Development a mathematical model for the software security testing first stage
DOI:
https://doi.org/10.15587/1729-4061.2021.233417Keywords:
software, security testing, graphic-analytical model, cyber threats, software safety, data protectionAbstract
This paper reports an analysis of the software (SW) safety testing techniques, as well as the models and methods for identifying vulnerabilities. An issue has been revealed related to the reasoned selection of modeling approaches at different stages of the software safety testing process and the identification of its vulnerabilities, which reduces the accuracy of the modeling results obtained. Two steps in the process of identifying software vulnerabilities have been identified. A mathematical model has been built for the process of preparing security testing, which differs from the known ones by a theoretically sound choice of the moment-generating functions when describing transitions from state to state. In addition, the mathematical model takes into consideration the capabilities and risks of the source code verification phase for cryptographic and other ways to protect data. These features generally improve the accuracy of modeling results and reduce input uncertainty in the second phase of software safety testing. An advanced security compliance algorithm has been developed, with a distinctive feature of the selection of laws and distribution parameters that describe individual state-to-state transitions for individual branches of Graphical Evaluation and Review Technique networks (GERT-networks). A GERT-network has been developed to prepare for security testing. A GERT-network for the process of checking the source code for cryptographic and other data protection methods has been developed. A graphic-analytical GERT model for the first phase of software safety testing has been developed. The expressions reported in this paper could be used to devise preliminary recommendations and possible ways to improve the effectiveness of software safety testing algorithms
References
- Felderer, M., Büchler, M., Johns, M., Brucker, A. D., Breu, R., Pretschner, A. (2016). Security Testing: A Survey. Advances in Computers. Elsevier Ltd., 1–51. doi: http://doi.org/10.1016/bs.adcom.2015.11.003
- Felderer, M., Agreiter, B., Zech, P., Breu, R. (2011). A classification for model-based security testing. Advances in System Testing and Validation Lifecycle (VALID 2011), 109–114.
- El Far, I. K., Whittaker, J. A.; Marciniak, J. J. (Ed.) (2002). Model based software testing. Encyclopedia of Software Engineering. Wiley. doi: http://doi.org/10.1002/0471028959.sof207
- Atoum, I., Otoom, A. (2017). A Classification Scheme for Cybersecurity Models. International Journal of Security and Its Applications, 11 (1), 109–120. doi: http://doi.org/10.14257/ijsia.2017.11.1.10
- Dalalana Bertoglio, D., Zorzo, A. F. (2017). Overview and open issues on penetration test. Journal of the Brazilian Computer Society, 23 (1). doi: http://doi.org/10.1186/s13173-017-0051-1
- Minaev, V. A., Korolev, I. D., Mazin, A. V., Konovalenko, S. A. (2018). Model of vulnerability identification in unstable network interactions with automated system. Radio Industry, 2, 48–57. doi: http://doi.org/10.21778/2413-9599-2018-2-48-57
- Kostadinov, D. (2016). Introduction: Intelligence Gathering & Its Relationship to the Penetration Testing Process. Available at: https://resources.infosecinstitute.com/penetration-testing-intelligence-gathering
- Adebiyi, A., Arreymbi, J., Imafidon, C. (2013). A Neural Network Based Security Tool for Analyzing Software. Technological Innovation for the Internet of Things. Portugal, 80–87. doi: http://doi.org/10.1007/978-3-642-37291-9_9
- Semenov, S., Sira, O., Kuchuk, N. (2018). Development of graphicanalytical models for the software security testing algorithm. Eastern-European Journal of Enterprise Technologies, 2(4 (92)), 39–46. doi: http://doi.org/10.15587/1729-4061.2018.127210
- Semenov, S. G., Gavrylenko, S. Y., Chelak, V. V. (2016). Developing parametrical criterion for registering abnormal behavior in computer and telecommunication systems on the basis of economic tests. Actual Problems of Economics, 4 (178), 451–459.
- Yan, D., Liu, F., Jia, K. (2019). Modeling an information-based advanced persistent threat attack on the internal network. ICC 2019-2019 IEEE International Conference on Communications (ICC). Shanghai: IEEE. doi: http://doi.org/10.1109/icc.2019.8761077
- Tian-Yang, G., Yin-Sheng, S., You-Yuan, F. (2010). Research on software security testing. World Academy of science, engineering and Technology. International Journal of Computer and Information Engineering, 4 (9), 1446–1450.
- Semenov, S. H., Sur, O. O. (2012). Matematychna model systemy kryptohrafichnoho zakhystu elektronnykh povidomlen na osnovi GERT-merezhi. Systemy upravlinnia, navihatsiyi ta zviazku, 1 (1 (21)), 131–137.
- Dybach, A. M., Nosovskiy, A. V. (2015). Otsenka veroyatnosti prevysheniya kriteriev bezopasnosti. Yaderna ta radіatsіyna bezpeka, 4, 9–13. Available at: http://nbuv.gov.ua/UJRN/ydpb_2015_4_4
- Ango, A. (1964). Matematika dlya elektro- i radioinzhenerov. Moscow: Nauka, 772.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2021 Сергей Геннадьевич Семенов, Zhang Liqiang, Cao Weiling, Вячеслав Вадимович Давыдов
This work is licensed under a Creative Commons Attribution 4.0 International License.
The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.
A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.