A methodology for architecture-level reliability risk analysis

Risk assessment is an essential process of every software risk management plan, Several risk assessment techniques are based on the subjective judgement of domain experts. Subjective risk assessment techniques are human intensive and error-prone. Risk assessment should be based on product attributes that we can quantitatively measure using product metrics. This paper presents a methodology for reliability risk assessment at the early stages of the development lifecycle, namely, the architecture level. We describe a heuristic risk assessment methodology that is based on dynamic metrics. The methodology uses dynamic complexity and dynamic coupling metrics to define complexity factors for the architecture elements (components and connectors). Severity analysis is performed using Failure Mode and Effect Analysis (FMEA) as applied to architecture models. We combine severity and complexity factors to develop heuristic risk factors for the architecture components and connectors. Based on analysis scenarios, we develop a risk assessment model that represents components, connectors, component risk factors, connector risk factors, and probabilities of component interactions. We also develop a risk analysis algorithm that aggregates risk factors of components and connectors to the architectural level. Using the risk aggregation and the risk analysis model, we show how to analyze the overall risk factor of the architecture as the function of the risk factors of its constituting components and connectors. A case study of a pacemaker architecture is used to illustrate the application of the methodology. The methodology is used to identify critical components and connectors and to investigate the sensitivity of the architecture risk factor to changes in the heuristic risk factors of the architecture elements.