This Article 
 Bibliographic References 
 Add to: 
Architectural-Level Risk Analysis Using UML
October 2003 (vol. 29 no. 10)
pp. 946-960

Abstract—Risk assessment is an essential part in managing software development. Performing risk assessment during the early development phases enhances resource allocation decisions. In order to improve the software development process and the quality of software products, we need to be able to build risk analysis models based on data that can be collected early in the development process. These models will help identify the high-risk components and connectors of the product architecture, so that remedial actions may be taken in order to control and optimize the development process and improve the quality of the product. In this paper, we present a risk assessment methodology which can be used in the early phases of the software life cycle. We use the Unified Modeling Language (UML) and commercial modeling environment Rational Rose Real Time (RoseRT) to obtain UML model statistics. First, for each component and connector in software architecture, a dynamic heuristic risk factor is obtained and severity is assessed based on hazard analysis. Then, a Markov model is constructed to obtain scenarios risk factors. The risk factors of use cases and the overall system risk factor are estimated using the scenarios risk factors. Within our methodology, we also identify critical components and connectors that would require careful analysis, design, implementation, and more testing effort. The risk assessment methodology is applied on a pacemaker case study.

[1] H. Ammar, T. Nikzadeh, and J. Dugan, “A Methodology for Risk Assessment of Functional Specification of Software Systems Using Coherent Petri Nets,” Proc. Fourth Int'l Software Metrics Symp., Metrics '97, pp. 108-117, Nov. 1997.
[2] J.M. Bieman and B.K. Kang, Cohesion and Reuse in an Object-Oriented System Proc. ACM Symp. Software Reusability (SSR '94), pp. 259-262, 1994.
[3] J. Bowles, “The New SEA FMECA Standard,” Proc. 1998 Ann. Reliability and Maintainability Symp., pp. 48-53, Jan. 1998.
[4] L. Briand, P. Devanbu, and W. Melo, An Investigation into Coupling Measures for C++ Proc. Int'l Conf. Software Eng. (ICSE '97), pp. 412-421, 1997.
[5] R.C. Cheung, A User-Oriented Software Reliability Model IEEE Trans. Software Eng., vol. 6, no. 2, pp. 118-125, 1980.
[6] S.R. Chidamber and C.F. Kemerer, "A Metrics Suite for Object Oriented Design," IEEE Trans. Software Eng., vol. 20, no. 6, pp. 476-493, 1994.
[7] S.R. Chidamber and C.F. Kemerer, Towards a Metrics Suite for Object-Oriented Design Proc. Conf. Object-Oriented Programming: Systems, Languages and Applications (OOPSLA '91), SIGPLAN Notices, vol. 26, no. 11, pp. 197-211, 1991.
[8] B. Douglass, Real-Time UML: Developing Efficient Objects for Embedded Systems. Addison-Wesley, 1998.
[9] K. El Emam and W. Melo, The Prediction of Faulty Classes Using Object-Oriented Design Metrics Technical Report NRC 43609, Nat'l Research Council Canada, Inst. for Information Tech nology, 1999.
[10] K. El Emam, S. Benlarbi, N. Goel, and S. Rai, Comparing Case-Based Reasoning Classifiers for Predicting High Risk Software Components J. Systems and Software, vol. 55, pp. 301-320, 2001.
[11] N. Fenton and N. Ohlsson, Quantitative Analysis of Faults and Failures in a Complex Software System IEEE Trans. Software Eng., vol. 26, no. 8, pp. 797-814, Aug. 2000.
[12] K. Goseva-Popstojanova and K.S. Trivedi, Architecture Based Approach to Reliability Assessment of Software Systems Performance Evaluation, vol. 45, nos. 2-3, pp. 179-204, June 2001.
[13] W. Harrison, Using Software Metrics to Allocate Testing Resources J. Management Information Systems, vol. 4, no. 4, pp. 93-105, 1988.
[14] A. Hassan, W. Abdelmoez, R. Elnaggar, and H. Ammar, An Approach to Measure the Quality of Software Designs from UML Specifications Proc. Fifth World Multi-Conf. Systems, Cybernetics and Informatics, vol. 4, pp. 559-564, July 2001.
[15] D. Heimann, “Using Complexity Tracking in Software Development,” Proc. 1995 Ann. Reliability and Maintainability Symp., pp. 433-437, 1995.
[16] M. Hitz and B. Montazeri, Measuring Coupling and Cohesion in Object-Oriented Systems Proc. Int'l Symp. Applied Corporate Computing, pp. 78-84, Oct. 1995.
[17] T. Khoshgoftaar and J. Munson, Predicting Software Development Errors Using Software Complexity Metrics Proc. Software Reliability and Testing, pp. 20-28, 1995.
[18] T. Khoshgoftaar, J. Munson, and D. Lanning, “Dynamic System Complexity,” Proc. Int'l Software Metrics Symp., Metrics '93, pp. 129-140, May 1993.
[19] T. Khoshgoftaar, E. Allen, K. Kalaichelvan, and N. Goel, The Impact of Software Evolution and Reuse on Software Quality Empirical Software Eng., vol. 1, pp. 31-44, 1996.
[20] T. Khoshgoftaar, E. Allen, W. Jones, and J. Hudepohl, “Classification Tree Models of Software Quality Over Multiple Releases,” Proc. Int'l Symp. Software Reliability Eng., pp. 116-125, 1999.
[21] J. Musa, G. Fuoco, N. Irving, D. Kropfl, and B. Juhlin, The Operational Profile Handbook of Software Reliability Eng., M. Lyu, ed., pp. 167-216, 1996.
[22] T. McCabe, A Complexity Metrics IEEE Trans. Software Eng., vol. 2, no. 4, pp. 308-320, Dec. 1976.
[23] J. Munson and T. Khoshgoftaar, Sotware Metrics for Reliability Assessment Handbook of Software Reliability Eng., M. Lyu, ed., pp. 493-529, 1996.
[24] NASA Safety Manual NPG 8715.3, Jan. 2000.
[25] Rational Rose Real-Time, , 2003.
[26] J. Rumbaugh, I. Jacobson, and G. Booch, The Unified Modeling Language Reference Manual. Addison-Wesley, 1999.
[27] NASA Technical Std. NASA-STD-8719.13A, Software Safety, 1997.
[28] C. Sundararajan, Guide to Reliability Engineering, Data, Analysis, Applications, Implementation, and Management. New York: Van Nostrand Reinhold, 1991.
[29] K.S. Trivedi, Probability and Statistics with Reliability, Queuing and Computer Science Applications, second ed. John Wiley&Sons, 2002.
[30] T. Wang, A. Hassan, A. Guedem, W. Abdelmoez, K. Goseva-Popstojanova, and H. Ammar, Architectural Level Risk Assessment Tool Based on UML Specification Proc. Int'l Conf. Software Eng. (ICSE 2003), pp. 808-809, May 2003.
[31] S. Yacoub and H. Ammar, A Methodology for Architectural-Level Reliability Risk Analysis IEEE Trans. Software Eng, vol. 28, no. 6, pp. 529-547, June 2002.
[32] S. Yacoub, H. Ammar, and T. Robinson, “Dynamic Metrics for Object Oriented Designs,” Proc. Sixth Int'l Symp. Software Metrics, Metrics '99, pp. 50-61, Nov. 1999.
[33] S. Yacoub, T. Robinson, and H. Ammar, A Matrix-Based Approach to Measure Coupling in Object-Oriented Designs J. Object Oriented Programming, vol. 13, no. 7, pp. 8-19, Nov. 2000.

Index Terms:
Risk assessment, UML specification, software architecture, dynamic complexity, dynamic coupling, severity of failure, Markov model.
Katerina Goseva-Popstojanova, Ahmed Hassan, Ajith Guedem, Walid Abdelmoez, Diaa Eldin M. Nassar, Hany Ammar, Ali Mili, "Architectural-Level Risk Analysis Using UML," IEEE Transactions on Software Engineering, vol. 29, no. 10, pp. 946-960, Oct. 2003, doi:10.1109/TSE.2003.1237174
Usage of this product signifies your acceptance of the Terms of Use.