1 SQA & Reuse Katerina Goseva-Popstojanova, WVU Aaron Wilson, NASA IV&V Kalynnda Berens & Richard Plastow, GRC Joanne Bechta Dugan, UVa David Gilliam JPL.

Slides:



Advertisements
Similar presentations
Software Engineering CSE470: Process 15 Software Engineering Phases Definition: What? Development: How? Maintenance: Managing change Umbrella Activities:
Advertisements

4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.
Ask Pete Acquired Software Knowledge Project - Estimation- Tool - Effort Presented to the NASA OSMA SAS ‘01 NASA IV&V Facility September 5-7, 2001 Tim.
CS 5521 Configuration Management the problem Not a simple task! –Different versions of software usually is in the field during the life cycle –Different.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
APPLICATION DEVELOPMENT BY SYED ADNAN ALI.
Software Fault Injection Kalynnda Berens Science Applications International Corporation NASA Glenn Research Center.
5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.
Planning and Tracking Software Quality Yordan Dimitrov Telerik Corporation
Computer System Lifecycle Chapter 1. Introduction Computer System users, administrators, and designers are all interested in performance evaluation. Whether.
SEC835 Database and Web application security Information Security Architecture.
Web Development Process Description
INFORMATION SYSTEM APPLICATIONS System Development Life Cycle.
S/W Project Management Software Process Models. Objectives To understand  Software process and process models, including the main characteristics of.
Software Engineering II Lecture 1 Fakhar Lodhi. Software Engineering - IEEE 1.The application of a systematic, disciplined, quantifiable approach to the.
Dillon: CSE470: SE, Process1 Software Engineering Phases l Definition: What? l Development: How? l Maintenance: Managing change l Umbrella Activities:
CLEANROOM SOFTWARE ENGINEERING.
Page 1 MODEL TEST in the small GENERALIZE PROGRAM PROCESS allocated maintenance changes management documents initial requirement project infrastructure.
Independent Verification and Validation (IV&V) Techniques for Object Oriented Software Systems SAS meeting July 2003.
Thirteenth Lecture Hour 8:30 – 9:20 am, Sunday, September 16 Software Management Disciplines Process Automation (from Part III, Chapter 12 of Royce’ book)
Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.
Planning and Tracking Software Quality.  What Is Software Quality?  Causes of Software Defects  What is Quality Assurance?  Improving the Software.
Information Systems Analysis and Design
What is a life cycle model?
What is a life cycle model? Framework under which a software product is going to be developed. – Defines the phases that the product under development.
Introduction to Software Engineering LECTURE 2 By Umm-e-Laila 1Compiled by: Umm-e-Laila.
1 Department of Electrical and Computer Engineering University of Virginia Software Quality & Safety Assessment Using Bayesian Belief Networks Joanne Bechta.
Real-time Linux Evaluations NASA Glenn Research Center Kalynnda Berens, SAIC Richard Plastow, SAIC.
1 SAS ‘05 Reducing Software Security Risk through an Integrated Approach David P. Gilliam, John D. Powell Jet Propulsion Laboratory, California Institute.
Software Quality Assurance SE Software Quality Assurance What is “quality”?
Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.
Service Transition & Planning Service Validation & Testing
 CS 5380 Software Engineering Chapter 2 – Software Processes Chapter 2 Software Processes1.
Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.
IT Requirements Management Balancing Needs and Expectations.
Slide 1V&V 10/2002 Software Quality Assurance Dr. Linda H. Rosenberg Assistant Director For Information Sciences Goddard Space Flight Center, NASA
Real-Time Linux Evaluation NASA Glenn Research Center Kalynnda Berens Richard Plastow
Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.
Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.
SAS ‘05 Reducing Software Security Risk through an Integrated Approach David P. Gilliam, John D. Powell Jet Propulsion Laboratory, California Institute.
Fifth Lecture Hour 9:30 – 10:20 am, September 9, 2001 Framework for a Software Management Process – Life Cycle Phases (Part II, Chapter 5 of Royce’ book)
Development of Methodologies for Independent Verification and Validation of Neural Networks NAG OSMA-F001-UNCLASS Methods and Procedures.
Systems Analysis and Design in a Changing World, Fourth Edition
Fundamentals of Information Systems, Second Edition 1 Systems Development.
Page 1 TEST in the large RELEASE REWORK ASSESS packaged application documentation models and source code management documents requirement alloc. matrix.
ANKITHA CHOWDARY GARAPATI
Page 1 JUSTIFY define and validate REQUIRE- MENTS define initial management DOCUMENTS define INFRA- STRUCTURE allocated maintenance changes management.
Business Analysis. Business Analysis Concepts Enterprise Analysis ► Identify business opportunities ► Understand the business strategy ► Identify Business.
Principles of Information Systems, Sixth Edition 1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
An organizational structure is a mostly hierarchical concept of subordination of entities that collaborate and contribute to serve one common aim... Organizational.
Rational Unified Process (RUP)
Research Heaven, West Virginia PI: Katerina Goseva – Popstojanova Students: Ajay Deep Singh & Sunil Mazimdar Lane Dept. Computer Science and Electrical.
Glenn Research Center at Lewis Field Software Assurance of Web-based Applications SAWbA Tim Kurtz SAIC/GRC Software Assurance Symposium 2004.
Project Management Strategies Hidden in the CMMI Rick Hefner, Northrop Grumman CMMI Technology Conference & User Group November.
1 SAS ‘04 Reducing Software Security Risk through an Integrated Approach David P. Gilliam and John D. Powell.
SwCDR (Peer) Review 1 UCB MAVEN Particles and Fields Flight Software Critical Design Review Peter R. Harvey.
by: Er. Manu Bansal Deptt of IT Software Quality Assurance.
Project Cost Management
Pragmatics 4 Hours.
Supporting quality devices
Information Systems Development
Managing the Project Lifecycle
Presented to the NASA OSMA SAS ‘01
Chapter 1 (pages 4-9); Overview of SDLC
Process Models Coming up: Prescriptive Models.
Utility-Function based Resource Allocation for Adaptable Applications in Dynamic, Distributed Real-Time Systems Presenter: David Fleeman {
Software Engineering I
PLANNING A SECURE BASELINE INSTALLATION
Software Architecture
Overview Activities from additional UP disciplines are needed to bring a system into being Implementation Testing Deployment Configuration and change management.
Presentation transcript:

1 SQA & Reuse Katerina Goseva-Popstojanova, WVU Aaron Wilson, NASA IV&V Kalynnda Berens & Richard Plastow, GRC Joanne Bechta Dugan, UVa David Gilliam JPL

2 Projects Real-time Linux Evaluations Kalynnda Berens & Richard Plastow, GRC Performability of Web-based applications Katerina Goseva-Popstojanova, WVU Reducing Software Security Risk through an Integrated Approach, David Gilliam & John Powel, JPL Software Assurance of Web-based Applications Tim Kurtz, GRC Software Quality & Safety Assessment Using Bayesian Belief Networks, Joanne Bechta Dugan, UVa

3 Performance benchmarking on flight-like hardware: –RTLinux (free version) V3.2 pre3 –RTLinux Pro (commercial) V2.0 –RTAI V –Linux Kernel (future) –Jaluna (future) RTLinux and RTAI are –Stable –Support many processors –Require a learning curve Real-time Linux Evaluations

4 Which Real-Time Linux is best? User-space Task CreationUser-space Program ForkingTiming Jitter (Harmonic)Timing Jitter (Non-harmonic)Context Switch TimingHardware InterruptsSoftware InterruptsKernel Task CreationInter-task MessagingGet SemaphoreGet/Release SemaphoreRelease/Get Semaphore RTLinux Pro BestOKWorst BestOK Worst Good RTLinux free WorstBest OKVery Good Worst BestOKWorst RTAIOK GoodBestWorstBest GoodBest

5 Web access log analysis User session characterization Realistic workload Software/hardware resource utilization Application & hardware resource monitoring Web error log analysis Request-based and session-based error characterization Software/hardware failure/recovery characterization Performability model Session layer (user view) Service layer (software architectural view) System layer (deployment view) Reliability/ availability model Performance model Resource layer (hardware device view) Web measurement and modeling framework

6 Cost effective way to improve quality 10-35% of the total number of errors are due to only 3 files Fixing the errors with the highest frequency of occurrence is the most cost effective way to improve Web quality

7 Software Vulnerabilities Expose IT Systems and Infrastructure to Security Risks Goal: Reduce Security Risk in Software and Protect IT Systems, Data, and Infrastructure Security Training for System Engineers and Developers Software Security Checklist for end-to-end life cycle Software Security Assessment Instrument (SSAI) Security Instrument Includes: Model-Based Verification Property-Based Testing Security Checklist Vulnerability Matrix Collection of security tools NASA Reducing Software Security Risk Through an Integrated Approach

8 Womb-to-Tomb Process Coincides with Organizational Polices and Requirements Security Risk Mitigation Process in the Software Lifecycle Software Lifecycle Integration –Training –Software Security Checklist Phase 1 –Provide instrument to integrate security as a formal approach to the software life cycle –Requirements Driven Phase 2: –External Release of Software –Release Process –Vulnerability Matrix – NASA Top 20 –Security Assurance Instruments Early Development – Model Checking / FMF Implementation – Property Based Testing –Security Assessment Tools (SATs) Description of available SATs Pros and Cons of each and related tools with web sites Notification Process when Software or Systems are De-Commissioned / Retired

9 How should NASA SA assure web-based applications? Solution –Implement the same types of controls on web-apps development that are used on other types of software development –Audit and review projects web-app development activities using a set of checklists –Pilot the guidebook/checklists Deliverables –Best Practices guidebook –Checklists Software Assurance of Web-based Applications

10 GETR Decision How can we investigate and document the decision process that is used to go from... to… I have an acceptable level of belief that the system will operate as specified. Quality Assurance Test ResultsPersonal and Team CMM Prototype Performance Requirements Review Is the system good enough to release? Code InspectionRisk Assessment Formal Methods for a computer-based system Engineering Judgment Software Quality & Safety Assessment Using BBN

11 BBN model of Software Development Process

12 Technology Readiness Level Software Quality & Safety Web performability Reducing software security risk

13 Brief description of the field –Quality attributes: reliability, performance, security, maintainability, and reusability –Techniques Testing: property testing, performance testing Real system, real workload Analysis & Modeling: model checking, statistical & probabilistic analysis, BBN –Process & product

14 Potential benefits Improved decision support, prioritization, better allocation of resources Better product in a cost effective way through integrated approaches Increased fidelity without increasing complexity

15 Directions Increased coordination through unified approaches Infusion of improved techniques into current processes Improving the state of practice

16 Why Potential benefits to NASA –Fewer mission failures –Reduced complexity –Greater reuse of software artifacts and process improvements –Transference of best practices and lessons learned

17 Why not Standard traps –“There is no silver bullet” –“Teaching to the test” –Deadline vs. quality driven development –Tunnel vision –Dependencies on hardware and OS –Poor documentation and quality of data

18 Who is using this technology NASA projects that are using this technology –Security checklist at JPL –RT Linux Pro at Glenn –Web performability at NASA IV&V –Web-based process assurance at Glenn –Seal of Approval Process for PRA tools at NASA HQ Other projects outside of NASA that are using these tools/approaches –Web performability at LDCSEE –Formal security verification at Patchlink

19 Questions/Issues Reliability, availability, performance, security –Integrated approaches needed –What are the interactions & tradeoffs? Process & product Better, Cheaper, Faster –Can we have it all? –Should we pick (any) two?