An NFR Pattern Approach to Dealing An NFR Pattern Approach to Dealing An NFR Pattern Approach to Dealing An NFR Pattern Approach to Dealing with Non- with Non -Functional Requirements Functional Requirements with Non with Non - - Functional Requirements Functional Requirements Presenter: Sam Supakkul Outline Outline Outline Outline Motivation The Approach NFR Patterns Pattern Organization Pattern Reuse Tool Support Case Study Conclusion Is it beautiful to you? Authors: Sam Supakkul Thein Than Tun Julio CSP Leite The Open University, UK PUC-Rio, Brazil Tom Hill Lawrence Chung The Univ. of Texas at Dallas
Dealing with Dealing with NFRs Dealing with Dealing with NFRs NFRs NFRs involves many concepts and involves many concepts and involves many concepts and involves many concepts and activities activities activities activities [softgoal] [side-effect] [side-effect] ! Memorable !! Aesthetic [criticalityl] Cost + ++ ++ - - ++ ++ ++ -- [alternatives] [selection] Pyramid Layered shells Dome ++ Make + Help -- Break - Hurt
Some aspects of NFRs Some aspects of NFRs are achieved by are achieved by Some aspects of Some aspects of NFRs NFRs are achieved by are achieved by mitigating known problems mitigating known problems mitigating known problems mitigating known problems !! Security of credit card info - / -- Break-in wireless network Masquerade user login Steal credit card info ! Trustworthiness - / -- Cost ++/+/-/-- Password encryption ++/+/-/-- Biometric authentication 2-factor authentication ++ Make + Help -- Break - Hurt
Having insufficient knowledge of Having insufficient knowledge of NFRs Having insufficient knowledge of Having insufficient knowledge of NFRs NFRs NFRs can lead to NFRs can lead to can lead to can lead to can lead to Having insufficient knowledge of Having insufficient knowledge of Having insufficient knowledge of Having insufficient knowledge of NFRs NFRs NFRs can lead to can lead to can lead to dire consequences dire consequences dire consequences dire consequences dire consequences dire consequences dire consequences dire consequences (2 nd nd ) Biggest credit card ) Biggest credit card (2 theft theft 45.7M credit cards stolen 45.7M credit cards stolen $20M in fraudulent transactions $20M in fraudulent transactions TJX used security measures TJX used security measures ID/password authentication ID/password authentication Data encryption Data encryption But TJX did not know enough But TJX did not know enough TJX unable to prevent the hacker Potential security problems Potential security problems Applicable mitigations Applicable mitigations 1. Break-in wireless network Proper tradeoff among NFRs NFRs Proper tradeoff among 2. Masquerade user login 3. Steal credit card info
Having sufficient knowledge of Having sufficient knowledge of NFRs Having sufficient knowledge of Having sufficient knowledge of NFRs is difficult NFRs NFRs NFRs is difficult is difficult is difficult is difficult Having sufficient knowledge of Having sufficient knowledge of Having sufficient knowledge of Having sufficient knowledge of NFRs NFRs NFRs is difficult is difficult is difficult because NFR knowledge is because NFR knowledge is because NFR knowledge is because NFR knowledge is because NFR knowledge is because NFR knowledge is because NFR knowledge is because NFR knowledge is Difficult to capture Difficult to capture Problems, solutions, domain Problems, solutions, domain Complete, correct Complete, correct Conceptual modeling and reasoning Conceptual modeling and reasoning Difficult to organize Difficult to organize Cataloging knowledge Cataloging knowledge Relating similar knowledge Relating similar knowledge General – – Specific Specific General Class – – Instance Instance Class Combining knowledge Combining knowledge Difficult to reuse Difficult to reuse Choosing appropriate knowledge Choosing appropriate knowledge (Re (Re- -)creating visual models )creating visual models
This talk presents a pattern This talk presents a pattern- This talk presents a pattern This talk presents a pattern - -based approach to - based approach to based approach to based approach to capturing, organizing, and reusing NFR knowledge capturing, organizing, and reusing NFR knowledge capturing, organizing, and reusing NFR knowledge capturing, organizing, and reusing NFR knowledge �������������� ����������� ������������� �������������� ������������� Objective pattern Objective pattern Objective pattern Objective pattern �������������� Problem pattern Problem pattern Problem pattern Problem pattern Organizing Organizing Organizing Organizing Alternatives pattern Alternatives pattern Alternatives pattern Alternatives pattern Reusing Reusing Reusing � � � � � � � Selection pattern Selection pattern Selection pattern Selection pattern Capturing Capturing Capturing Capturing Tool support Tool support
4 kinds of NFR patterns for capturing different kinds 4 kinds of NFR patterns for capturing different kinds 4 kinds of NFR patterns for capturing different kinds 4 kinds of NFR patterns for capturing different kinds of NFR knowledge of NFR knowledge of NFR knowledge of NFR knowledge Objective pattern Objective pattern Objective pattern Objective pattern Problem pattern Problem pattern Problem pattern Problem pattern Alternatives pattern Alternatives pattern Alternatives pattern Alternatives pattern � � � � � � � Selection pattern Selection pattern Selection pattern Selection pattern Capturing
An objective pattern captures a definition of an An objective pattern captures a definition of an An objective pattern captures a definition of an An objective pattern captures a definition of an NFR as a softgoal NFR as a softgoal (and sub (and sub- -goals) to be achieved goals) to be achieved NFR as a NFR as a softgoal softgoal (and sub (and sub - - goals) to be achieved goals) to be achieved An objective pattern Knowledge Knowledge Knowledge Knowledge Knowledge Knowledge Knowledge Knowledge Name: FISMA Security Objectives Name: Name: Name: FISMA Security Objectives Applicability Applicability Applicability Applicability (5W2H questions) (5W2H questions) Name: Name: Name: Name: Applicability Applicability Applicability Applicability Domain (Who) (Who): : Government Government Domain Credential Credential Credential Credential Credential Credential Credential Credential Topic (What) Topic (What): : Information, data Information, data Sources: Sources: US FISMA Act of 2002 US FISMA Act of 2002 Type Type (Why) (Why): : Security Security Authors: Sam Supakkul Sam Supakkul Phase (When) (When): : Requirements Requirements Authors: Phase Endorsements: Artifact (Where) (Where): : World World [per the WRSPM ref. model] Endorsements: Artifact [per the WRSPM ref. model] Known uses: Known uses: US government agencies US government agencies Application (How) Application (How): : Automated Automated Implication (How much) Implication (How much): : Regulation Regulation
Demo video: Demo video: Demo video: Demo video: applying an objective pattern applying an objective pattern applying an objective pattern applying an objective pattern In the catalog During the requirements engineering of a project Tools used The NFR Pattern Assistant (utdallas.edu/~supakkul/tools/NFRPassist) The RE-Tools (utdallas.edu/~supakkul/tools/RE-Tools)
A problem pattern captures soft A problem pattern captures soft- A problem pattern captures soft A problem pattern captures soft - - -problems or problems or problems or problems or obstacles to achieving an NFR softgoal obstacles to achieving an NFR softgoal obstacles to achieving an NFR obstacles to achieving an NFR softgoal softgoal A problem pattern
An alternatives pattern captures alternative means An alternatives pattern captures alternative means An alternatives pattern captures alternative means An alternatives pattern captures alternative means or alternative solutions with side or alternative solutions with side- or alternative solutions with side or alternative solutions with side - - -effect information effect information effect information effect information An alternative-solutions pattern
Recommend
More recommend