Conflicting Requirements – Interesting Solution

Software architect’s job is interesting because often there are requirements that are conflicting with one another. As a software architect one has to come up with a solution that caters to both the requirements. And it is mostly a compromise that works. To give an example in the software world, People install an antivirus to safeguard the computer. Every user installing such a software has 2 requirements

  • The software shall protect the user from all the malicious (ok most of the malicious) software in the world in real-time.
  • The software shall not slow down the machine for regular use.

This looks to be a simple requirements from user perspective. Actually this translates to something like this “When a program is started, the antivirus should find out that it’s not malicious as soon as possible (under a second)”. But to do a complete check it will take lot more time. If you choose one over the other the product will fail. A software architect often takes inspiration from other real world situations. So in this case it is similar to an airport security check. There the goal is

  • Make sure all the passengers are safe and are carrying only safe stuff.
  • Board the passengers as soon as possible.

The same dilemma exists here too. If the check is extensive the boarding time will increase. If the check is not extensive passengers might take some dangerous stuff into the flight. How did they solve it? did they optimize for one and discarded the other goal? No the airport designers came up with an interesting solution.

  • Put all the things to be checked inside your handbag and send for a x-ray check.
  • Then walk through metal detector.
    • If there is nothing detected then you just collect the bag and walk to your boarding gate.
    • If a metal is detected then the security personnel will do an extensive check.

This way the security is not compromised and at the same time the whole process is fast enough. Now coming back to our software example, how does an antivirus software achieve both requirements? Here is how (I am not a security architect, I am only writing this for an example)

  • Check the software whether it is safe
    • See if it is digitally signed
    • If the user has white listed
    • The program didn’t originate from internet
  • If any of the above condition is met then let it run
  • If not then take the program for an extensive check

This way a trusted program starts very fast while a suspicious program will take time. And as always nothing works for all the 100% use cases. You can read up an instance when this method failed. There is a lot from the real world scenarios and solutions.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s