1 / 26

The Design of Complex Software-Intensive Systems

The Design of Complex Software-Intensive Systems. A Quest for Intellectual Control. Alan R. Hevner – University of South Florida Richard C. Linger – CERT Software Engineering Institute Carnegie Mellon University. England: 11th Century.

devaki
Télécharger la présentation

The Design of Complex Software-Intensive Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Design of Complex Software-Intensive Systems A Quest for Intellectual Control Alan R. Hevner – University of South Florida Richard C. Linger – CERT Software Engineering Institute Carnegie Mellon University Synergy of SW Architecture, Process, and Organization

  2. England: 11th Century • Norman conquerors conduct census to determine what they have won • Results never added up, despite the intent to produce a sum • Best minds were overwhelmed by the complexity of adding up so many Roman numerals! • If done in decimal arithmetic and place notation, any child could have performed the addition • Lesson: The right foundations • Transform the problem space • Sweep away complexities • Enable new human capabilities Synergy of SW Architecture, Process, and Organization

  3. 21st Century World • Overwhelming network system complexities: • Systems-of-systems integration • Unknown boundaries and components • Compositions of stovepipe systems • Pervasive asynchronous operations • Survivability an urgent priority • Approach • Mathematical semantics first, engineering practices later • Develop engineering foundations that address system realities • Limit complexity and improve survivability with practical engineering methods Synergy of SW Architecture, Process, and Organization

  4. Network System Complexities Future Combat System: Other Layered Sensors UAVs Network Centric Force Robotic Sensors Mission C4I Robotic Direct Fire Robotic NLOS Fire • Distributed platforms • A system of systems • 100s of nodes and users • Nodes and usage evolve Manned C2 Synergy of SW Architecture, Process, and Organization

  5. Complexity’s Burden • Development of large-scale network systems frequently exceeds our engineering capabilities • We experience difficulty defining the systems we have, and the systems we need • Intellectual control is lost when complexity exceeds human reasoning capabilities • Result is frustration and delay that impacts mission capability and survivability Synergy of SW Architecture, Process, and Organization

  6. Issues in Network Systems • Survivability improvement requires • Knowing usage dependencies in all situations • Preparing for compromises in all situations • Defining system actions for every situation • Complexity reduction requires • New approach for human intellectual control • Foundations based on deep simplicities • Practical engineering methods • Complexity and survivability are deeply related Synergy of SW Architecture, Process, and Organization

  7. Three Key Questions • In a world of large-scale, asynchronous network systems with dynamic function and structure … • What are the unifying engineering foundations for system analysis, specification, design, implementation, and verification? • How should quality attributes such as survivability, reliability, and performance be specified, managed, and achieved? • What architecture frameworks can simplify system development and operation? Synergy of SW Architecture, Process, and Organization

  8. Three Engineering Concepts • Flow Structures - User task flows and their architecture flows of service uses are engineering anchors for analysis, specification, and design of functionality and quality attributes • Computational Quality Attributes - Quality attributes can be specified as dynamic functional properties to be computed, not as static, a priori predictions • Dynamic Flow Management - User task flow designs support architecture templates that manage flows and their quality attributes in execution Synergy of SW Architecture, Process, and Organization

  9. Foundations: First-Class Artifacts • Flows • Defines mission, user functions and quality attributes, refines into service uses • Services • Provides functionality and quality attributes, refines into flows • Quality Attributes • Attribute requirements attached to flows, service attribute matches computed dynamically Synergy of SW Architecture, Process, and Organization

  10. Foundations: Theorems • Structure Theorem • Guarantees sufficiency of flow structure primitives • Abstraction/Refinement Theorem • Guarantees correctness of mathematical semantics • Verification Theorem • Defines conditions for ensuring flow correctness • Implementation Theorem • Defines conditions to express a function as a flow • System Testing Theorem • Shows how to derive usage from flows for testing Synergy of SW Architecture, Process, and Organization

  11. Flow Structure Concepts Flows traverse a network architecture to satisfy mission requirements Systems Users Enterprise Architecture flow of service uses User task flow Architecture flow of service uses User task flow Enterprise mission Enterprise mission is embodied in user task flows of operations and decisions in system usage Architecture flow of service uses User task flow Architecture flow refinements of user task flows define uses of system services that provide function and quality attributes Gas purchase flow: customer credit database land telecom land telecom credit card company gas pump satellite telecom system 1 system 2 system 3 system 4 system 5 Synergy of SW Architecture, Process, and Organization

  12. Flow Structure Semantics • Service invocations in Flow Structures are specified by service response (R*) semantics • Semantics are response-based, not intention-based – a natural fit with COTS and components • Service invocations are composed with post-fix predicates on equivalence classes over all possible responses • Logic of a flow accounts for all possible circumstances of use, each flow is a self-contained and complete entity • R* semantics permit deterministic flow abstraction, refinement, and verification for human understanding, even though services are engaged in simultaneous asynchronous uses Synergy of SW Architecture, Process, and Organization

  13. Transitive Dependencies in Flows Primary Flow: Mission Control Robotic Direct Fire Network Centric Force UAV Sensor Data Flow: Target Attack Flow: Fire Control Flow: … … … … … … … run sensor data flow run check target flow run check sensor flow n y n y resp? valid? n y OK? … n y … n y valid? store sensor data … range? … … compute target data fire on target … Transitivity analysis reveals precise dependencies from mission down to code, and defines impact of changes run fire control flow … Synergy of SW Architecture, Process, and Organization …

  14. Network-Centric Capability Integration FlowSets can manage complexity in the Future Combat System: Other Layered Sensors FlowSet: Preparation Deployment C3 Retrieval Safing Maintenance … FlowSet: Preparation Launch C3 Retrieval Maintenance … FlowSet: Preparation Launch C3 Maintenance .. UAVs FlowSet: Mission Def’n Sensor Integration C4I Fire Integration Damage Assmt … Network Centric Force Robotic Sensors FlowSet: Preparation Deployment C3 Retrieval Safing Maintenance … FlowSet: Preparation Deployment C3 Retrieval Safing Maintenance … Robotic Direct Fire Robotic NLOS Fire FlowSet: Preparation Deployment C3 Maintenance … Flow Structures define capabilities and networks, link stovepipes, define compositions of services, support centralized and distributed control • Distributed platforms • System-of-systems • 100s of nodes and users • Nodes and usage change/evolve Manned C2 Synergy of SW Architecture, Process, and Organization

  15. Analysis: From Systems to Flows Existing network architecture Pervasive asynchronous behavior Response-based semantics for shared services gives flows deterministic properties for understanding and abstraction flow 1 mission task 1 flow 3 mission task 3 mission task 2 flow 2 Flows reveal survivability dependencies for resistance, recognition, and recovery analysis and improvement Synergy of SW Architecture, Process, and Organization

  16. Design: From Flows to Systems • User task flow design • Flow Structures of mission tasks can be designed and verified at multiple levels of refinement • Network behavior specification • A network system specification is the set of flows of its service uses • Component service specification • The specification of each service in a network system incorporates all its uses in all flows where it appears Synergy of SW Architecture, Process, and Organization

  17. Management: Flows from Start to End • Manage Flow Structures as first-class artifacts in • Acquisition • Development • Testing • Operation • Evolution • System implementation and operation must satisfy Flow Structure functions and quality attributes Synergy of SW Architecture, Process, and Organization

  18. Flow Structures and System Testing • Flows define system usage • Usage models can be derived from flows and probabilities of their use • Flow-derived usage models can drive statistical testing for certification of fitness for use • Flows can serve as oracles for test evaluation Synergy of SW Architecture, Process, and Organization

  19. Computational Quality Attributes • Quality attributes – survivability, reliability, ... • Associate attribute requirements with flows and service specifications, not with entire systems • Computational approach • Move beyond static, a priori estimates • Treat attributes as functions to compute • Dynamic matching of flow attribute requirements with service attribute capabilities Synergy of SW Architecture, Process, and Organization

  20. Computational Quality Attributes • Attribute model • Computable function: • (service usage history  attribute value) • Probabilistic attribute values • 0 and 1 are probabilities too • Unifies treatment of many attributes • Function approach • Characterizes attribute capabilities of services • Reveals departures from history for analysis Synergy of SW Architecture, Process, and Organization

  21. FSQ Architecture Templates • Foundations • Canonical FSQ architecture templates specify management of Flow Structures through dynamic feedback control • Engineering usage • Architecture implementation reconciles Flow Structure functions and quality attribute specifications with dynamic service function and quality, to control flow execution and satisfy quality specifications Synergy of SW Architecture, Process, and Organization

  22. FSQ Complexity Reduction • Flows unify, enable human reasoning in network systems • Same structures for acquisition, development, operation • Flows are expressed in a few simple structures • Flows are simply abstracted, refined, and verified • Flows seamlessly refine missions into architecture services • Flows are scale-free and recursive • Flows specify all required behavior and quality attributes • Flow transitivity reveals dependencies, impact of changes • Flows define logical topology and service specifications • Flows as built can be verified against flows as specified • FSQ architecture templates unify flow management • Flows prescribe system testing requirements Synergy of SW Architecture, Process, and Organization

  23. FSQ Survivability Analysis • Flows extracted from existing systems reveal mission survivability dependencies on essential services • Transitivity analysis of extracted flows reveals cascade service dependencies that impact survivability • Intrusion flows reveal compromisible services • Flows require definition of, and actions in, all possible circumstances of use for survivability • Flow dependencies focus survivability improvements Synergy of SW Architecture, Process, and Organization

  24. FSQ Observations • FSQ supports complexity reduction and survivability improvement in development and operation of large-scale network systems composed of any mix of newly developed and COTS/ESP components. • FSQ provides systematic, scale-free semantic structures for requirements, specification, design, verification, implementation, and maintenance. • FSQ supports seamless decomposition from user flows, services, and quality attribute requirements to flow structures, services, and quality attribute implementations, with intrinsic traceability. • User flows of services and quality attributes permit system development in terms of user views of services, as opposed to strictly functional decomposition or object-based composition. • Flow structures are deterministic for human understanding and analysis, despite the uncertainties of complex, network-centric behaviors, thus enabling compositional methods of refinement, abstraction, and verification. • Flow structures reflect the realities of network-centric systems in dealing the uncertainty factors, to support enterprise risk management and system survivability. Synergy of SW Architecture, Process, and Organization

  25. FSQ Observations • Flow structures support the definition of attack and intrusion flows for assessing system vulnerabilities and compromises, as a basis for security and survivability improvements. • Computational quality attributes reflect the realities of network-centric systems, in assessing and reconciling quality requirements and capabilities as an intrinsically dynamic process. • Computational quality attributes provide a scale-free, computational use-centric (rather than system-centric) view of quality. • Flow management architectures provide systematic and uniform methods for managing user flow instantiation and quality attribute satisfaction in execution. • Foundations of flow structures can stimulate research on representation and analysis of flows at the requirements level within enterprises, and at the implementation level within system architectures. • Foundations of Computational Quality Attributes can stimulate research in modeling and dynamic evaluation of important quality attributes and metrics., Synergy of SW Architecture, Process, and Organization

  26. FSQ Research Directions • Complete Theory Development • Flow Structure Semantics • Computational Quality Attributes • Flow Management Architectures • Exploratory Case Studies • Engineering Practices • Industrial Collaborators/Customers • Automation Opportunities Synergy of SW Architecture, Process, and Organization

More Related