CSE 403, Software Engineering Lecture 6

Slides:



Advertisements
Similar presentations
Sachin Rawat Crypsis SDL Threat Modeling.
Advertisements

Test process essentials Riitta Viitamäki,
SENG521 (Fall SENG 521 Software Reliability & Testing Operational Profiles (Part 5b) Department of Electrical & Computer Engineering,
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
02/12/00 E-Business Architecture
1 SOFTWARE QUALITY ASSURANCE Basic Principles. 2 Requirements System Design Detailed Design Implementation Installation & Testing Maintenance SW Quality:
Lecture 11 Reliability and Security in IT infrastructure.
Lecture Nine Database Planning, Design, and Administration
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.
Frequently asked questions about software engineering
© SAIC. All rights reserved. NATIONAL SECURITY ENERGY & ENVIRONMENT HEALTH CYBERSECURITY The Potential High Cost of Simple Systems Engineering Errors Jim.
Introduction to Databases and Database Languages
Computer System Lifecycle Chapter 1. Introduction Computer System users, administrators, and designers are all interested in performance evaluation. Whether.
Secure Software Development Chris Herrick 01/29/2007.
Ethical and Social...J.M.Kizza 1 Module 8: Software Issues: Risks and Liabilities Definitions Causes of Software Failures Risks Consumer Protection Improving.
Chapter 9 Database Planning, Design, and Administration Sungchul Hong.
EE551 Real-Time Operating Systems
1 Chapter 2 Socio-technical Systems (Computer-based System Engineering)
Architecting secure software systems
Course: Software Engineering © Alessandra RussoUnit 1 - Introduction, slide Number 1 Unit 1: Introduction Course: C525 Software Engineering Lecturer: Alessandra.
Computer & Network Security
CSE 403, Software Engineering Lecture 4 Documenting and Using Requirements.
CSE 403 Lecture 14 Safety and Security Requirements.
Topic (1)Software Engineering (601321)1 Introduction Complex and large SW. SW crises Expensive HW. Custom SW. Batch execution.
 CS 5380 Software Engineering Chapter 8 Testing.
Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.
CSE 219 Computer Science III Program Design Principles.
Lecture 7: Requirements Engineering
University of Palestine software engineering department Testing of Software Systems Testing throughout the software life cycle instructor: Tasneem.
Object-Oriented Software Engineering Practical Software Development using UML and Java Chapter 1: Software and Software Engineering.
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
CS551 - Lecture 5 1 CS551 Lecture 5: Quality Attributes Yugi Lee FH #555 (816)
Software Defects.
CSE 303 – Software Design and Architecture
Module 2: Designing Network Security
Software Engineering for Capstone Courses Richard Anderson CSE 481b Winter 2007.
The Digital Crime Scene: A Software Perspective Written By: David Aucsmith Presented By: Maria Baron.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Lesson Title: Media Interface Threats, Risks, and Mitigation Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
CS223: Software Engineering Lecture 2: Introduction to Software Engineering.
SOFTWARE ENGINEERING MCS-2 LECTURE # 2. ATTRIBUTES OF GOOD S/W  Maintainability;  S/w should be written in such a way that it may evolve to meet the.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
HNDIT23082 Lecture 09:Software Testing. Validations and Verification Validation and verification ( V & V ) is the name given to the checking and analysis.
Chapter 1- Introduction Lecture 1. Topics covered  Professional software development  What is meant by software engineering.  Software engineering.
Topic: Reliability and Integrity. Reliability refers to the operation of hardware, the design of software, the accuracy of data or the correspondence.
Requirement Classification Nisa’ul Hafidhoh Teknik Informatika
Security Development Lifecycle. Microsoft SDL 概觀 The SDL is composed of proven security practices It works in development organizations regardless of.
Maintaining and Updating Windows Server 2008 Lesson 8.
G. Russo, D. Del Prete, S. Pardi Kick Off Meeting - Isola d'Elba, 2011 May 29th–June 01th A proposal for distributed computing monitoring for SuperB G.
Threat Modeling: Employing the 5 Ws Security Series, December 13, 2013 Jeff Minelli Penn State ITS
INTRODUCTION CSE 470 : Software Engineering. Goals of Software Engineering To produce software that is absolutely correct. To produce software with minimum.
CompSci 280 S Introduction to Software Development
CSCE 548 Secure Software Development Risk-Based Security Testing
Execution with Unnecessary Privileges
Definition CASE tools are software systems that are intended to provide automated support for routine activities in the software process such as editing.
Evaluating Existing Systems
Chapter 1- Introduction
Chapter 8 – Software Testing
Evaluating Existing Systems
CSE 403 Software Engineering
Business System Development
Frequently asked questions about software engineering
CS & CS Capstone Project & Software Development Project
INFS 452 – Computer Ethics & Society
Chapter # 7 Software Development
Presentation transcript:

CSE 403, Software Engineering Lecture 6 Non-functional specification

UW CSE Colloquium 10/10/02 Agnes Kwan (UW CSE '82) "The one thing I didn't learn in school was how to gather requirements from users"

Today Complete discussion of requirement representation Non-functional requirements

Recap from Wednesday Multiple customers for requirements Multiple representations of requirements Process for managing requirements

Redundancy: Good or bad? Multiple forms of documentation Used for different audiences or views But risk of inconsistency Functional spec and user spec Should describe the same thing! But what if they differ Isn't that Test's job? Development principle Avoid computing the same thing in multiple places

Brooks on flow charts The flow chart is the most thoroughly oversold piece of program documentation I have never seen an experienced programmer who routinely made detailed flow charts before beginning to write programs. Where organization standards require flow charts, these are invariably done after the fact.

Flow charts "The emperor has no clothes" Formal processes Many processes are onerous and unpleasant to follow – but enhance overall product quality Some are without value, and should be dropped Process is not the end in itself

User requirements Business Requirements User Requirements User Study Use Cases Functional Requirements Requirements Documentation Non-functional Requirements

Non-functional requirements Requirements beyond user interaction with the system Kulak and Guiney Availability, cost of ownership, maintainability, data integrity, extensibility, functionality (?), installability, reuse, operability, performance, portability, quality, robustness, scalability

Non-functionality requirements Wiegers Performance requirements Safety requirements Security requirements Software quality attributes

Safety requirements Safety critical applications Famous cases Where bugs can kill Famous cases Therac-25 radiation therapy machine US Air traffic control which failed in UK Reflected map on Greenwich Median US Aviation software failed in Israel Encountered negative altitudes over Dead Sea

Safety critical systems Very high cost of failure Software component of a large system e.g. nuclear reactor Characteristics of software lead to failures Safety requirements Low probability of failure (risk analysis) Understood failure modes

Software Safety Safety vs. Reliability System hazard analysis High risk tasks Safety critical operator errors Design of Human-Machine Interface Safety Reliability

Security requirements Applications are run in a hostile world Application compromise vs. system compromise Example requirements Only authenticated users can change data Application can change security permissions or execute programs Malicious user cannot crash system with bad data Threat analysis

Security requirements for multiplayer games Cheating ruins game play (and consequently market) Threats Players introducing counterfeit weapons Sending packet of death across network Using profiling tools to detect areas of activity in dungeons

Threat modeling The STRIDE Threat Model Spoofing identity Tampering with data Repudiation Allow users to deny having performed actions Information disclosure Denial of service Elevation of privilege

Useful references Writing Secure Code, Michael Howard and David LeBlanc Good book, but strongly oriented towards Windows Safeware: System Safety and Computers, Nancy Leveson Defines the field of software safety

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.