1

Research Heaven,West Virginia

FY 2004 Initiative: Risk Assessment of Software Architectures

Hany Ammar, Katerina Goseva-Popstojanova,Ajith Guedem, Kalaivani Appukutty,

Walid AbdelMoez, and Ahmad Hassan

LANE Department of Computer Science and Electrical EngineeringWest Virginia University

Less risk, soonerWVU UI:

Risk Assessment of Software Architectures

2

Research Heaven,West Virginia

Outline

• Problem

• Approach • Importance/benefits

• Relevance to NASA

• Accomplishments

• Next steps

3

Research Heaven,West Virginia

Problem

• Allocation of V&V resources to high risk system components, usage scenarios, and requirements

• Reliability-based, • Performance-based, and • Maintainability-based risk

assessment Methodologies– Frequency of a mishap

* Severity of consequences

• Severity Analysis– Severity of consequences

• Benefits:– Find & rank critical

• Requirements, scenarios, • components, and connectors

What keeps satellites working 24/7 ?

The ARIANE 5explosion

4

Research Heaven,West Virginia

Approach

•Develop architecture-based approach for risk assessment

–Overall system/subsystem

–Different functional Requirements

–Key scenarios associated with requirements

•Heavily used scenarios

•Scenarios that are used infrequently but perform critical function

•Develop risk factors

–Define risk factors as

Probability of an undesired event * Severity of Consequences

5

Research Heaven,West Virginia

Importance/benefits

• Estimate risk factors for components and requirements at a scenario level at the early stages of development• Identify and rank the severity of components • How ? Details in technical presentation

CICS

CTSRS

OS

SA

INA

APSSCEN1

SCEN3SCEN5

0

10

20

30

40

50

60

70

80

90

100

Nor

mal

ised

Ser

vice

Tim

es

Components

Scenarios

6

Research Heaven,West Virginia

Relevance to NASA

• According to Dr. Martin Feather (NASA-JPL)“Risks are all the things that, should they occur, lead to loss of requirements.”

• “According to NASA-STD-8719.13A, risk is a function of the possible frequency of occurrence of an undesired event, the potential severity of resulting consequences, and the uncertainties associated with the frequency and severity.”

7

Research Heaven,West Virginia

Relevance to NASA

A PRA Presentation by M. Greenfield, 2nd NASA PRA Workshop, June 2001

8

Research Heaven,West Virginia

The methodology is illustrated on the Flight Operations System (FOS)

of NASA's Earth Observing System (EOS)

Relevance to NASA Case Studies

• NASA's Earth Observing System (EOS) is the first observing system to offer integrated measurements of the Earth's processes

• The Flight Operations Segment (FOS) of EOS is responsible for the planning, scheduling, commanding, and monitoring of the spacecraft and the instruments on board

• We have evaluated the performance-based risk of the Commanding service

9

Research Heaven,West Virginia

Accomplishments

• Developed a methodology and a process for severity analysis

• Developed a risk assessment methodology that can be used in the Defect Detection and Prevention (DDP) process developed at JPL

10

Research Heaven,West Virginia

FY05• Develop a methodology and a process for

maintainability-based risk assessment

FY06• Develop a methodology for ranking software

functions or components based on their risk factors and integrate it with CARA

Next steps

11

Research Heaven,West Virginia

Publications

1. H. H. Ammar, T. Nikzadeh, and J. B. Dugan "Risk Assessment of Software Systems Specifications," IEEE Transactions on Reliability, To Appear September 2001

2. Sherif M. Yacoub, Hany H. Ammar , “A Methodology for Architecture-Level Reliability Risk Analysis,” IEEE Transactions on Software Engineering, June 2002, pp.  529-547

3. K. Goseva-Popstojanova , A. Hassan, A. Guedem, W. Abdelmoez, D. Nassar, H. Ammar, A. Mili, “Architectural-Level Risk Analysis using UML”, IEEE Transaction on Software Engineering, October 2003.

4. T. Wang, A. Hassan, A. Guedem, W. Abdelmoez, K. Goseva-Popstojanova, H. Ammar, “Architectural Level Risk Assessment Tool Based on UML Specifications”, 25th International Conference on Software Engineering, Portland, Oregon, May 3 - 10, 2003.

5. A. Hassan, K. Goseva-Popstojanova, H. Ammar, “Methodology for Architecture Level Hazard Analysis”, ACS/IEEE International Conference on Computer Systems and Applications (AICCSA 03), Tunis, Tunisia, July 14-18, 2003.

6. A. Hassan, W. Abdelmoez , A.Guedem, K. Apputkutty, K.Goseva-Popstojanova, H.Ammar, “Severity Analysis at Architectural Level Based on UML Diagrams”, 21st International System Safety Conference, Ottawa, Ontario, Canada, August 4-8, 2003.

7. Hany H. Ammar, Sherif M. Yacoub, Alaa Ibrahim, “A Fault Model for Fault Injection Analysis of Dynamic UML Specifications,” International Symposium on software Reliability Engineering, IEEE Computer Society, November 2001  

8.  Rania M. Elnaggar, Vittorio Cortellessa, Hany Ammar, “A UML-based Architectural Model for Timing and Performance Analyses of GSM Radio Subsystem” , 5th World Multi-Conference on Systems, Cybernetics and Informatics, July. 2001, Received Best Paper AwardURL is http://www.csee.wvu.edu/~ammar/

 

12

Research Heaven,West Virginia

Publications

7. A Ibrahim, Sherif M. Yacoub, Hany H. Ammar, “Architectural-Level Risk Analysis for UML Dynamic Specifications,” Proceedings of the 9th International Conference on Software Quality Management (SQM2001), Loughborough University, England, April 18-20, 2001, pp. 179-190

8. Ahmed Hassan, Walid M. Abdelmoez, Rania M. Elnaggar, Hany H. Ammar, “An Approach to Measure the Quality of Software Designs from UML Specifications,” 5th World Multi-Conference on Systems, Cybernetics and Informatics and the 7th international conference on information systems, analysis and synthesis ISAS  July. 2001.

9. Hany H. Ammar, Vittorio Cortellessa, Alaa Ibrahim “Modeling Resources in a UML-based Simulative Environment”, ACS/IEEE International Conference on Computer Systems and Applications (AICCSA'2001), Beirut, Lebanon, 26-29 June 2001

URL is http://www.csee.wvu.edu/~ammar/