CS 501: Software Engineering

Cs 501 software engineering l.jpg
1 / 43
0
0
909 days ago, 324 views
PowerPoint PPT Presentation
Organization. ProjectsFour weeks to the end of the semester.Leave time for framework testing and to roll out little improvements found when the complete framework is assembled.Better to convey a restricted first stage done well than a more full framework that is deficient, untested, or without documentation..

Presentation Transcript

Slide 1

CS 501: Software Engineering Lecture 20 Reliability 2

Slide 2

Administration Projects Four weeks to the finish of the semester. Leave time for framework testing and to roll out little improvements found when the total framework is amassed. Better to convey a constrained first stage done well than a more full framework that is deficient, untested, or without documentation.

Slide 3

Quiz 3: Sports hardware online An organization that makes sports gear chooses to make a framework for offering sports gear on the web. The organization as of now has an item database with particular, showcasing data, and costs of the hardware that it fabricates. To offer hardware online the organization should make: a client database , and a requesting framework for online clients. The arrangement is to build up the framework in two stages. Amid Phase 1, straightforward adaptations of the client database and requesting framework will be brought into creation. In Phase 2, noteworthy upgrades will be made to these parts.

Slide 4

Quiz 3 Q1 (a) For the framework engineering of Phase 1: i Draw an UML arrangement graph. DeptServer Product DB PersonalComp Ordering framework WebBrowser Customer DB

Slide 5

Quiz 3 Q1 Product DB (a) For the framework engineering of Phase 1: i Draw an UML interface outline. Requesting framework WebBrowser Customer DB

Slide 6

Quiz 3 Q1 (b) For Phase 1: i What building style would you use for the client database? Vault with Storage Access Layer ii Why might you pick this style? It permits the DB to be supplanted without changing the applications that utilization the DB.

Slide 7

Quiz 3 Q1 (b) For Phase 1: iii Draw an UML graph for this building style demonstrating its utilization in this application. Client DB Input parts Storage Access Ordering System discretionary Data Store

Slide 8

Quiz 3 Q2 Carefully plan amid Phase 1 will help the resulting improvement of new segments in Phase 2. (a) For the interface between the requesting framework and the client database: i Select a plan example that will permit a slow move from Phase 1 to Phase 2. Connect configuration design (b) Draw an UML class graph that shows how this plan example will be utilized as a part of Phase 1. On the off chance that your chart depends on unique classes, legacy, appointment or comparable properties make sure this is sure about your outline. [See next two slides]

Slide 9

Quiz 3 Q2 Abstract class Abstract classes are superclasses which contain theoretical strategies and are characterized with the end goal that solid subclasses broaden them by executing the techniques. Prior to a class got from a theoretical class can get to be distinctly concrete, i.e. a class that can be instantiated, it must actualize specific techniques for all the conceptual strategies for its parent classes. The inadequate elements of a unique class are shared by a gathering of subclasses which include diverse varieties of the missing pieces. Wikipedia 4/2/08

Slide 10

Quiz 3 Q2 Ordering System Client OrderingAbstraction DBImplementor RefinedOrderingAbstraction ConcreteDBImplementorA ConcreteDBImplementorB

Slide 11

Quiz 3 Q2 (c) How does this outline design bolster: i Enhancements to the requesting framework in Phase 2? By subclassing OrderingAbstraction ii A conceivable substitution of the client database in Phase 2? By permitting a few ConcreteBDImplementor classes

Slide 12

Static Validation & Verification Carried out all through the product improvement handle. Approval & confirmation Requirements detail Program Design REVIEWS

Slide 13

Reviews: Design and Code Concept Colleagues audit each other's work: can be connected to any phase of programming advancement can be formal or casual Design and code surveys are a basic piece of good programming improvement

Slide 14

Review Team (Full Version) A survey is an organized meeting, with the accompanying individuals Moderator - guarantees that the meeting pushes forward consistently Scribe - records exchange in a helpful way Developer - person(s) whose work is being evaluated Interested gatherings - individuals above and underneath in the product procedure Outside specialists - educated individuals who are not chipping away at this venture Client - agents of the customer who are proficient about this piece of the procedure

Slide 15

Example: Program Design Moderator Scribe Developer - the plan group Interested gatherings - individuals who made the framework outline and additionally necessities determination, and the developers who will actualize the framework Outside specialists - learned individuals who are not dealing with this venture Client - just if the customer has a solid specialized delegate In a little group, an individual may have a few parts

Slide 16

Static and Dynamic Verification Static check: Techniques of check that do exclude execution of the product. • May be manual or utilize PC devices. Dynamic confirmation: • Testing the product with trial information. • Debugging to expel blunders.

Slide 17

Static Verification: Program Inspections Formal program audits whose goal is to distinguish flaws • Code might be perused or checked on line by line. • 150 to 250 lines of code in 2 hour meeting. • Use agenda of regular mistakes. • Requires group responsibility, e.g., prepared pioneers So compelling that it is asserted that it can supplant unit testing

Slide 18

Inspection Checklist: Common Errors Data shortcomings: Initialization, constants, cluster limits, character strings Control issues: Conditions, circle end, compound explanations, case proclamations Input/yield blames: All information sources utilized; all yields doled out an esteem Interface issues: Parameter numbers, sorts, and request; structures and shared memory Storage administration issues: Modification of connections, portion and de-assignment of memory Exceptions: Possible mistakes, blunder handlers

Slide 19

Static Analysis Tools Program analyzers examine the wellspring of a program for conceivable flaws and inconsistencies (e.g., Lint for C programs). • Control stream: circles with various exit or section focuses • Data utilize: Undeclared or uninitialized factors, unused factors, different assignments, exhibit limits • Interface deficiencies: Parameter bungles, non-utilization of capacities results, uncalled systems • Storage administration: Unassigned pointers, pointer math

Slide 20

Static Analysis Tools (proceeded with) Static examination instruments • Cross-reference table: Shows each utilization of a variable, technique, question, and so forth • Information stream investigation: Identifies input factors on which a yield depends. • Path investigation: Identifies every single conceivable way through the program.

Slide 21

Security in the Software Development Process The security objective The security objective is to ensure that the operators (individuals or outside frameworks) who connect with a PC framework, its information, and its assets, are those that the proprietor of the framework would wish to have such associations. Security contemplations should be a piece of the whole programming improvement handle. They may majorly affect the engineering picked. Case. Mix of Internet Explorer into Windows

Slide 22

Agents and Components A vast framework will have numerous specialists and segments: • each is possibly questionable and shaky • segments obtained from outsiders may have obscure security issues • commercial off-the-rack (COTS) issue The product advancement challenge: • create secure and solid segments • shield entire framework from security issues in parts of it

Slide 23

Techniques: Barriers Place hindrances that different parts of an intricate framework: • Isolate segments, e.g., don't interface a PC to a system • Firewalls • Require confirmation to get to specific frameworks or parts of frameworks Every boundary forces confinements on allowed employments of the framework Barriers are best when the framework can be isolated into subsystems with straightforward limits

Slide 24

Techniques: Authentication & Authorization Authentication e stablishes the personality of an operator: • What the specialist knows (e.g., secret key) • What the specialist have (e.g., savvy card) • Where does the operator have admittance to (e.g., crt-alt-del) • What are the physical properties of the specialist (e.g., unique mark) Authorization sets up what a validated specialist may do: • Access control records • Group enrollment

Slide 25

User Roles Example: An Access Model for Digital Content Actions Digital material Access Operations Attributes Policies

Slide 26

Techniques: Encryption Allows information to be put away and transmitted safely, notwithstanding when the bits are seen by unapproved operators • Private key and open key • Digital marks Encryption Y X Decryption X Y

Slide 27

Security and People are inherently unreliable: • Careless (e.g, depart PCs signed on, utilize basic passwords, leave passwords where others can read them) • Dishonest (e.g., taking from budgetary frameworks) • Malicious (e.g., foreswearing of administration assault) Many security issues originate from inside the association: • In a substantial association, there will be some disappointed and untrustworthy workers • Security depends on put stock in people. Imagine a scenario where they are untrustworthy.

Slide 28

Design for Security: People • Make it simple for dependable individuals to utilize the framework • Make it hard for untrustworthy or thoughtless individuals (e.g., secret word administration) • Train individuals in mindful conduct • Test the security of the framework • Do not conceal infringement

Slide 29

Suggested Reading Trust in Cyberspace , Committee on Information Systems Trustworthiness, National Research Council (1999) http://www.nap.edu/readingroom/books/trust/Fred Schneider, Cornell Computer Science, was the seat of this review.

SPONSORS