D.3.3 ALGORITHMS FOR INCREMENTAL ... - SecureChange

Recommendations

Info

18 F. Massacci and L.M.S. Tran When propagated upward, depend on the kinds of predecessor nodes and the kinds of connections among nodes, suitable operation (join or concat) will be applied. join is used to generate the DAT of a compound node where the semantic is that all child node are chosen. Whereas, concat is used to generate the DAT of a goal node or observable node where the semantic is the selection of one among its successor. 8 M “ map〈x,i,pi 〉 i)” DAT(g ∀〈g i ,x,p i 〉∈E >< M DAT(c DAT (x) ← i ) ∀〈c i ,x,1〉∈E O DAT(x i ) >: ∀〈x i ,x,p i 〉∈E x is an observable node, x is a goal node. x is a compound node. (9) where map 〈x,i,pi 〉 DAT(x) = [ j {〈S j , p i · mb j , 1 − p i · rr j , 〈x, i〉 ‖T j 〉}. The operator ‘‖’ denotes the string concatenation operation e.g., a‖ {b, c} = {ab, ac}. We assume that there are only one top goal in the goal model. Even though it is not the case in practice, we are always able to introduce a new phantom root goal which is AND-decomposed to all existing top goals. This trick ensures that there is only one root DAT generated. Once the DAT of root node is generated, it is used to calculate the max belief and residual risk of an arbitrary configuration C. To this end, given an evolutionary goal model eGM with root node is x 0 , the following formulae calculate the max belief and residual risk of a configuration C. where MaxB(C) = max mb i ∀〈S i ,mb i ,rr i ,T i 〉∈SDA(C) X (10) RRisk(C) = 1 − rr i ∀〈S i ,mb i ,rr i ,T i 〉∈SDA(C) ∀ 〈S i , mb i , rr i , T i 〉 ∈ DAT(x 0 ).C ⊇ S i ∧∄ 〈·, ·, ·, T i 〉 ∈ SDA(C) ⇒ 〈S i , mb i , rr i , T i 〉 ∈ SDA(C) Notice that two or more tuples in an DAT which have a same T i determine that they are design alternatives fulfilling a same observable evolution possibility. Thus, when calculating residual risk, only one of them is taken into account. Algo. 1 presents the algorithm that generates DATs for every node in a given evolutionary hypergraph. The algorithm comprise two procedures, generateDAT and initializeDAT. The later (line 23–34) initializes DATs for every nodes in accordance to Formula 5. This procedure also initializes two data structures, REACH and Q. The later holds list of ready-to-process nodes which have their successors DATs properly generated, whereas the former holds the number of unprocessed child nodes of an arbitrary node. In other words, REACH[x] is 0 if and only if x is ready to process. Initially, all leaf nodes are enqueued as they are ready to process. The former procedure, generateDAT, generates DATs of non-leaf nodes by synthesizing successors’ DATs. The basic idea of the procedure is as follows. First,
Dealing with Known Unknowns: A Goal-based Approach 19 Algorithm 1. Generating DATs for an evolutionary graph. 1 procedure generateDAT(G: EvolutionaryHyperGraph) 2 begin 3 initializeDAT(G); 4 while Q ≠ ∅ do 5 n ←dequeue(Q); 6 i ←0; 7 if (REACH[n] = 0) {check whether node is ready, but not visited} 8 REACH[n] ←−1; {mark node visited} 9 for each 〈 x, n, p 〉 ∈G do {incoming edges of n} 10 i ←i + 1; {i th incoming edges of n} 11 if n is an observable node then 12 DAT[n] ←concat(n, DAT[n], map(〈 x, i, p 〉, DAT[x])); 13 else if n is a goal node then 14 DAT[n] ←concat(n, DAT[n], DAT[x]); 15 else 16 DAT[n] ←join(n, DAT[n], DAT[x]); 17 for each 〈 n, y, p 〉 ∈G do {outgoing edges of n} 18 REACH[y] ←REACH[y] − 1; 19 if REACH[y] = 0 then 20 enqueue(Q, y); 21 end 22 23 procedure initializeDAT(G: EvolutionaryHyperGraph) 24 begin 25 makeQempty(); 26 for each x: Node ∈G do 27 if x is leaf then 28 DAT[x] ←{〈{x} , 1, 0, ∅〉}; 29 REACH[x] ←0; 30 enqueue(Q, x); 31 else 32 DAT[x] ←∅ ; 33 REACH[x] ←|x in|; {number of incoming edges} 34 end it initializes necessary data structures, REACH, DAT and Q (line 3). The while loop at line 4 to line 20 processes all ready nodes of queue Q. For each dequeued node n of queue Q, the for loop at line 9–16 calculates DAT(n) in accordance to Formula 9. The for loop at line 17–20 counts down the number of unprocessed children of n’s parent nodes by 1 (as n has been processed). If any parent of n is ready (line 19), it is push to queue Q (line 20) for later processing. Since DATs are maintained at each graph node, if there is any change in the model, the corresponding DATs are then updated. Changes in DATs are propagated to parent node with minimal re-calculation. Algo. 2 describes the algorithm propagating change at an arbitrary node.
Page 1 and 2:
D.3.3 ALGORITHMS FOR INCREMENTAL RE
Page 3 and 4:
1.14 19 January Final 1.15 23 Janua
Page 5 and 6:
Index DOCUMENT INFORMATION 1 DOCUME
Page 7 and 8:
1 Introduction This deliverable pre
Page 9 and 10:
(Clause 6.4.3) processes of ISO/IEC
Page 11 and 12:
3 Orchestrating Requirements and Ri
Page 13 and 14:
grey. The ADS-B introduction requir
Page 15 and 16:
The security risk manager identifie
Page 17 and 18:
are supported by the argumentation
Page 19 and 20:
ADS-B Manage ADS-B signal ADS-B sig
Page 21 and 22:
the stagnation suite (i.e. obsolete
Page 23 and 24:
5 A framework for modeling and reas
Page 25 and 26:
sectors. And there is 42% of probab
Page 27 and 28:
SDA(C) = {DA 2 , DA 4 , DA 8 , DA 1
Page 29 and 30:
application contexts is saved if th
Page 31 and 32:
Figure 14. ATM model state after qu
Page 33 and 34:
References [1] Yudis Asnar, Fabio M
Page 35 and 36:
Managing Changes with Legacy Securi
Page 37 and 38:
Failure in the provisioning of corr
Page 39 and 40:
propagated to the system designer a
Page 41 and 42:
APPENDIX B D.3.3 Algorithms for Inc
Page 43 and 44:
is sometimes difficult, especially
Page 45 and 46:
Tactical Monitor air R controller t
Page 47 and 48:
protected from harm. Since in CORAS
Page 49 and 50:
CModel. The postcondtion checks the
Page 51 and 52: of ADS-B signal and Availability of
Page 53 and 54: extensions to i* to model and analy
Page 55 and 56: 3. Bzivin, J., Dup, G., Jouault, F.
Page 57 and 58: APPENDIX C D.3.3 Algorithms for Inc
Page 59 and 60: steps. Section V demonstrates the R
Page 61 and 62: that should be mitigated by the sys
Page 63 and 64: CPU value PINconfirmed(PIN, card-de
Page 65 and 66: TABLE IV PRIORITIZATION OF RISKS FO
Page 67 and 68: context. We believe that the Common
Page 69 and 70: Managing Evolution by Orchestrating
Page 71 and 72: 1.1 The Contribution of this Paper
Page 73 and 74: Fig. 3. Integrated Change Managemen
Page 75 and 76: The requirement analysis is an iter
Page 77 and 78: Table 1. Conceptual Interface Requi
Page 79 and 80: Legend: Goals surrounded by dashed
Page 81 and 82: Table 5. Test Suite for GP-2.2 Tran
Page 83 and 84: 6. P. K. Chittimalli and M. J. Harr
Page 85 and 86: Noname manuscript No. (will be inse
Page 87 and 88: Dealing with Known Unknowns: A Goal
Page 101: Dealing with Known Unknowns: A Goal
Page 113 and 114: Understanding How to Manage Require
Page 115 and 116: Chatzoglou et al. [4] conducted a s
Page 117 and 118: Evolution Elicitation Probability E
Page 119 and 120: Table 2. Participants Background Pa
Page 121 and 122: for the defined success criteria. O
Page 123 and 124: Fig. 3. Codes Coverage ATM systems,
Page 125 and 126: The feedbacks provided by the ATM e
Page 127 and 128: 3. P. Carlshamre, K. Sandahl, M. Li
Page 129 and 130: Quick fix generation for DSMLs Ábe
Page 131 and 132: • extensibility: the supported li
Page 133 and 134: Fig. 7. Overview of the Quick fix g
Page 135 and 136: Fig. 9. Evaluation results (|V(M I
show all

D.3.3 ALGORITHMS FOR INCREMENTAL ... - SecureChange

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?