Page 29 -
P. 29
14 HEVNER, LINGER, PLESZKOCH, PROWELL, AND WALTON
Figure 2.2 A System-of-Systems User Flow
Gas purchase flow:
Customer
Credit
database
Land Land
Gas telecom Satellite telecom Credit card
pump telecom company
System 1 System 2 System 3 System 4 System 5
certain ways. The specific sequence of service invocations used at runtime is the flow instance.
Flow structures constrain the potential sequencing of services, but typically do not determine
a particular sequence.
We can express an overall information system design as a set of flow structures, where each
flow represents some end-to-end user capability along with its quality requirements. Each flow is
then further expressed as a sequence of service invocations in some order. For example, in Figure
2.2 we see a user flow for a gasoline purchase transaction that invokes computation and com-
munication services of many different components through the roundtrip trace from a gas pump
via a satellite communication system to a customer database and back again. This flow provides a
framework for discussing the function and quality requirements of all participating systems, and
provides insights into system dependencies and design risks.
Qualities
System requirements impose demands on reliability, performance, availability, responsiveness,
security, survivability, and many other quality attributes. Because of the dynamic nature of network-
centric systems, an a priori static estimate of these qualities may not be sufficient. These quality
attributes must be defined as functions whose values can be measured in near-real-time in order
to make decisions about the mapping of flows onto the available services. In FSQ engineering we
require that such attributes be characterized in such a way that they can be computed and used in
decision making as dynamic characteristics of system operation. We wish to define these char-
acteristics as functions to be computed rather than simply as capabilities to be achieved. Such a
function is a computational quality attribute (CQA). Each CQA is a mathematical function mapping
current usage information, status of required services, and network environmental information to an
attribute value that represents the current relevant measure of quality. This approach supports the
description of any set of quality attributes and any models for describing each attribute, provided
each model yields a representative numerical value for the quality attribute.
As an example, the prior user flow for a gas transaction in Figure 2.2 may implement surviv-
ability as a CQA. The status of relevant system services such as transmission site bandwidth
and satellite position, along with any detected intrusion activities, would be used to produce a
completely specified flow containing decision logic based on outcomes (desired or undesired) of
service invocations in order to maintain survivability for critical flows where possible (Mead et
al., 2000).
