical system is a control system for a chemical manufacturing plant.
Mission-critical systems (Types of Critical Systems)
A system whose failure may result in the failure of some goal-directed activity. An example of a mission-critical system is a navigational system for a spacecraft.
Business-critical systems (Types of Critical Systems)
A system whose failure may result in very high costs for the business using the system. An example of a business-critical system is the customer accounting system in a bank.
Requirements (Rational Unified Process)
Actors who interact with the system are identified and use cases are developed to model the system requirements.
How does purpose relate to a system?
All the components within a system work together on a common purpose: The system's reason for existing.
What are activities and objects?
An activity is an event initiated by a trigger Objects or entities are the elements involved in the activities
Architectural patterns
An architectural pattern is a stylized description of good design practice, which has been tried and tested in different environments.
System error (Reliability terminology)
An erroneous system state that can lead to system behavior that is unexpected by system users. The value of transmission time is set incorrectly (to 24.XX rather than 00.XX) when the faulty code is executed.
System failure (Reliability terminology)
An event that occurs at some point in time when the system does not deliver a service as expected by its users. No weather data is transmitted because the time is invalid.
What is Agile Development?
An iterative and incremental (evolutionary) approach performed in a highly collaborative manner with just the right amount of ceremony to produce high quality software in a cost effective and timely manner which meets the changing needs of its stakeholders.
Business and social change (Issues affecting software development)
As business and society change So will existing software
Extending the "Simple" Process
As projects got larger and more complex. 1. Needed to clarify and stabilize the requirements 2. Needed to test more functionalities 3. Needed to design more carefully 4. Needed to use more existing software & tools 5. Database 6. Network 7. Code control 8. Needed more people to be involved
Security and trust (Issues affecting software development)
As software is intertwined with all aspects of our lives, it is essential that we can trust that software.
Non-deterministic (Characteristics of Socio-technical system)
As systems are partially human dependent. The same output won't always be presented.
The systems approach (understanding human error)
Assumes that people are fallible. Designed to detect mistakes before leading to system failure. Aim is not to blame individual but understand why system did not trap error.
Principal of Dependability properties
Availability The probability that the system will be up and running and able to deliver useful services to users. Reliability The probability that the system will correctly deliver services as expected by users. Safety A judgment of how likely it is that the system will cause damage to people or its environment. Security A judgment of how likely it is that the system can resist accidental or deliberate intrusions.
What is Reuse-oriented software engineering?
Based on systematic reuse where systems are integrated from existing components or COTS (Commercial-off-the-shelf) systems. Reuse is now the standard approach for building many types of business system
Dependability economics
Because of very high costs of dependability achievement, it may be more cost effective to accept untrustworthy systems and pay for failure costs
The person approach (understanding human error)
Blame for error is placed on operator concerned. Actions to reduce error include punishment, better training, more stringent procedures, etc.
How can you express reliability and availability?
Both of these attributes can be expressed quantitatively e.g. availability of 0.999 means that the system is up and running for 99.9% of the time.
What are the Static Workflows in Rational Unified Process
Business modelling Requirements Analysis and design Implementation Testing Deployment Configuration and change management Project management Environment
How does the system meet the environment
By means of an interface
Emergent properties (Characteristics of Socio-technical system)
Property of an entire system dependent on its system components and relationships.
What is the Requirements Analysis composed of?
Categorizing the requirements (by some criteria) Most High Level: 1. Functional Non-functional 1. Other more detailed grouping also exist 2. 6 dimensions of requirements Prioritizing the requirements Most of the time we have some limitations in developing software: 1. Time 2. Resources 3. Technical capabilities (existing) We need to prioritize the requirements to satisfy these limitations
What did the Chaos Report show in 1995 and 2009?
Chaos Report (1995) sampled some 300 software 84% of projects failed Chaos Report (2009) sampled some 300 software 68% of projects failed
Explain Client-Server Style
Client may connect to more than one server (servers are usually independent)
What is the Crystal Family of Methodologies?
Cockburn classified projects via: O Size (by number of developers involved) O Criticality (by losses a malfunction or defect will cause - "quality") O Priority (time pressure on the project) Alistair Cockburn introduced a family of 3 methodologies O Crystal Clear ---- for "non-critical" projects (6-8 people) O Crystal Orange ---- for "critical" projects (up to 40 people) O Crystal Orange Web - for web development
What are the 3 points of professional and ethical responsibility?
Competence Intellectual property rights Computer misuse
What is the success criteria of complex systems? 2 Points
Complex systems are developed to address problems where there cannot be a complete specification. As success cannot be objectively measured. It is judged upon effectiveness of deployed system rather than reasons for procurement.
What is software?
Computer programs and associated documentation. Software products may be developed for a particular customer or may be developed for a general market.
Who does software engineering?
Customer Developer User
What is the system boundary?
The container in which the components exist: It separates one system from others
How do we understand a system?
Decomposition - break the system down into smaller components Modularity - result of decomposition: Divides the system into more manageable pieces or modules of relatively uniform size. Coupling - subsystems are dependent on each other: Reduce coupling as much as possible Cohesion - the capacity of the subsystem to perform a single function
Dependency costs
Dependability costs tend to increase exponentially as increasing levels of dependability are required.
Fault avoidance
Development technique are used that either minimise the possibility of mistakes or trap mistakes before they result in the introduction of system faults.
Repairability (Emergent Properties)
Easy to find fix once problem discovered Dependent on ease of diagnosis and access to faulty components
Primary safety-critical systems
Embedded software systems whose failure can cause the associated hardware to fail and directly threaten people. Example is the insulin pump control system.
What is software engineering?
Engineering discipline concerned with software production.
What does Rational Unified Process (RUP) outline? and look like?
Every software development activity is "addressed" in the 4 phases of inception, elaboration, construction, and transition
Complex relationships with organisational objectives (Characteristics of Socio-technical system)
Extent a system supports organisational objectives is not simply dependent on system itself.
Reliability Achievement 3 Points
Fault avoidance Fault detection and removal Fault tolerance
An examples of client-server architecture
Film library
How can procurement decisions have an affect on system dependability?
For an off-the-shelf system, the procurer has very limited influence on security and dependability requirements of the system. For a custom system, considerable effort has to be expended in defining security and dependability requirements.
Software Architecture
Formed by output of Architectural Design.
What are the two types of Emergent property?
Functional properties Non-functional Emergent properties
What are the High level requirements categorizations?
Functional requirements 1. Statements of services the system should provide, how the system should react to particular inputs and how the system should behave in particular situations. 2. May state what the system should not do. Non-functional requirements 1. Constraints on the services or functions offered by the system such as timing constraints, constraints on the development process, standards, etc. 2. Often apply to the system as a whole rather than individual features or services. Domain requirements 1. Constraints on the system from the domain of operation
Hardware failure (Causes of system failure)
Hardware fails because of design and manufacturing errors or because components have reached the end of their natural life.
3 Causes of system failure
Hardware failure Software failure Operational failure
Influences on Reliability - 3 points (Emergent property)
Hardware reliability Software reliability Operator reliability
Risk Achievement
Hazard avoidance Hazard detection and removal Damage limitation
What 3 issues affect software development
Heterogeneity Business and social change Security and trust
Human error or mistake (Reliability terminology)
Human behavior that results in the introduction of faults into a system. For example, in the weather forecast system, a programmer might decide that the way to compute the time for the next transmission is to add 1 hour to the current time. This works except when the transmission time is between 23.00 and midnight (midnight is 00.00 in the 24-hour clock).
Reliability terminology
Human error or mistake System fault System error System failure
Why are Socio-Technical Systems non-deterministic?
Human interaction makes system behaviour unpredictable due to frequent changes to hardware, software and data.
Operational failure (Causes of system failure)
Human operators make mistakes. Now perhaps the largest single cause of system failures in socio-technical systems.
What do completeness and consistency have to do with requirements?
In principle, requirements should be both complete and consistent. In practice, it is impossible to produce a complete and consistent requirements document.
Explain RUP iterations
In-phase iteration Each phase is iterative with results developed incrementally. Cross-phase iteration As shown by the loop in the RUP model, the whole set of phases may be enacted incrementally.
How do we represent software architecture?
Informal block diagrams showing entities and relationships criticised due to lack of semantics do not show the types of relationships between entities nor the visible properties of entities in the architecture
An example of systems' output data returned as input to another system for regulation or control
Input: Switch on system Output: Increase room temperature Monitor: Room temperature Inputs: Temperature Outputs: Switch off system if temperature>=t0C Switch on system if temperature<t0C
What is a Process Model ? 4 Points
It is a description of i) what tasks need to be performed in ii) what sequence under iii) what conditions by iv) whom to achieve the "desired results."
What is Scrum Development Process? (Currently Popular)
It is an incremental and iterative development approach: Develops small "sprints," or increments (of features) in a short cycle of about 2-3 weeks. There are 3 main roles 1. Product Owner who talks to & decide with users about the content of each sprint 2. Scrum Master who runs the sprints 3. Scrum Team of about 7-8 members who develop the sprint
What is System Evolution
Large systems have a long lifetime. They must evolve to meet changing requirements.
3 Types of Critical Systems
Mission-critical systems Business-critical systems Safety-critical systems
3 Points of Model View Control (MVC)
Model = Data Handles system data and operations on data View = Presentation Defines and manages how data is presented to the user Controller = User interaction Manages events (key presses, mouse clicks, etc.) and passes these on to the view and model components
High Level Requirements Elicitation
Need to seek out business and management perceptions and goals for software project. O Business opportunity and business needs O Justification for the project O Scope
What is the effect of positive and negative feedback upon control systems?
Negative feedback is corrective: Sensor detects effect of output, returned as system input for adjustment to enable system goal Positive feedback causes system performance to continue without change
What is a prototype and how can they be used?
O A prototype is an initial version of a system used to demonstrate concepts and try out design options. A prototype can be used in: The requirements engineering process to help with requirements elicitation and validation; In design processes to explore options and develop a UI design;
Style issues - I
O Be consistent and highlight meaning O Naming Convey meaning Be consistent Warning: If you can't think of a good name chances are you don't understand or the design can be improved Multicultural issues
Why are requirements important? and why should requirements be documented?
O Clear requirements are needed for design and implementation activities. O Requirements documentation is needed to create test cases and test scenarios - - - especially for large systems where the test team is a separate group of people from the developers. O Requirements document is needed to control potential scope-creep.
How do we prioritize Requirements? subjective methods
O Current user/customer demands or needs O Competition and current market condition O Anticipated future and new customer needs O Sales advantages O Existing critical problems in current product
DEEPTAT
O Defect clustering - 80% of errors in 20% of code O Exhaustive testing is impossible O Early testing - Cheaper to fix error detected early O Pesticide Paradox - Tests may become outdated O Testing show presence of defects - Not absence O Absence of errors does not prove system is ready to release O Testing is context dependent - Subject to application type
What do functional requirements look like?
O Describe functionality or system services. O Depend on the type of software, expected users and the type of system where the software is used. O Functional user requirements may be high-level statements of what the system should do. O Functional system requirements should describe the system services in detail.
Implementation
O Implementation: transforming detailed design into valid program O Detailed design may be done as part of implementation O Faster O Less cohesive and less organized O Writing code, unit testing, debugging, configuration management
What is requirements imprecision?
O Problems arise when requirements are not precisely stated. O Ambiguous requirements may be interpreted in different ways by developers and users.
Style issues - II
O Separating words, capitalization C_uses_this_style JavaUsesThisOne O Indentation and Spacing O Function/Method size When is it too big ? When to break ? O File naming O Error prone constructs
How do we prioritize Requirements? Non Subjectively methods
O Sort by priority groups (e.g. previous chart) where the priority groups are based on some prioritization criteria list (e.g. current user needs has the highest priority) O Pair-wise comparison, normalize and compute relative value using the Analytical Hierarchical Process (AHP)
Comments
O Types: Repeat of the code Explanation of the code Marker in the code Summary of the code Description of the code intent External references O Keep up to date !!
How do we classify non-functional requirements?
Product requirements Organisational requirements External requirements
What reasons would we have to, Throw-away prototypes?
Prototypes should be discarded after development as they are not a good basis for a production system: 1. It may be impossible to tune the system to meet non-functional requirements; 2. Prototypes are normally undocumented; 3. The prototype structure is usually degraded through rapid change;
Why Have A Process Model?
Provide "guidance" for a systematic coordination and controlling of a) the tasks and of b) the personnel who perform the tasks
What are Process Activities?
Real software processes are inter-leaved sequences of technical, collaborative and managerial activities with the overall goal of specifying, designing, implementing and testing a software system.
Usability (Emergent Properties) - 2 Points
Reflects how easy to use. Depending on technical system components, operators, and operating environment.
How can a system be considered reliable and a failure 4 Points
Reliability can only be defined formally with respect to a system specification many specifications are incomplete or incorrect - hence, a system that conforms to its specification may 'fail' from the perspective of system users. Furthermore, users don't read specifications so don't know how the system is supposed to behave. Therefore perceived reliability is more important in practice.
Will removing X% faults increase X% of reliability?
Removing X% of the faults in a system will not necessarily improve the reliability by X%. A study at IBM showed that removing 60% of product defects resulted in a 3% improvement in reliability.
Other dependability Properties 4 Points
Repairability Reflects the extent to which the system can be repaired in the event of a failure Maintainability Reflects the extent to which the system can be adapted to new requirements; Survivability Reflects the extent to which the system can deliver services whilst under hostile attack; Error tolerance Reflects the extent to which user input errors can be avoided and tolerated.
View
Representation of a system structure from a particular viewpoint.
What is the Requirements engineering process?
Requirements engineering process Feasibility study Is it technically and financially feasible to build the system? Requirements elicitation and analysis What do the system stakeholders require or expect from the system? Requirements specification Defining the requirements in detail Requirements validation Checking the validity of the requirements
Organisational requirements (non-functional requirements)
Requirements which are a consequence of organisational policies and procedures e.g. process standards used, implementation requirements, etc.
External requirements (non-functional requirements)
Requirements which arise from factors which are external to the system and its development process e.g. interoperability requirements, legislative requirements, etc.
Requirements Elicitation
Requirements which may be given to and established by software engineers 1. Initial product/system requirements 2. Requirements provided as a part of a request for price quotation for a software development project 3. Have to be software engineers O Users sometimes have an understanding of only the requirements related to their specific job tasks
Product requirements (non-functional requirements)
Requirements which specify that the delivered product must behave in a particular way e.g. execution speed, reliability, etc.
Fault tolerance
Run-time techniques are used to ensure that system faults do not result in system errors and/or that system errors do not lead to system failures.
Software validation
Software checked to ensure it meets customer requirements.
Software failure (Causes of system failure)
Software fails due to errors in its specification, design or implementation.
Correctness (McCall's Quality model) description
Software is correct if it satisfies the functional requirements specifications assuming that specification exists!
Software development
Software is designed and programmed.
Software evolution
Software modified to reflect changing customer and market requirements.
List 4 Generic Software Process Activites for Complex Systems
Software specification Software development Software validation Software evolution
What are Customized products? and examples
Software that is commissioned by a specific customer to meet their own needs. Examples: embedded control systems, air traffic control software, traffic monitoring systems.
What are Generic products? and examples
Stand-alone systems that are marketed and sold to any customer who wishes to buy them Examples: PC software such as graphics programs, project management tools; CAD software
Business modelling (Rational Unified Process)
The business processes are modelled using business use cases.
The Structure of software architecture is:
Structure of the solution, comprising: 1. Major Software Elements 2. Their externally visible properties 3. Relationships among elements
Repository (DB) architecture
Sub-systems must exchange data. This may be done in two ways: 1. Shared data is held in a central database or repository and may be accessed by all sub-systems 2. Each sub-system maintains its own database and passes data explicitly to other sub-systems;
What is the difference between software engineering and system engineering?
System engineering - all computer based systems development, including hardware, software etc Software engineering is refers to mainly software development
Security (Emergent Properties) - 2 Points
System security not easily measured Some attacks may be unanticipated
Heterogeneity (Issues affecting software development)
Systems distributed across networks using different types of computer and mobile devices.
3 Reasons why dependability the most important property of a critical system?
Systems that are unreliable, unsafe or insecure are often rejected by their users. If users don't trust a system, they will refuse to use it. This may lead to further mistrust in the future. System failure costs may be enormous. For some applications, such as a reactor control system or an aircraft navigation system, the cost of system failure is orders of magnitude greater than the cost of the control system Untrustworthy systems may cause information loss. Data is very expensive to collect and maintain; it may sometimes be worth more than the computer system on which it is processed. A great deal of effort and money may have to be spent duplicating valuable data after corruption
Testing (Rational Unified Process)
Testing is an iterative process that is carried out in conjunction with implementation. System testing follows the completion of the implementation.
What is a Design Pattern example?
The Observer pattern Name Observer. Description Separates the display of object state from the object itself. Problem description Used when multiple displays of state are needed. Solution description See next slide. Consequences Optimisations to enhance display performance are impractical.
Pipe-Filter architecture style
The high level design solution is decomposed into 2 "generic" parts (filters and pipes): Filter is a service that transforms a stream of input data into a stream of output data Pipe is a mechanism or conduit through which the data flows from one filter to another
What are the two approaches of understanding human error?
The person approach The systems approach
Reliability
The probability of failure-free system operation over a specified time in a given environment for a given purpose
Availability
The probability that a system, at a point in time, will be operational and able to deliver the requested services
Define Software Speicification
The process of establishing what services are required and the constraints on the system's operation and development.
What are operational processors?
The processes involved in using the system for its defined purpose. Should be flexible to allow operators to cope with problems and periods of fluctuating workload.
What is a deterministic system?
The same output will always be produced
What is the software requirements document?
The software requirements document is the official statement of what is required of the system developers. Should include both a definition of user requirements and a specification of the system requirements. It should set of WHAT the system should do rather than HOW it should do it.
What is outside the system boundary?
The system operates in an environment which is everything outside the boundary. The environment affects and is affected by the system
Consistent (Requirements)
There should be no conflicts or contradictions in the descriptions of the system facilities.
Complete (Requirements)
They should include descriptions of all facilities required.
Configuration and change management (Rational Unified Process)
This supporting workflow managed changes to the system
Project management (Rational Unified Process)
This supporting workflow manages the system development
Environment (Rational Unified Process)
This workflow is concerned with making appropriate software tools available to the software development team.
What problems can require Event-Driven architecture ?
Those requiring real-time systems: airplane control; medical equipment monitor; home monitor; embedded device controller; game; etc.
Define System Requirements 4 Points
Three types of requirement defined at this stage 1. Abstract functional requirements. System functions are defined in an abstract way; 2. System properties. Non-functional requirements for the system in general are defined; 3.Undesirable characteristics. Unacceptable system behaviour is specified. Should also define overall organisational objectives for the system.
Volume (Emergent Properties)
Total occupied system space is dependent on how component assemblies are arranged and connected.
What is a requirement?
User requirements Statements in natural language plus diagrams of the services the system provides and its operational constraints. Written for customers. System requirements A structured document setting out detailed descriptions of the system's functions, services and operational constraints. Defines what should be implemented so may be part of a contract between client and contractor.
Fault detection and removal
Verification and validation techniques that increase the probability of detecting and correcting errors before the system goes into service are used.
What are the four Software engineering fundamentals?
Well understood and managed system development process Dependability and performance Software specification and requirements Reuse software rather than write new software.
What is an Example: Requirements Problem?
What happened? 1. Airbus A320, Warsaw 1993 2. aircraft landed on wet runway 3. aquaplaned, so brakes didn't work 4. pilot applied reverse thrust, but disabled 5. why 6. REQ: airborne ⇔ disabled 7. ASSUME not WheelPulse⇔ airborne ⇔ disabled
Are there interactions between the layers of the STS stack?
Yes, changes at one level ripple through the others
Are software systems deterministic?
Yes. As they do not include humans.
Explain Competence (ethical and professional responsibility)
You should not misrepresent competence
Explain Computer misuse (ethical and professional responsibility)
You should not use your technical skills to misuse computers. Computer misuse ranges from relatively trivial to the extremely serious
What happens at the Design and implementation stages
an executable software/system is developed
Event-Driven (Realtime)
based on an event dispatcher which manages events and the functionalities which depends on those events.
How does a system interact with the environment?
by means of inputs and outputs
What effects a system's purpose?
constraints (e.g. resources)
What is Requirement validation?
demonstrating that requirements define a system that the actually customer really wants. Error costs are high so validation is very important
Reliability (McCall's Quality model) description
informally, user can rely on it can be defined mathematically as "probability of absence of failures for a certain time period" if specs are correct, all correct software is reliable, but not vice-versa (in practice, however, specs can be incorrect ...)
Agile processes
planning is incremental and it is easier to change the process to reflect changing customer requirements.
Plan-driven processes
processes where all of the process activities are planned in advance and progress is measured against this plan.
What are interdependent systems?
systems dependent on other systems
What should happen after requirements definition is written?
they need to be reviewed by users/customers and other stakeholders.
What problems can require Pipe-Filter architecture style ?
those requiring batch file processing: e. g. payroll, compilers, month-end accounting
Why should we do testing?
to show that a program does what it is intended to do and to discover program defects before it is put into use.
How do we make building larger systems from smaller ones relatively easy?
via detailed boundary definitions