Architectural level risk assessment

Many companies develop and maintain large-scale software systems for public and financial institutions. Should a failure occur in one of these systems, the impact would be enormous. It is therefore essential, in maintaining a system\u27s quality, to identify any defects early on in the development process in order to prevent the occurrence of failures. However, testing all modules of these systems to identify defects can be very expensive. There is therefore a need for methodologies and tools that support software engineers in identifying the defected and complex software components early on in the development process.;Risk assessment is an essential process for ensuring high quality software products. By performing risk assessment during the early software development phases we can identify complex modules, thus enables us to enhance resource allocation decisions.;To assess the risk of software systems early on in the software\u27s life cycle, we propose an architectural level risk assessment methodology. It uses UML specifications of software systems which are available early on in the software life cycle. It combines the probability of software failures and the severity associated with these failures to estimate software risk factors of software architectural elements (components/connectors), the scenarios, the use cases and systems. As a result, remedial actions to control and improve the quality of the software product can be taken.;We build a risk assessment model which will enable us to identify complex and noncomplex software components. We will be able to estimate programming and service effort, and estimate testing effort. This model will enable us also to identify components with high risk factor which would require the development of effective fault tolerant mechanisms.;To estimate the probability of software failure we introduced and developed a set of dynamic metrics which are used to measure dynamic of software architectural elements from UML static models.;To estimate severity of software failure we propose UML based severity methodology. Also we propose a validation process for both risk and severity methodologies. Finally we propose prototype tool support for the automation of the risk assessment methodology

Integrated lifecycle requirements information management in construction

Effective management of information about client requirements in construction projects lifecycle can contribute to high construction productivity; within budget and schedule, and improve the quality of built facilities and service delivery. Traditionally, requirements management has been focused at the early stages of the construction lifecycle process where elicited client requirements information is used as the basis for design. Management of client requirements does not extend to the later phases. Client requirements often evolve and change dramatically over a facility’s life. Changing client requirements is one of the principal factors that contribute to delays and budget overruns of construction projects. This results in claims, disputes and client dissatisfaction. The problems of current requirements management process also include: lack of integrated and collaborative working with requirements; lack of integrated requirements information flow between the various heterogeneous systems used in the lifecycle processes, and between the multiple stakeholders; inefficient and ineffective coordination of changes within the lifecycle processes; manual checking of dependencies between changing requirements to facilitate assessment of cost and time impact of changes. The aim of the research is to specify a better approach to requirements information management to help construction organisations reduce operational cost and time in product development and service delivery; whilst increasing performance and productivity, and realising high quality of built facilities. In order to achieve the aim and the formulated objectives, firstly, a detailed review of literature on related work was conducted. Secondly, the research designed, developed and conducted three case studies to investigate the state-of-the-art of managing client requirements information. A combination of multiple data collection methods was applied which included observations, interviews, focus group and questionnaires. Following this, the data was analysed and problems were identified; the necessity for a lifecycle approach to managing the requirements information emerged. (Continues...)

A Graphical Approach to Security Risk Analysis

"The CORAS language is a graphical modeling language used to support the security analysis process with its customized diagrams. The language has been developed within the research project "SECURIS" (SINTEF ICT/University of Oslo), where it has been applied and evaluated in seven major industrial field trials. Experiences from the field trials show that the CORAS language has contributed to a more actively involvement of the participants, and it has eased the communication within the analysis group. The language has been found easy to understand and suitable for presentation purposes. With time we have become more and more dependent on various kinds of computerized systems. When the complexity of the systems increases, the number of security risks is likely to increase. Security analyses are often considered complicated and time consuming. A well developed security analysis method should support the analysis process by simplifying communication, interaction and understanding between the participants in the analysis. This thesis describes the development of the CORAS language that is particularly suited for security analyses where "structured brainstorming" is part of the process. Important design decisions are based on empirical investigations. The thesis has resulted in the following artifacts: - A modeling guideline that explains how to draw the different kind of diagrams for each step of the analysis. - Rules for translation which enables consistent translation from graphical diagrams to text. - Concept definitions that contributes to a consistent use of security analysis terms. - An evaluation framework to evaluate and compare the quality of security analysis modeling languages.