Technical report | Reliability Engineering for Service Oriented Architecture

Abstract

This paper reviews the state of the art in Software Reliability Engineering (SRE), and adapts these methods for use in Service Oriented Architecture (SOA). While some prior work has been done on using SRE for SOA, it is incomplete in terms of whole of development life cycle methodology. We outline how existing complete methodologies would translate to SOA and provide a surprisingly simple way of applying these methods to certify the use of legacy software in SOAs. This paper provides a proof of concept but further work needs to be done to elaborate these methodologies for application in SOA.

Executive Summary

This report looks at how Service Oriented Architecture (SOA) based systems differ from other types of Defence software systems and discusses the important issue of Software Reliability Engineering (SRE) for SOAs.

 SRE is needed to be able to procure and predictably deliver Defence software systems based on SOA that can be guaranteed to operate successfully (within specifications). This is necessary to ensure they can be relied on in battle.

 The report examines the current state of the art in Software Reliability Engineering and shows how aspects of existing work can be applied in the SOA context.

 In particular it shows how to use SRE to certify:

• ·          The core SOA infrastructure,
• ·         Services composed from other services,
• ·         Applications, and
• ·          Importantly, how to certify legacy systems for incorporation into SOA applications, SOA systems or systems of SOA systems.

 The report provides several recommendations for enabling SRE for SOA in Defence and also shows how Reliability Certification provides a clear and transparent method for acceptance or rejection of software deliverables by the Australian Defence Force.

 Key recommendations of the report are:

 Defence adopt automated testing for SOA based on black box specifications and usage models allowing for automatic test oracles and automated testing of new software components, software compositions and applications. Governance should ensure that such specifications and usage models are recorded for each entity in the software hierarchy. Such techniques have driven a ten fold reduction in the measured incidence of software defects for the US DoD.

• Defence SOA computing nodes should be able to operate in three modes: test, normal and war/high reliability, each having stricter reliability certi_cation requirements than the previous.
• Governance is crucial for a well functioning SOA environment and should include provenance for both software and data. This is essential for quarantining problems and for finding the root causes of problems.
• The software repository for the SOA environment should record for each component and software composition/application its current synthetically tested reliability estimate and field tested reliability measure so that decisions to include certain software in a system can be made in an informed manner.

 Software reliability certification; Reliability engineering; Software maintenance; Software evaluation; Service Oriented Architecture