Identifying Trustworthiness Deficit in Legacy Systems Using the NFR Approach

Trustworthiness is an important emerging requirement for software systems deployed by the U. S. Air Force. Trustworthiness, briefly stated, is the ability of a software system to be safe, secure, and reliable under a normal operating environment. However, most software systems have not been developed with trustworthiness in mind. Therefore, how do we systematically identify deficit in trustworthiness in existing systems so that they may be re-engineered with trustworthiness as a priority? The Non-Functional Requirements (NFR) Approach provides a framework for identifying gaps in trustworthiness in existing systems and recommending mechanisms to overcome this “shortfall” in re-engineered systems. In this project we applied the NFR Approach, as a case study to the middleware system called Phoenix used by the Air Force and determined an 89% shortfall in trustworthiness. The advantages of identifying this deficit include determination of trustworthiness in current systems, exploring environments in which current systems may be (re)used, and prioritizing trustworthiness requirements when these legacy systems are re-engineered. Identifying Trustworthiness Deficit in Legacy Systems Using the NFR Approach portability, or maintainability, which together ensure non-interference with the normal operation of the system. The NFR Approach [5, 6], where NFR stands for Non-Functional Requirements, provides a framework for systematically analyzing NFRs such as trustworthiness and decomposing it further to capture other NFRs like reliability, safety, portability, etc. The NFR Approach provides the ability to accommodate alternate definitions of trustworthiness as well as provides a rationalization process that allows one to evaluate the extent to which trustworthiness is achieved by a system. More importantly, the NFR Approach helps to identify gaps in trustworthiness requirements. By understanding the extent of “shortfall” of trustworthiness, one is better prepared to identify solutions necessary to make that system trustworthy for a specified time-scale. In this paper we apply the NFR Approach to a selected software system and identify the trustworthiness deficit in the system. For this purpose we first obtain the definition of trustworthiness for this system from its stakeholders and convert the definitions into a Softgoal Interdependency Graph, an artifact used by the NFR Approach for reasoning about NFRs, which are treated as softgoals in the system. Then the designs for the selected software system are evaluated against trustworthiness definitions using the propagation rules of the NFR Approach. This evaluation will identify deficit in trustworthiness and will permit analysis on how this deficit needs to be overcome. This analysis will help identify adaptations that are needed to make the selected software system function in a trustworthy environment. These adaptations can be stated in terms of design modifications and/or implementation mechanisms (for example, wrappers) that will help the system be used for a specific timeperiod in a trustworthy environment. This problem considered is explained by Figure 1: legacy system fulfills primarily its requirements and, mostly by accident, some trustworthy requirements that represent the existing trust in the legacy system. The trustworthy system includes the requirements for trustworthiness that represent the total expected trust as well as the re-engineering requirements for the legacy system. The difference between the total expected trust and the existing trust is the trustworthiness deficit in the legacy system. The legacy system we used as a case study is the Phoenix middleware system used by the Air Force we identified the trustworthiness deficit in Phoenix by using the NFR Approach and developed a process for applying this approach to other software systems. Our study identified an 89% shortfall in trustworthiness in the existing Phoenix system. This paper was presented at the Software Technology Conference held in Salt Lake City, Utah, in April 2013 [7] and was well received by the audience.