An NFR Pattern Approach to Dealing with NFRs

Transcription

1 An NFR Pattern Approach to Dealing with NFRs Presenter : Sam Supakkul Sam Supakkul Tom Hill Lawrence Chung The Univ. of Texas at Dallas Thein Than Tun The Open University, UK Julio CSP Leite PUC-Rio, Brazil

2 An NFR Pattern Approach to Dealing with NFRs Presenter : Sam Supakkul (criticality=high) (criticality=low) Beautiful building help? Cost Durability help/hurt? Layered shells Surrounded by water Triangular shape Sam Supakkul Tom Hill Lawrence Chung The Univ. of Texas at Dallas Thein Than Tun The Open University, UK Julio CSP Leite PUC-Rio, Brazil

3 Some NFRs, such as security, are achieved by dealing with bad things (criticality=high) Credit card info security threaten Break-in wireless network Masquerade user login Steal credit card info mitigate 2-factor authen. Password encryption Biometric authen. Thrustworthiness help/hurt? (criticality=intermediate) help/hurt? (criticality=low) Cost

4 Acquiring and using NFR knowledge are difficult but insufficient knowledge can be damaging (2 nd ) Biggest credit card theft 45.7M credit cards stolen $20M in fraudulent transactions To cost TJX $1B over 5 years TJX Inc. used security measures ID/password authentication Data encryption TJX not able to prevent the hacker 1. Break-in wireless network 2. Masquerade user login 3. Steal credit card info But TJX did not know enough Potential security problems Applicable mitigations Proper tradeoff among NFRs

5 This talk presents a pattern-based approach to capturing, organizing, and reusing NFR knowledge Organizing Capturing Reusing Amenable to tool support

6 Different kinds of patterns for capturing different kinds of NFR knowledge Objective pattern Problem pattern Alternatives pattern Selection pattern

7 Objective pattern captures a definition of an NFR as softgoals to be achieved Security = Confidentiality, Integrity, and Availability Confidentiality = Privacy and Proprietary Integrity = Authenticity and Non-repudiation Availability = Timeliness and Reliability

8 Problem pattern captures soft-problems or obstacles to achieving an NFR NFR: Confidentiality [Credit Card] Undesirable situation: Unauthorized access [Server] Threat operations: Masquerading user login, Vulnerability: Transmission of ID/password in clear text

9 Alternatives pattern captures alternative means or solutions with side-effects effects Problem: Transmission of ID/password in clear text Alternatives: Encrypt ID/password, Biometric authentication Side-effects: Cost, Trustworthiness

10 Selection pattern captures an application independent selection scheme Weight-based quantitative selection Weight(!) =0.5! Weight(+) =0.5 + Trustworthiness [Security] ++ Retina authentication Fingerprint authentication Weight(++) =1.0 Selection based on the weight of criticality of goal/problem contribution towards goal/problem pro: intuitive, widely used con: subjective weighting, scaling problem! Trustworthiness [Security] Rank(++!)=7 Rank(++!)= Retina authentication Fingerprint authentication Selection based on the ranking of criticality-contribution combination pro: less subjective, no scaling problem con: agreement on ranking Rank-based qualitative selection

11 A deeper look at the selections Weight-based quantitative selection Weight(!) =0.5! Weight(+) =0.5 + Trustworthiness [Security] ++ Retina authentication Fingerprint authentication Weight(++) =1.0 selection = alternative with highest score selection = max( score(alternative) ) score(alternative) = score(contribution) score(contr) = weight(criticality) x weight (contr)! Trustworthiness [Security] Rank(++!)=7 Rank(++!)= Retina authentication Fingerprint authentication selection = alternative with best ranking selection = min( rank(alternative) ) rank(alternative) = rank(contribution) rank(contr) = rank(criticality-contr) Rank-based qualitative selection user-defined ranking: ++!!G +!!G ++S +S - -S

12 Additional info for each pattern: credentials, applicability, refinement rules Credentials and applicability info. help with pattern selection Refinement rules help with pattern reuse/application Credentials Authors Sources Endorsements Known Uses Applicability Who What Why When Where How How much succeed NFRDecomposition refinement rule

13 Refinement rules used to transform the target model during pattern application 1 2 transform transform before after R3 3 transform 4 transform

14 Next, patterns may be organized along generalization, aggregation, and classification dim. generalization aggregation instantiation classification Objective pattern Alternatives pattern Problem pattern decomposition specialization Organizing Selection pattern Capturing Reusing Amenable to tool support

15 Specialized pattern is more specific in breadth or in depth Generalization dimension R2' More specific in breadth US Law: Security = Conf., Integrity, Avail. Payment Card Industry (PCI): Security = Confidentiality More specific in depth PCI also concerned with Accountability beyond Privacy R5

16 Composite pattern assembles smaller patterns to capture a larger chunk of knowledge Aggregation dimension Applying the whole pattern will apply the part-of patterns

17 A pattern is used as a template to instantiate occurrence patterns Classification dimension Meta-pattern Occurrence pattern Binding Reference model Applying the occurrence pattern applies the meta-pattern with customization (binding) Security asset mapped to Credit Card Info (super-class to sub-class) Security mapped to Confidentiality (parent goal to sub-goal)

18 Applying the approach to the TJX case shows preliminary positive results reuse knowledge in a different project Break-in wireless network Masquerade user login Steal credit card info Method Construct tool prototypes Build for reuse scenario Build with reuse scenario Hypotheses Knowledge from the case can be captured and reused in a different project The approach works in a tool- assisted environment

19 The NFR Pattern Assistant for pattern support The RE-Tools for knowledge modeling capturing organizing The NFR Pattern Assistant The RE-Tools StarUML extension framework reusing The NFR Framework The i* Framework KAOS Problem Frame UML

20 Build for reuse scenario: model and patternize Model for the current project Patternize and organize for future projects

21 Build with reuse scenario: select and apply

22 Results: 93% of knowledge captured and reused The approach works but needs improvements Break-in wireless network Masquerade user login Steal credit card info for Sample results modeled knowledge 1 composite, 5 primitive generated by application Limitations (future work) Tool/usability related Models not captured with original placements Knowledge not captured due to missing refinement rules (25 rules defined) Pattern search and selection are currently manual Approach related Need to support dealing with NFRs during architecture/design Need more case studies

23 In summary, the difficulty of acquiring and using NFR knowledge can be alleviated by NFR patterns generalization aggregation instantiation classification Objective pattern Alternatives pattern Problem pattern decomposition specialization Organizing Selection pattern Capturing Reusing Amenable to tool support Thank you Questions & Comments?

24 Backup slides

25 Five operations are defined for manipulating NFR patterns

26 NFR pattern concepts are defined in a meta-model model and implemented by the tool

27 Modeling concepts are integrated in a meta-model model and implemented by the tool Type Topic 1 Topic EndPoint Satisficed Goal * 1 1 Phenomenon 1 Proposition 1 parent 1..* offspring Problem 1 Satisficing Label Weakly Satisficed Undecided Weakly Denied Denied Softgoal Hardgoal Want Soft Problem Hard Problem Impact Conflict NFR Softgoal Claim Operationalizing Softgoal Requirement 1..* Stakeholder Adversary Want Want 0..* 0..* Refer Reference Constrain Reference Stakeholder Agent 1 Adversary 1..* Given Domain RefInterface EndPoint Requirement Reference * Referenced Phenomenon Undesirable Situation Designed Domain 1..* realize Controlled Phenomenon Undesirable Mechanism Machine Domain 1..* Interface 1 1..* Shared Phenomenon controller Domain 1..* generalize 0..* 1 Contribution Decomposition Eql And Or Correlation Satisficing Legend adopted metaelement extended metaelement Direct Satisficing Make proxy of existing metaelement Softgoal Stakeholder Satisficing Some Plus Help Hurt Some Minus Break 1

28 Refinement rules for objective pattern

29 Example of refinement rules in an objective pattern

30 Refinement rules for problem pattern

31 Example of refinement rules in a problem pattern

32 Refinement rules for alternatives pattern

33 Example of refinement rules in an alternatives pattern

34 Refinement rules for selection pattern

35 Example of refinement rules in a selection pattern

36 Constraints for pattern aggregation

37 Constraints for pattern instantiation