intTypePromotion=1
zunia.vn Tuyển sinh 2024 dành cho Gen-Z zunia.vn zunia.vn
ADSENSE
 » 
 » 

Chương 9: Modeling What Could Go Wrong: Risk Analysis on Goal Models

Chia sẻ: Võ Hoàng Nhật Khánh | Ngày: | Loại File: PPT | Số trang:39

Thêm vào BST
Báo xấu
75
lượt xem 5
download
 
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Completeness is highly desirable for missioncritical goals, Obstacle analysis may help elicit relevant domain properties...

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Chương 9: Modeling What Could Go Wrong: Risk Analysis on Goal Models

  1. Building System Models for RE Chapter 9 Modeling What Could Go Wrong: Risk Analysis on Goal Models www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons
  2. Building models for RE Chap.8:  Goals Chap.9:  Risks why ? how ? Chap.10: Conceptual objects Chap.11: Agents who ? on what? www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 2
  3. Risk analysis as seen in Chapter 3 Risk =  uncertain factor whose occurrence may result in loss of                 satisfaction of corresponding objective – has likelihood & consequences (each having likelihood, severity) Poor risk management is a major cause of software failure  Early risk analysis at RE time:  Risk Risk Risk control identification assessment checklists, qualitative,  explore countermeasures  component inspection, (tactics), quantitative  risk trees select best as new reqs www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 3
  4. Risk analysis can be anchored on goal models www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 4
  5. Risk analysis on goal models:  outline Goal obstruction by obstacles  – What are obstacles? – Completeness of a set of obstacles – Obstacle categories Modeling obstacles  – Obstacle diagrams – Obstacle refinement – Bottom­up propagation of obstructions in goal AND­refinements – Annotating obstacle diagrams Obstacle analysis for a more robust goal model  – Identifying obstacles – Evaluating obstacles – Resolving obstacles in a modified goal model www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 5
  6. What are obstacles ? Motivation:  goals in refinement graph are often too ideal,                             likely to be violated under abnormal conditions                 (unintentional or intentional agent behaviors) Obstacle =  condition on system for violation of                                 corresponding assertion  (generally a goal) • {O, Dom } |= not G obstruction • {O, Dom } |≠ false domain consistency • O can be satisfied by some system behavior      feasibility e.g.  G: TrainStoppedAtBlockSignal If StopSignal If Dom: If TrainStopsAtStopSignal then DriverResponsive If then O: DriverUnresponsive For behavioral goal:  existential property capturing                                         unadmissible behavior (negative scenario) www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 6
  7. Completeness of a set of obstacles Ideally, a set of obstacles to G should be complete      {not O1,..., not On, Dom } |= G domain completeness e.g.  If not DriverUnresponsive and not BrakeSystemDown and StopSignal If not and not and then TrainStoppedAtBlockSignal then Completeness is highly desirable for mission­critical goals ...  ... but bounded by what we know about the domain !  Obstacle analysis may help elicit relevant domain properties  www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 7
  8. Obstacle categories for heuristic identification Correspond to goal categories & their refinement ... Hazard obstacles obstruct Safety goals  Threat obstacles obstruct Security goals  – Disclosure, Corruption, DenialOfService, ... Inaccuracy obstacles obstruct Accuracy goals  Misinformation obstacles obstruct Information goals  – NonInformation, WrongInformation, TooLateInformation, ... Dissatisfaction obstacles obstruct Satisfaction goals  – NonSatisfaction, PartialSatisfaction, TooLateSatisfaction, ... Unusability obstacles obstruct Usability goals  Goal ... Functional goal Non-functional goal  Satis faction Inform ation Stim -Respons e Quality of service Com pliance Architectural Developm ent Accuracy Maintainability Safety Security Reliability Performance Interface Installation Distribution Cost Deadline Variability Cos t User Device Software C o n f i d e n t ia l i t y Integrity Availability Tim e Space interaction interaction interoperability Us a b i l i t y Convenience www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 8
  9. Risk analysis on goal models:  outline Goal obstruction by obstacles  – What are obstacles? – Completeness of a set of obstacles – Obstacle categories Modeling obstacles  – Obstacle diagrams – Obstacle refinement – Bottom­up propagation of obstructions in goal AND­refinements – Annotating obstacle diagrams Obstacle analysis for a more robust goal model  – Identifying obstacles – Evaluating obstacles – Resolving obstacles in a modified goal model www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 9
  10. Obstacle diagrams as AND/OR refinement trees Anchored on leafgoals in goal model  (unlike risk trees)  – root =  not G – obstacle AND­refinement, OR­refinement: same semantics as goals – leaf obstacles: feasibility, likelihood, resolution easier to determine TrainStoppedAtBlockEntry If StopSignal obstruction r oot obstacle StopSignal And Not TrainStoppedAtBlockEntry O R-refinement … obstacle Signal NotVisible DriverUnresponsive BrakeSystemDown r esolution countermeasure goal ResponsivenessCheck SentRegularly www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 10
  11. Obstacle diagrams as AND/OR refinement trees  (2) MobilizedAmbulance AtIncidentInTime MobilizedAmbulance Not AtIncidentInTime … AmbulanceStopped AmbulanceLost TrafficDeviation AND-refinement … AmbulanceCrew In-carGPS NotInFamiliarArea NotWorking www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 11
  12. Obstacle refinement AND­refinement of obstacle O should be ...  – complete:     {subO1,..., subOn, Dom } |= O – consistent:   {subO1,..., subOn, Dom } |≠ false – minimal:        {subO1,..., subOj-1, subOj+1 , ..., subOn, Dom } |= O OR­refinement of obstacle O should be ...  – entailments:            {subOi, Dom } |= O – domain­consistent:  {subOi, Dom } |≠ false – domain­complete:    {not subO1,..., not subOn, Dom } |= not O – disjoint:                  {subOi, subOj, Dom } |= false If subOi OR­refines O  and  O obstructs G                         then subOi obstructs G   www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 12
  13. Obstructions propagate bottom­up  in goal AND­refinement trees Cf. De Morgan’s law:  not (G1 and G2)  equivalent to  not G1 or not G2  not G G propagated ob struction G1 G2 not G1 not G2 =>  Severity of consequences of an obstacle can be assessed                  in terms of higher­level goals obstructed www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 13
  14. Annotating obstacle diagrams DriverUnresponsive annotation Obstacle DriverUnresponsive precise definition Def Situation of a train driver failing to react to a command and take appropriate action according to that command [ FormalSpec ... in temporal logic for analysis, not in this chapter ... ] not       [ Category Hazard ]   [ Likelihood likely ]   [ Criticality catastrophic] features www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 14
  15. Risk analysis on goal models:  outline Goal obstruction by obstacles  – What are obstacles? – Completeness of a set of obstacles – Obstacle categories Modeling obstacles  – Obstacle diagrams – Obstacle refinement – Bottom­up propagation of obstructions in goal AND­refinements – Annotating obstacle diagrams Obstacle analysis for a more robust goal model  – Identifying obstacles – Evaluating obstacles – Resolving obstacles in a modified goal model www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 15
  16. Obstacle analysis for  increased system robustness Anticipate obstacles ...  ⇒ more realistic goals,          new goals as countermeasures to abnormal conditions ⇒  more complete, realistic goal model Obstacle analysis:        For selected goals in the goal model ... – identify as many obstacles to it as possible; – assess their likelihood & severity;  – resolve them according to likelihood & severity                  => new goals as countermeasures in the goal model www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 16
  17. Obstacle analysis and goal model elaboration are  intertwined data dependency Goal model elaboration Obstacle Obstacle Obstacle assessment identification resolution Goal­obstacle analysis loop terminates when remaining obstacles can be tolerated  – unlikely or acceptable consequences Which goals to consider in the goal model?  – leafgoals (requirements or expectations):  easier to refine what is wanted than what is not  wanted  (+ up­propagation in goal model) – based on annotated Priority & Category (Hazard, Security, ...) www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 17
  18. Identifying obstacles For obstacle to selected assertion G                              (goal, hypothesis, suspect dom prop) ...  negate G;        {=> root obstacle}  find AND/OR refinements of not G in view of valid domain properties ...     {according to desired extensiveness} ... until reaching obstruction preconditions whose feasibility, likelihood,   severity, resolvability is easy to assess =  goal­anchored construction of risk­tree Obstacle Obstacle Obstacle identification assessment resolution www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 18
  19. Identifying obstacles:  tautology­based refinement Goal negation as root =>  use tautologies to drive refinements  e.g.  not (A and B)  amounts  to  not A or not B and or not  not (A or B)  amounts  to  not A and not B or and not  not (if A then B)  amounts  to  A and not B then and not  not (A iff B)  amounts  to  (A and not B) or (not A and B) iff and not or and  =>  complete OR­refinements when or­connective gets in www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 19
  20. Identifying obstacles by tautology­based refinement MotorReversed Iff MovingOnRunway MovingOnRunway MotorReversed Iff WheelsTurning Iff WheelsTurning www.wileyeurope .com/college/van lamsweerde Chap.9: Risk Analysis on Goal Models © 2009 John Wiley and Sons 20
ADSENSE

CÓ THỂ BẠN MUỐN DOWNLOAD

THÔNG TIN
TRỢ GIÚP
HỖ TRỢ KHÁCH HÀNG
Theo dõi chúng tôi

Chịu trách nhiệm nội dung:

Nguyễn Công Hà - Giám đốc Công ty TNHH TÀI LIỆU TRỰC TUYẾN VI NA

LIÊN HỆ

Địa chỉ: P402, 54A Nơ Trang Long, Phường 14, Q.Bình Thạnh, TP.HCM

Hotline: 093 303 0098

Email: support@tailieu.vn

Giấy phép Mạng Xã Hội số: 670/GP-BTTTT cấp ngày 30/11/2015 Copyright © 2022-2032 TaiLieu.VN. All rights reserved.

 

Đồng bộ tài khoản
2=>2