Presentation is loading. Please wait.

Presentation is loading. Please wait.

PhD Seminar 23 November 2004 Per Trygve Myhrer. Overview  Methods that can be used to identify hazards early in the development process  Methods to.

Similar presentations

Presentation on theme: "PhD Seminar 23 November 2004 Per Trygve Myhrer. Overview  Methods that can be used to identify hazards early in the development process  Methods to."— Presentation transcript:

1 PhD Seminar 23 November 2004 Per Trygve Myhrer

2 Overview  Methods that can be used to identify hazards early in the development process  Methods to achieve traceability and Intent Specification 2

3 Finding hazards early It is important to:  Identify hazards  Be able to insert barriers or preventive action early We do not want a lot of analysis that are useless after changes and gives a false sense of security 3

4 Finding hazards early II In the BUCS project we have tried out several methods for identifying hazards  PHA on System concept  PHA on High level requirements  PHA to find deviations from the happy scenarios  Use of the KJ process with focus on hazards 4

5 Preliminary Hazard Analysis  Brainstorming, structured by PHA table and system concept  What can go wrong  The results depend on the participants’ experience and knowledge PHA will work best if the members of the analysis have experience with the system that is going to be made 5

6 PHA on system concept Subject: Connection to the central database DangersCausesEffectsBarriers / actions No connection / No data received The central database is down Then we will have trouble with: - No registered users - No user updates - The users cannot log in We shall regularly / continuous poll the central database. If fail, one of our alarms shall be activated, and the administrators will get an SMS or an e-mail. Wrong data received- Our SQL query is wrong - Database central error - The central database interface have changed, and we have not updated our query - Wrong user updates - Wrong registered users - We have to notify the central database administrators that we are depending on their database. - We have to change our query It is hard to define a barrier here, we have to depend on feedback from our users 6

7 PHA on High level requirements RequirementsIncidentConsequence User registrationNot registeredCan not use the system Registered multiple times Several Ids can result in missing exercise deliveries Forget - password - user ID Can not access the system User disappears in the system Can not use the system Information get lost Wrong infoCan not access the system Wrong information Missing feedbackRegistered multiple times 7

8 Happy Scenarios Scenario ID: “User logon” Scenario pre condition: The student chooses the course he or she wants to take from a list at the universities web pages. The student will log in as a student, and writes in (when prompted) username and password. FunctionIncidentConsequence Severity Wrong UID / passwordNo access L UID/password not recognisedNo access Annoyance Re-registration of user M Inconsistency between web and “student system” Rejected M Course fullRejected L Login as wrong personDestroy information Security problem H Not yet opened course (no available information) Can miss out on taking course if user waits too long to register (this may be an organisational issue) L Scenario post condition: When the student successfully has logged in, he or she can read the latest news, will be able to download the files that have been published by the teacher, and can join and participate in the discussion group at the course news group. 8

9 Får ikke lest vedlegg Får ikke lagt ved vedlegg News item attachemnts are missing (links missing or dead links) Vedlegg med virus News item is dated incorrectly (not part of scenario) Vedlegg The new item is not in the notice board Info kommer ikke på websiden Info er feil eller uleselig Element is not added to the notice board The text is not the same as the teracher wrote in Students can not see the new news item on the notice board Får ikke oppdatert notice board Får ikke endra / fjerna notis Notis board innhold Systemet henger Siden blir forsinket oppdatert og studenten sender samme info en gang til => dobbeltpost Ytelse Teacher is not able to select ”add element to notice board” from the menue The KJ process The menue choice leads to wrong address Kommer ikke tilbake til start etterpå Noting happens when the menue item is chosen Menyvalg Students are able to add items to the notice board without having the proper access privilegies 9

10 Safety when using Agile methods Agile methods uses stories for requirements We add the hazard stories Stories Hazard Story Development Refractoring 10

11 The methods None of the methods will find hazards that none of the members have experienced or thought might happen We need more experiences and this can be done by building and using a experience database 11

12 Traceability Traceability is important because it:  Makes it possible to get an overview of the system and help people easy find reasons for decisions when developing software  Link hazards to proposed barriers and actions identified  Will help us to document our decisions 12

13 Why Intent Specification ? Intent Specification will allow us to:  Explain reason for decisions  Show consequences of decisions In order to justify our decisions we can use  Expert judgment  Experiences  ”What if?” – analysis 13

14 Intent Specification Intent Specification has hyperlinks that links parts of documentation and code that influence each other Links from requirements through the documentation and down to the code Decisions on how to comply with a safety requirements and links to the code where it’s done 14

15 Example of Intent Specification High level requirements Requirements Requirements for components PHA Hazop CCA Code User guides Architectur e History of previous systems 15 Before start of development System is finished

16 SpecTRM SpecTRM is a tool that can be used to realize Intent Specification. The tool is:  Made to be used to develop safety critical software systems and supports the use of Intent Specification  Adaptable and can also be used for a system that is not safety critical 16

17 Discussion  Challenges with traceability Traceability both ways will add more work to maintain Is it enough to have traceability only bottom – up?  PHA – Happy scenarios is probably the best method  Are Agile Methods are useful for business critical systems? 17

Download ppt "PhD Seminar 23 November 2004 Per Trygve Myhrer. Overview  Methods that can be used to identify hazards early in the development process  Methods to."

Similar presentations

Ads by Google