Research Heaven, West Virginia 1 FY 2004 Initiative: Risk Assessment of Software Architectures Hany Ammar, Katerina Goseva-Popstojanova, Ajith Guedem, Kalaivani Appukutty, Walid AbdelMoez, and Ahmad Hassan LANE Department of Computer Science and Electrical Engineering West Virginia University Less risk, sooner WVU UI: Risk Assessment of Software Architectures

Research Heaven, West Virginia 2 Outline Problem Approach Importance/benefits Relevance to NASA Accomplishments Next steps

Research Heaven, West Virginia 3 Problem Allocation of V&V resources to high risk system components, usage scenarios, and requirements Reliability-based, Performance-based, and Maintainability-based risk assessment Methodologies –Frequency of a mishap * Severity of consequences Severity Analysis – Severity of consequences Benefits: –Find & rank critical Requirements, scenarios, components, and connectors What keeps satellites working 24/7 ? The ARIANE 5 explosion

Research Heaven, West Virginia 4 Approach Develop architecture-based approach for risk assessment –Overall system/subsystem –Different functional Requirements –Key scenarios associated with requirements Heavily used scenarios Scenarios that are used infrequently but perform critical function Develop risk factors –Define risk factors as Probability of an undesired event * Severity of Consequences

Research Heaven, West Virginia 5 Importance/benefits Estimate risk factors for components and requirements at a scenario level at the early stages of development Identify and rank the severity of components How ? Details in technical presentation

Research Heaven, West Virginia 6 Relevance to NASA According to Dr. Martin Feather (NASA-JPL)“Risks are all the things that, should they occur, lead to loss of requirements.” “According to NASA-STD A, risk is a function of the possible frequency of occurrence of an undesired event, the potential severity of resulting consequences, and the uncertainties associated with the frequency and severity.”

Research Heaven, West Virginia 7 Relevance to NASA A PRA Presentation by M. Greenfield, 2 nd NASA PRA Workshop, June 2001

Research Heaven, West Virginia 8 The methodology is illustrated on the Flight Operations System (FOS) of NASA's Earth Observing System (EOS) Relevance to NASA Case Studies NASA's Earth Observing System (EOS) is the first observing system to offer integrated measurements of the Earth's processes The Flight Operations Segment (FOS) of EOS is responsible for the planning, scheduling, commanding, and monitoring of the spacecraft and the instruments on board We have evaluated the performance- based risk of the Commanding service

Research Heaven, West Virginia 9 Accomplishments Developed a methodology and a process for severity analysis Developed a risk assessment methodology that can be used in the Defect Detection and Prevention (DDP) process developed at JPL

Research Heaven, West Virginia 10 FY05 Develop a methodology and a process for maintainability-based risk assessment FY06 Develop a methodology for ranking software functions or components based on their risk factors and integrate it with CARA Next steps

Research Heaven, West Virginia 11 Publications 1.H. H. Ammar, T. Nikzadeh, and J. B. Dugan "Risk Assessment of Software Systems Specifications," IEEE Transactions on Reliability, To Appear September Sherif M. Yacoub, Hany H. Ammar, “A Methodology for Architecture-Level Reliability Risk Analysis,” IEEE Transactions on Software Engineering, June 2002, pp K. Goseva-Popstojanova, A. Hassan, A. Guedem, W. Abdelmoez, D. Nassar, H. Ammar, A. Mili, “Architectural-Level Risk Analysis using UML”, IEEE Transaction on Software Engineering, October T. Wang, A. Hassan, A. Guedem, W. Abdelmoez, K. Goseva-Popstojanova, H. Ammar, “Architectural Level Risk Assessment Tool Based on UML Specifications”, 25th International Conference on Software Engineering, Portland, Oregon, May , A. Hassan, K. Goseva-Popstojanova, H. Ammar, “Methodology for Architecture Level Hazard Analysis”, ACS/IEEE International Conference on Computer Systems and Applications (AICCSA 03), Tunis, Tunisia, July 14-18, A. Hassan, W. Abdelmoez, A.Guedem, K. Apputkutty, K.Goseva-Popstojanova, H.Ammar, “Severity Analysis at Architectural Level Based on UML Diagrams”, 21st International System Safety Conference, Ottawa, Ontario, Canada, August 4-8, Hany H. Ammar, Sherif M. Yacoub, Alaa Ibrahim, “A Fault Model for Fault Injection Analysis of Dynamic UML Specifications,” International Symposium on software Reliability Engineering, IEEE Computer Society, November Rania M. Elnaggar, Vittorio Cortellessa, Hany Ammar, “A UML-based Architectural Model for Timing and Performance Analyses of GSM Radio Subsystem”, 5th World Multi- Conference on Systems, Cybernetics and Informatics, July. 2001, Received Best Paper Award URL is

Research Heaven, West Virginia 12 Publications 7.A Ibrahim, Sherif M. Yacoub, Hany H. Ammar, “Architectural-Level Risk Analysis for UML Dynamic Specifications,” Proceedings of the 9th International Conference on Software Quality Management (SQM2001), Loughborough University, England, April 18-20, 2001, pp Ahmed Hassan, Walid M. Abdelmoez, Rania M. Elnaggar, Hany H. Ammar, “An Approach to Measure the Quality of Software Designs from UML Specifications,” 5th World Multi- Conference on Systems, Cybernetics and Informatics and the 7th international conference on information systems, analysis and synthesis ISAS July Hany H. Ammar, Vittorio Cortellessa, Alaa Ibrahim “Modeling Resources in a UML-based Simulative Environment”, ACS/IEEE International Conference on Computer Systems and Applications (AICCSA'2001), Beirut, Lebanon, June 2001 URL is