A methodology for architectural-level risk assessment using dynamic metrics

Abstract

Risk assessment is an essential process of every software risk management plan. Several risk assessment techniques are based on the subjective judgement of domain experts. Subjective risk assessment techniques are human-intensive and error-prone. Risk assessment should be based on product attributes that we can quantitatively measure using product metrics. This paper presents a methodology for risk assessment at the early stages of the development lifecycle, namely the architecture level. We describe a heuristic risk assessment methodology that is based on dynamic metrics obtained from UML specifications. The methodology uses dynamic complexity and dynamic coupling metrics to define complexity factors for the architecture elements (components and connectors). Severity analysis is performed using FMEA (failure mode and effect analysis), as applied to architecture simulation models. We combine severity and complexity factors to develop heuristic risk factors for the architecture components and connectors. Based on component dependency graphs that were developed earlier for reliability analysis, and using analysis scenarios, we develop a risk assessment model and a risk analysis algorithm that aggregates the risk factors of components and connectors to the architectural level. We show how to analyze the overall risk factor of the architecture as the function of the risk factors of its constituting components and connectors. A case study of a pacemaker is used to illustrate the application of the methodology.