An NFR Pattern Approach to Dealing An NFR Pattern Approach to - - PowerPoint PPT Presentation

An NFR Pattern Approach to Dealing An NFR Pattern Approach to Dealing An NFR Pattern Approach to Dealing An NFR Pattern Approach to Dealing with Non with Non with Non with Non-

• Functional Requirements

Functional Requirements Functional Requirements Functional Requirements

Sam Supakkul Tom Hill Lawrence Chung

The Univ. of Texas at Dallas

Julio CSP Leite

PUC-Rio, Brazil

Thein Than Tun

The Open University, UK

Presenter: Sam Supakkul

Outline Outline Outline Outline

Motivation The Approach

NFR Patterns Pattern Organization Pattern Reuse Tool Support

Case Study Conclusion Authors:

Is it beautiful to you?

Dealing with Dealing with Dealing with Dealing with NFRs NFRs NFRs NFRs involves many concepts and involves many concepts and involves many concepts and involves many concepts and activities activities activities activities !!Aesthetic

++ Cost [softgoal] [side-effect] [alternatives] [selection] Layered shells Dome Pyramid

• [side-effect]

! Memorable

++ + ++

• ++
• ++

[criticalityl] ++ Make + Help -- Break - Hurt

Some aspects of Some aspects of Some aspects of Some aspects of NFRs NFRs NFRs NFRs are achieved by are achieved by are achieved by are achieved by mitigating known problems mitigating known problems mitigating known problems mitigating known problems !! Security of credit card info

Break-in wireless network Masquerade user login Steal credit card info

• / --

Cost ++/+/-/-- Password encryption Biometric authentication 2-factor authentication

• / --

!Trustworthiness

++ Make + Help -- Break - Hurt ++/+/-/--

Having insufficient knowledge of Having insufficient knowledge of Having insufficient knowledge of Having insufficient knowledge of Having insufficient knowledge of Having insufficient knowledge of Having insufficient knowledge of Having insufficient knowledge of NFRs NFRs NFRs NFRs NFRs NFRs NFRs NFRs can lead to can lead to can lead to can lead to can lead to can lead to can lead to can lead to dire consequences dire consequences dire consequences dire consequences dire consequences dire consequences dire consequences dire consequences (2 (2nd

nd) Biggest credit card

) Biggest credit card theft theft

45.7M credit cards stolen 45.7M credit cards stolen $20M in fraudulent transactions $20M in fraudulent transactions

TJX used security measures TJX used security measures

ID/password authentication ID/password authentication Data encryption Data encryption

• 1. Break-in wireless network
• 2. Masquerade user login
• 3. Steal credit card info

TJX unable to prevent the hacker

But TJX did not know enough But TJX did not know enough

Potential security problems Potential security problems Applicable mitigations Applicable mitigations Proper tradeoff among Proper tradeoff among NFRs NFRs

Having sufficient knowledge of Having sufficient knowledge of Having sufficient knowledge of Having sufficient knowledge of Having sufficient knowledge of Having sufficient knowledge of Having sufficient knowledge of Having sufficient knowledge of NFRs NFRs NFRs NFRs NFRs NFRs NFRs NFRs is difficult is difficult is difficult is difficult is difficult is difficult is difficult is difficult because NFR knowledge is because NFR knowledge is because NFR knowledge is because NFR knowledge is because NFR knowledge is because NFR knowledge is because NFR knowledge is because NFR knowledge is

Difficult to capture Difficult to capture

Problems, solutions, domain Problems, solutions, domain Complete, correct Complete, correct Conceptual modeling and reasoning Conceptual modeling and reasoning

Difficult to organize Difficult to organize

Cataloging knowledge Cataloging knowledge Relating similar knowledge Relating similar knowledge General General – – Specific Specific Class Class – – Instance Instance Combining knowledge Combining knowledge

Difficult to reuse Difficult to reuse

Choosing appropriate knowledge Choosing appropriate knowledge (Re (Re-

• )creating visual models

)creating visual models

This talk presents a pattern This talk presents a pattern This talk presents a pattern This talk presents a pattern-

• based approach to

based approach to based approach to based approach to capturing, organizing, and reusing NFR knowledge capturing, organizing, and reusing NFR knowledge capturing, organizing, and reusing NFR knowledge capturing, organizing, and reusing NFR knowledge

Objective pattern Objective pattern Objective pattern Objective pattern Problem pattern Problem pattern Problem pattern Problem pattern Alternatives pattern Alternatives pattern Alternatives pattern Alternatives pattern Selection pattern Selection pattern Selection pattern Selection pattern

Capturing Organizing Reusing

• Tool support

Capturing Organizing Reusing Capturing Organizing Tool support Reusing Capturing Organizing

4 kinds of NFR patterns for capturing different kinds 4 kinds of NFR patterns for capturing different kinds 4 kinds of NFR patterns for capturing different kinds 4 kinds of NFR patterns for capturing different kinds

• f NFR knowledge
• f NFR knowledge
• f NFR knowledge
• f NFR knowledge

Objective pattern Objective pattern Objective pattern Objective pattern Problem pattern Problem pattern Problem pattern Problem pattern Alternatives pattern Alternatives pattern Alternatives pattern Alternatives pattern Selection pattern Selection pattern Selection pattern Selection pattern

Capturing

An objective pattern captures a definition of an An objective pattern captures a definition of an An objective pattern captures a definition of an An objective pattern captures a definition of an NFR as a NFR as a NFR as a NFR as a softgoal softgoal softgoal softgoal (and sub (and sub (and sub (and sub-

• goals) to be achieved

goals) to be achieved goals) to be achieved goals) to be achieved

An objective pattern

Name: Name: Name: Name: Name: Name: Name: Name: FISMA Security Objectives FISMA Security Objectives Credential Credential Credential Credential Credential Credential Credential Credential Sources: Sources: US FISMA Act of 2002 US FISMA Act of 2002 Authors: Authors: Sam Supakkul Sam Supakkul Endorsements: Endorsements: Known uses: Known uses: US government agencies US government agencies Applicability Applicability Applicability Applicability Applicability Applicability Applicability Applicability (5W2H questions) (5W2H questions) Domain Domain (Who) (Who): : Government Government Topic Topic (What) (What): : Information, data Information, data Type Type (Why) (Why): : Security Security Phase Phase (When) (When): : Requirements Requirements Artifact Artifact (Where) (Where): : World World [per the WRSPM ref. model]

[per the WRSPM ref. model]

Application Application (How) (How): : Automated Automated Implication Implication (How much) (How much): : Regulation Regulation Knowledge Knowledge Knowledge Knowledge Knowledge Knowledge Knowledge Knowledge

Demo video: Demo video: Demo video: Demo video: applying an objective pattern applying an objective pattern applying an objective pattern applying an objective pattern

Tools used

The NFR Pattern Assistant (utdallas.edu/~supakkul/tools/NFRPassist) The RE-Tools (utdallas.edu/~supakkul/tools/RE-Tools)

In the catalog During the requirements engineering of a project

A problem pattern captures soft A problem pattern captures soft A problem pattern captures soft A problem pattern captures soft-

• problems or

problems or problems or problems or

• bstacles to achieving an NFR
• bstacles to achieving an NFR
• bstacles to achieving an NFR
• bstacles to achieving an NFR softgoal

softgoal softgoal softgoal A problem pattern

An alternatives pattern captures alternative means An alternatives pattern captures alternative means An alternatives pattern captures alternative means An alternatives pattern captures alternative means

• r alternative solutions with side
• r alternative solutions with side
• r alternative solutions with side
• r alternative solutions with side-
• effect information

effect information effect information effect information

An alternative-solutions pattern

• !

" #

• !

" #

• Weight-based quantitative selection

Rank Rank Rank Rank-

• based

based based based qualitative selection Weight Weight Weight Weight-

• based

based based based Selection Selection Selection Selection = = = = Highest Highest Highest Highest cumulative weight weight weight weight

weight(Fingerprint) = w(!Trust.) x w(+) + = 0.25 +

Widely used, but subjective Rank-based Selection = Best est est est cumulative ranking ranking ranking ranking

rank(Fingerprint) = r(+!Trust.) + = 7 +

Less subjective, but need a ranking scale alternatives

A selection pattern captures A selection pattern captures A selection pattern captures A selection pattern captures an application independent selection scheme an application independent selection scheme an application independent selection scheme an application independent selection scheme

Demo video: Demo video: Demo video: Demo video: applying a weight applying a weight applying a weight applying a weight-

• based selection pattern

based selection pattern based selection pattern based selection pattern

• Tools used

The NFR Pattern Assistant (utdallas.edu/~supakkul/tools/NFRPassist) The RE-Tools (utdallas.edu/~supakkul/tools/RE-Tools)

Before After

Patterns may be organized along the Patterns may be organized along the Patterns may be organized along the Patterns may be organized along the generalization, aggregation, and classification dim. generalization, aggregation, and classification dim. generalization, aggregation, and classification dim. generalization, aggregation, and classification dim.

Objective pattern Objective pattern Objective pattern Objective pattern Problem pattern Problem pattern Problem pattern Problem pattern Alternatives pattern Alternatives pattern Alternatives pattern Alternatives pattern Selection pattern Selection pattern Selection pattern Selection pattern

Capturing Organizing Reusing

• Tool support

Capturing Organizing Reusing Capturing Organizing Tool support Reusing Capturing Organizing

A specialized pattern captures more specific A specialized pattern captures more specific A specialized pattern captures more specific A specialized pattern captures more specific knowledge than that of the generalized pattern knowledge than that of the generalized pattern knowledge than that of the generalized pattern knowledge than that of the generalized pattern

" " " "

• $

%$

" " "

• P1 specializes P2

Generalization Aggregation Classification

[Payment Card Industry] [US FISMA Law]

The specialized pattern is more specific The specialized pattern is more specific The specialized pattern is more specific The specialized pattern is more specific in breadth or in depth in breadth or in depth in breadth or in depth in breadth or in depth

Payment Card Industry (PCI): Payment Card Industry (PCI): Security = Confidentiality Security = Confidentiality US Law: US Law: Security = Confidentiality, Integrity, Avail. Security = Confidentiality, Integrity, Avail. PCI concerned with PCI concerned with Accountability beyond Privacy Accountability beyond Privacy

" "

• $

%$

• More specific in breadth

More specific in breadth More specific in breadth More specific in breadth More specific in breadth More specific in breadth More specific in breadth More specific in breadth More specific in depth More specific in depth More specific in depth More specific in depth More specific in depth More specific in depth More specific in depth More specific in depth

Generalization Aggregation Classification

P2 P1 P2 P1

A composite pattern assembles smaller patterns to A composite pattern assembles smaller patterns to A composite pattern assembles smaller patterns to A composite pattern assembles smaller patterns to capture a larger chunk of related knowledge capture a larger chunk of related knowledge capture a larger chunk of related knowledge capture a larger chunk of related knowledge

• P1 combines P2,P3,P4

where P2 succeeds P3 and P3 succeeds P4

Generalization Aggregation Classification

A pattern can be used as a template to A pattern can be used as a template to A pattern can be used as a template to A pattern can be used as a template to instantiate occurrence patterns instantiate occurrence patterns instantiate occurrence patterns instantiate occurrence patterns

B1 is a binding specification O1 is a specialization of M1 or O1 is sub-goal of M1 w.r.t. reference model R1

Generalization Aggregation Classification

Dealing with NFR knowledge is defined by 5 Dealing with NFR knowledge is defined by 5 Dealing with NFR knowledge is defined by 5 Dealing with NFR knowledge is defined by 5

• perations
• perations
• perations
• perations

Objective pattern Objective pattern Objective pattern Objective pattern Problem pattern Problem pattern Problem pattern Problem pattern Alternatives pattern Alternatives pattern Alternatives pattern Alternatives pattern Selection pattern Selection pattern Selection pattern Selection pattern

Capturing Organizing Reusing

• Tool support

Capturing Organizing Reusing Capturing Organizing Tool support Reusing Capturing Organizing

An action An action An action An action-

• oriented perspective
• riented perspective
• riented perspective
• riented perspective

Credentials

Authors Sources Endorsements Known Uses

Applicability

Who What Why When Where How How much

Source Model Target Model patternize apply compose Refinement Rules

Pattern Pattern Pattern Pattern

• perations
• perations
• perations
• perations

Example Example Example Example

We define 25 refinement rules for tool support We define 25 refinement rules for tool support We define 25 refinement rules for tool support We define 25 refinement rules for tool support

2 for Objective, 8 for Problem, 10 for Alternatives, 5 for Selec 2 for Objective, 8 for Problem, 10 for Alternatives, 5 for Selec 2 for Objective, 8 for Problem, 10 for Alternatives, 5 for Selec 2 for Objective, 8 for Problem, 10 for Alternatives, 5 for Selection tion tion tion

Objective pattern Objective pattern Objective pattern Objective pattern Problem pattern Problem pattern Problem pattern Problem pattern Alternatives pattern Alternatives pattern Alternatives pattern Alternatives pattern Selection pattern Selection pattern Selection pattern Selection pattern

Capturing Organizing Reusing

• Tool support

Capturing Organizing Reusing Capturing Organizing Tool support Reusing Capturing Organizing

Refinement rules are extracted by Refinement rules are extracted by Refinement rules are extracted by Refinement rules are extracted by patternize patternize patternize patternize and used for model transformation by and used for model transformation by and used for model transformation by and used for model transformation by apply apply apply apply

Security

Security Confidentiality Integrity Availability Privacy Proprietary Authenticity Non-repudiation Timeliness Reliability

Transform

Before After

succeed succeed succeed

Security Security Confidentiality Integrity Availability Confidentiality Privacy Proprietary Confidentiality Integrity Authenticity Non-repudiation Integrity Availability Timeliness Reliability Availability

Before After Before After Before After Before After

NFRDecomposition Refinement rule Extracted rule graph

Target M Target M

The The The The The The The The NFR Pattern Assistant NFR Pattern Assistant NFR Pattern Assistant NFR Pattern Assistant NFR Pattern Assistant NFR Pattern Assistant NFR Pattern Assistant NFR Pattern Assistant for pattern support for pattern support for pattern support for pattern support for pattern support for pattern support for pattern support for pattern support The The The The The The The The RE RE RE RE RE RE RE RE-

• Tools

Tools Tools Tools Tools Tools Tools Tools for knowledge modeling for knowledge modeling for knowledge modeling for knowledge modeling for knowledge modeling for knowledge modeling for knowledge modeling for knowledge modeling

capturing

• rganizing

reusing

&'( ) *

• !"##$

utdallas.edu/~supakkul/tools/RE-Tools utdallas.edu/~supakkul/tools/NFRPassist

…

(TBD)

The i* Framework The i* Framework The i* Framework The i* Framework KAOS KAOS KAOS KAOS Problem Frames Problem Frames Problem Frames Problem Frames The NFR Framework The NFR Framework The NFR Framework The NFR Framework UML UML UML UML

The approach and the tools have been applied The approach and the tools have been applied The approach and the tools have been applied The approach and the tools have been applied The approach and the tools have been applied The approach and the tools have been applied The approach and the tools have been applied The approach and the tools have been applied to the TJX case to the TJX case to the TJX case to the TJX case to the TJX case to the TJX case to the TJX case to the TJX case

Build for reuse 1 composite, 5 primitive Build with reuse Sample results Break-in wireless network Masquerading user login Steal credit card info for capture reuse reuse knowledge from TJX in a different project

Limitations (future work) Limitations (future work) Limitations (future work) Limitations (future work)

Tool/usability related

Model elements not captured with the original position Pattern search and selection are currently manual Some knowledge not captured (need 2 more rules) Need to support more FRs and NFRs integrated knowledge Limited concurrently pattern sharing across groups

Approach related

Costly and time-consuming to learn the notation and the tool Need more case studies Need to support dealing with NFRs during architecture/design

Summary: The difficulty of capturing, organizing, reusing of Summary: The difficulty of capturing, organizing, reusing of Summary: The difficulty of capturing, organizing, reusing of Summary: The difficulty of capturing, organizing, reusing of NFR knowledge can be alleviated by the approach NFR knowledge can be alleviated by the approach NFR knowledge can be alleviated by the approach NFR knowledge can be alleviated by the approach Difficult to capture Difficult to capture

Problems, solutions, domain Problems, solutions, domain Complete, correct Complete, correct Conceptual modeling and reasoning Conceptual modeling and reasoning

Difficult to organize Difficult to organize

Cataloging knowledge Cataloging knowledge Relating similar knowledge Relating similar knowledge General General – – Specific Specific Class Class – – Instance Instance Combining knowledge Combining knowledge

Difficult to reuse Difficult to reuse

Choosing appropriate knowledge Choosing appropriate knowledge Re Re-

• creating visual models

creating visual models

Objective, problem, alternatives, selection patterns Credentials Captured softgoal graphs By name, type, applicability Specialization, composition, instantiation Applicability info Refinement rules, tool support Features in the approach Features in the approach Features in the approach Features in the approach

Thank you Questions & Comments?

Objective pattern Objective pattern Objective pattern Objective pattern Problem pattern Problem pattern Problem pattern Problem pattern Alternatives pattern Alternatives pattern Alternatives pattern Alternatives pattern Selection pattern Selection pattern Selection pattern Selection pattern

Capturing Organizing Reusing

• Tool support

Capturing Organizing Reusing Capturing Organizing Tool support Reusing Capturing Organizing