Identifying Trustworthiness Deficit in Legacy Systems Using the NFR Approach
نویسنده
چکیده
Trustworthiness is an important emerging requirement for software systems deployed by the U. S. Air Force. Trustworthiness, briefly stated, is the ability of a software system to be safe, secure, and reliable under a normal operating environment. However, most software systems have not been developed with trustworthiness in mind. Therefore, how do we systematically identify deficit in trustworthiness in existing systems so that they may be re-engineered with trustworthiness as a priority? The Non-Functional Requirements (NFR) Approach provides a framework for identifying gaps in trustworthiness in existing systems and recommending mechanisms to overcome this “shortfall” in re-engineered systems. In this project we applied the NFR Approach, as a case study to the middleware system called Phoenix used by the Air Force and determined an 89% shortfall in trustworthiness. The advantages of identifying this deficit include determination of trustworthiness in current systems, exploring environments in which current systems may be (re)used, and prioritizing trustworthiness requirements when these legacy systems are re-engineered. Identifying Trustworthiness Deficit in Legacy Systems Using the NFR Approach portability, or maintainability, which together ensure non-interference with the normal operation of the system. The NFR Approach [5, 6], where NFR stands for Non-Functional Requirements, provides a framework for systematically analyzing NFRs such as trustworthiness and decomposing it further to capture other NFRs like reliability, safety, portability, etc. The NFR Approach provides the ability to accommodate alternate definitions of trustworthiness as well as provides a rationalization process that allows one to evaluate the extent to which trustworthiness is achieved by a system. More importantly, the NFR Approach helps to identify gaps in trustworthiness requirements. By understanding the extent of “shortfall” of trustworthiness, one is better prepared to identify solutions necessary to make that system trustworthy for a specified time-scale. In this paper we apply the NFR Approach to a selected software system and identify the trustworthiness deficit in the system. For this purpose we first obtain the definition of trustworthiness for this system from its stakeholders and convert the definitions into a Softgoal Interdependency Graph, an artifact used by the NFR Approach for reasoning about NFRs, which are treated as softgoals in the system. Then the designs for the selected software system are evaluated against trustworthiness definitions using the propagation rules of the NFR Approach. This evaluation will identify deficit in trustworthiness and will permit analysis on how this deficit needs to be overcome. This analysis will help identify adaptations that are needed to make the selected software system function in a trustworthy environment. These adaptations can be stated in terms of design modifications and/or implementation mechanisms (for example, wrappers) that will help the system be used for a specific timeperiod in a trustworthy environment. This problem considered is explained by Figure 1: legacy system fulfills primarily its requirements and, mostly by accident, some trustworthy requirements that represent the existing trust in the legacy system. The trustworthy system includes the requirements for trustworthiness that represent the total expected trust as well as the re-engineering requirements for the legacy system. The difference between the total expected trust and the existing trust is the trustworthiness deficit in the legacy system. The legacy system we used as a case study is the Phoenix middleware system used by the Air Force we identified the trustworthiness deficit in Phoenix by using the NFR Approach and developed a process for applying this approach to other software systems. Our study identified an 89% shortfall in trustworthiness in the existing Phoenix system. This paper was presented at the Software Technology Conference held in Salt Lake City, Utah, in April 2013 [7] and was well received by the audience.
منابع مشابه
Elicitation and Modeling Non-Functional Requirements - A POS Case Study
Proper management of requirements is crucial to successful development software within limited time and cost. Nonfunctional requirements (NFR) are one of the key criteria to derive a comparison among various software systems. In most of software development NFR have be specified as an additional requirement of software. NFRs such as performance, reliability, maintainability, security, accuracy ...
متن کاملQuality-driven software re-engineering
Software re-engineering consists of a set of activities intended to restructure a legacy system to a new target system that conforms with hard and soft quality constraints (or non-functional requirements, NFR). This paper presents a framework that allows specific NFR such as performance and maintainability to guide the re-engineering process. Such requirements for the migrant system are modeled...
متن کاملFunctional Requirements of the Pharmacy Information Systems from the Pharmacists' Perspective: A Qualitative Approach
Introduction: In the field of studying information systems, qualitative approach is one of the ways to extract the system requirements from the perspective of the users. Therefore, this study was performed to identify the functional requirements of the pharmacy information system from the perspective of the pharmacists using a qualitative approach. Method: This qualitative study was performed u...
متن کاملDisTriB: Distributed Trust Management Model Based on Gossip Learning and Bayesian Networks in Collaborative Computing Systems
The interactions among peers in Peer-to-Peer systems as a distributed collaborative system are based on asynchronous and unreliable communications. Trust is an essential and facilitating component in these interactions specially in such uncertain environments. Various attacks are possible due to large-scale nature and openness of these systems that affects the trust. Peers has not enough inform...
متن کاملDisTriB: Distributed Trust Management Model Based on Gossip Learning and Bayesian Networks in Collaborative Computing Systems
The interactions among peers in Peer-to-Peer systems as a distributed collaborative system are based on asynchronous and unreliable communications. Trust is an essential and facilitating component in these interactions specially in such uncertain environments. Various attacks are possible due to large-scale nature and openness of these systems that affects the trust. Peers has not enough inform...
متن کامل