RESEARCH OF THE SOFTWARE SECURITY MODEL AND REQUIREMENTS

Main Article Content

Serhii Semenov
Viacheslav Davydov
Daryna Hrebeniuk

Abstract

The subject of research in the article is a software security model. The aim of the work is to research the quality characteristics of the software and requirements for the software security in order to improve their safety. The article solves the following tasks: researching the shortcomings of the existing security model in order to identify its main shortcomings; study of the quality characteristics of software that affect its security in order to identify the possibility of improving the quality of software. The following results were obtained: on the basis of the analysis of the existing model of software security, the main features of the attributes of this model were identified, their advantages and disadvantages were given. On the basis of the conducted analytical study, the necessity of improving the existing model of ensuring the security of software has been proved. Existing requirements for software and characteristics that affect its quality are considered. The characteristics of software security are highlighted, the indicators of which should be improved. Conclusions: a software security model has been studied. The need to develop this model is shown by introducing the possibility of adapting the existing requirements for the security of software tools throughout the entire life cycle of software development; the study of the quality characteristics of software showed that to ensure its security, it is necessary to improve the following characteristics: integrity, authentication, confidentiality, access control. However, it was shown that an increase in these characteristics can lead to a deterioration in other indicators of software quality: portability, maintainability, performance.

Article Details

Section
Information systems research
Author Biographies

Serhii Semenov, National Technical University «Kharkiv Polytechnic Institute», Kharkiv

Doctor of Technical Sciences, Professor, Head of Computer Engineering and Programming Department

Viacheslav Davydov, National Technical University «Kharkiv Polytechnic Institute», Kharkiv

Candidate of Technical Sciences, Associate Professor of Computer Engineering and Programming Department

Daryna Hrebeniuk, National Technical University «Kharkiv Polytechnic Institute», Kharkiv

graduate student of Computer Engineering and Programming Department

References

Klimchak, M. (2018), "PwC Global Economic Crime and Fraud Survey 2018: Ukrainian findings", PWC Ukraine, available at: https://www.pwc.com/ua/uk/survey/2018/pwc-gecs-2018-ukr.pdf.

Krul, S. (2008), "Crimes in the Sphere of informative Technologies: the national and international Aspects", Actual problems of improving of current legislation of Ukraine, Vol. 20, pp. 200-204, available at: http://nbuv.gov.ua/UJRN/apvchzu_2008_20_32.

Krasnyansky, B. (2011), "PwC World Review of Economic Crimes", PWC Ukraine, available at: https://www.pwc.com/ua/uk/press-room/assets/gecs_ukraine_ua.pdf.

Roger A. Grimes (2017), Hacking the Hacker: Learn from the Experts Who Take Down Hackers, Chapter: Software Vulnerabilities, DOI: https://doi.org/10.1002/9781119396260.ch6.

Robert H. Sloan, Richard Warner (2019), Why Don't We Defend Better?, Chapter 6: Software Vulnerabilities, available at: https://www.taylorfrancis.com/chapters/software-vulnerabilities-robert-sloan-richard-warner/10.1201/9781351127301-2.

M. Aldea, D. Gheorghică and V. Croitoru (2020), "Software Vulnerabilities Integrated Management System", 2020 13th International Conference on Communications (COMM), Bucharest, Romania, pp. 97-102, DOI: https://doi.org/10.1109/COMM48946.2020.9141970.

Kovalenko, А. and Kuchuk H. (2018), “Methods for synthesis of informational and technical structures of critical application object’s control system”, Advanced Information Systems, Vol. 2, No. 1, pp. 22–27, DOI: https://doi.org/10.20998/2522-9052.2018.1.04

Ruban, I., Kuchuk, H. and Kovalenko A. (2017), “Redistribution of base stations load in mobile communication networks”, Innovative technologies and scientific solutions for industries, No 1 (1), P. 75–81, doi : https://doi.org/10.30837/2522-9818.2017.1.075.

Mozhaev, O., Kuchuk H., Kuchuk, N., Mozhaev, M. and Lohvynenko M. (2017), “Multiservise network security metric”, IEEE Advanced information and communication technologies-2017, Proc. of the 2th Int. Conf, Lviv, pp. 133-136, DOI: https://doi.org/10.1109/AIACT.2017.8020083

Law of Ukraine “On Copyright and Related Rights” (1993), available at: https://zakon.rada.gov.ua/laws/show/3792-12?lang=en#Text.

(2018), ISO/IEC/IEEE 29148 Systems and software engineering — Life cycle processes — Requirements engineering, available at: https://www.iso.org/ru/standard/72089.html.

(2001), ISO/IEC 9126-1 Software engineering — Product quality — Part 1: Quality model, available at: https://www.iso.org/ru/standard/22749.html.

(2017), ISO/IEC/IEEE 12207 Systems and software engineering — Software life cycle processes, available at: https://www.iso.org/ru/standard/63712.html.

(2015), ISO/IEC 25024 Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — Measurement of data quality, available at: https://www.iso.org/ru/standard/35749.html.

(2011), ISO/IEC 25010 Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — System and software quality models, available at: https://www.iso.org/ru/standard/35733.html.

(2008), ISO/IEC 25012 Software engineering — Software product Quality Requirements and Evaluation (SQuaRE) — Data quality model, available at: https://www.iso.org/ru/standard/35736.html.