Tradeoff Analysis of Strategies for System Qualities Xuan Zhang YNU Visiting Scholar 3/15/2016
SQs and NFRs System qualities (SQs) are impacted by non-functional requirements (NFRs). NFRs state “how well” while FRs state “what” NFRs=how well (FRs) Design state “how” the system should perform the functions. Developing to the design will satisfy FRs and NFRs. I assume that we all agree that system qualities are very important. In my opinion, system qualities is determined by both FRs and NFRs. FRs are basic requirements that the systems must finish the correct functions. They state what system should perform, while NFRs state how well the system should perform. This “how” problems are more difficult to handle than “what” problems. What I wanna do is to try to solve this “how” problem. So in the following, when I talk about system qualities I focus on NFRs. System qualities are also impacted by non-functional requirements. Before we write code to develop software or use software, hardware or anything else we need to develop or construct systems we need to design first. To determine what and how the systems should perform the functions. If we have terrible design the result system will not be good. So we need have good design and develop to the design, that it will satisfy the FRs and NFRs.
Strategies The need for a particular SQ use specific strategies to optimize the system for this SQ improve the particular SQs may hurt other SQs. Systems increase in diversity and complexity, the strategy alternatives for SQs constitute a vast space of options. When we want to improve some specific system qualities we usually use some strategies to optimize the system. The strategies here could be technical strategies, process strategies, or project management strategies. There are many strategy example, such as when optimizing on security, for higher security we use single-agent key distribution. But this strategy may hurt other system qualities. Reliability is one of them because this may have single point of failure problem. This makes the “how” problem harder. And even worse, because systems increase in diversity and complexity, the strategy alternatives for SQs constitute a vast space of options. The most easier examples are encryption algorithms. We have AES, DES, RSA, ECC and many hash algorithms. Another example is redundancy, we can add physical or cyber capacities but how many capacities should be added. Because the development of computing technology and I said before, the systems are more complex. For some strategies, we have lots of options to choose. Choosing from them is hard because this decision may impact the SQs.
This is Dr. Boehm’s synergis and conflicts matrix This is Dr.Boehm’s synergis and conflicts matrix. In this matrix the strategies in the column may have the conflict problems I said before. When we show these strategies to project team we need to tell them that some strategies may have conflict problems, but this is not enough, we have to show how coflict and how to use the strategies when conflicts exist.
Strategies Redundancy Design Fault-tolerant Design Encryption Design Reliability, Safety, Maintainability Security, Speed Fault-tolerant Design Reliability, Usability Security, Accuracy Encryption Design Security Speed, Maintainability End-user Programming, Across domain component, Tight Coupling..... Redundancy Design: add more physical/cyber capacities, if some components failed redundant hardware can be used to assure the system not failed. This is also good to safety and maintainability. But adding more capacities maybe add attack surface. Attack surface is the ways in which an adversary can enter the system and potentially cause damage, such as methods, channels, and data items. The smaller attack surface the more secure the system. If we backup in more components it will cost more time, which means lower speed. Encryption Design: protect keys for encryption will complex maintainability and need more maintenance cost.
Zhu’s Tradeoff Analysis Many scholars present solving method. I only use one example here. It is Zhu mingxun’s tradeoff analysis for trustworthy software. Because NFRs impact trustworthiness of software he try to balance the conflict such as security and performance. Usually, the higher the security the lower the performance. Here he compare two algorithms RSA and DES (I have to mention that this comparison between RSA and DES may not be good because they are different algorithms and used in different ways. Please ignore the problem, what I want to show that the options or this algorithms can be measured and some useful values maybe helpful for designers). He use fuzzy linguistic variables to obtain what stakeholders want and then use defuzzification procedure to get values for each options. The good thought here is to show a specific values to designers to make them easier to make decisions. Because the process time and security level can be measured some of the strategies can be measured. The problem of this example is that if we have more options what the relations among these options, can we show more details of these options.
My Tradeoff Analysis I borrow the concepts form the theory of production. In case of labor and capital are both variable inputs, an isoquant shows the various combinations of two inputs (say, labor and capital) that can be used to produce a specific level of output. These various combinations show the elasticity of their substitution. In my tradeoff analysis, the isoquant shows the combinations of options in strategis. But different from isoquant, this curve is made up of straight line segments and will have kinks rather than being smooth. The dots are options. Different dots show different relations between SQs.
Optimize Tradeoff The next problem is how to choose from these options. I refer to the linear programming. To add constraints. There are two constraints can be added. The first is which SQ is more important. But how can we get the values to show this importance? I obtain them from stakeholders. The second constraint is the minimum or maximum of each SQ. For example, for security, we may have minimum security level. For adding hardware for redundancy we may have maximum constraint. By adding these constraints I think I can find the proper options. The darker region is feasible region shows that the options in this region can be chosen. The dot near to the intersection is the proper options.
SQs Tradeoff Framework
SQs Priority
Synergies and Conflicts
Tradeoff Optimization Minimum distance from point to line.
Impact of Changes Changes: upgrade platform, better techniques, more or less constraints.
3 Categories of Strategies In real project, not all strategies are measurable. Immeasurable: agile methods.
COCOMO Strategies
Measurable Strategies
Tradeoff Summary
High Level Architecture Support Tool
Empirical Application A trusted third party certification authority (CA) project.
Normalization : Min-Max scaling and scale the data in a fixed range of 1 to n, where n is the numbers of solutions.
Thank you!