600.436 High-Assurance
Systems
Fall 01/System Security Realization
58
Stepwise Refinement (2)
¨Great In Theory, BUT…
–Few people are able to establish and
maintain separation among abstract representations
–Most project managers are too impatient
to tolerate
a design process that doesn’t result in immediate production of executable
code
–“The devil is in the details…”
•Creating a less abstract representation
almost always forces changes to the more abstract representation
•The notation used for each abstract
representation can introduce arbitrary restrictions and dependencies that aren’t
strictly part of the refinement process