600.436 High-Assurance Systems
Fall 01/System Security Realization
58
Stepwise Refinement (2)
¨Great In Theory, BUT…
–Few people are able to establish and maintain separation among abstract representations
–Most project managers are too impatient to tolerate a design process that doesn’t result in immediate production of executable code
–“The devil is in the details…”
•Creating a less abstract representation almost always forces changes to the more abstract representation
•The notation used for each abstract representation can introduce arbitrary restrictions and dependencies that aren’t strictly part of the refinement process