ANALYSIS AND COMPARATIVE RESEARCHES OF METHODS FOR IMPROVING THE SOFTWARE

Main Article Content

Mykhailo Mozhaiev
http://orcid.org/0000-0003-1566-9260
Viacheslav Davydov
http://orcid.org/0000-0002-2976-8422
Zhang Liqiang
http://orcid.org/0000-0003-1278-2209

Abstract

The results analysis of main methods for identifying software vulnerabilities presents in the article. The results of authors’ research, synthesizing and regulating knowledge about systems for detecting software vulnerabilities, are presented. The software analysis methods used during certification tests are considered. It is shown that the methods and techniques existing for software security analysis use do not ensure the result accuracy under fuzzy input data conditions. This drawback is aggravated by strict requirements for the test scenarios implementation speed. This is largely due to the fact that experts, in order to a decision make, have to conflicting information large amounts analyzed. Consequently, it is necessary to develop a system for identifying vulnerabilities, the main task of which will be to the conflicting information amount minimize used by an expert when making a decision. The most promising direction the existing identifying vulnerabilities systems efficiency increasing is seen in reducing the burden on an expert by methods for identifying vulnerabilities and implementing a decision support system improving. This will significantly reduce the time spent on a decision making on software security, and, as a result, will the software security testing procedure accessible to a developer’s wide range make more.

Article Details

Section
Methods of information systems protection
Author Biographies

Mykhailo Mozhaiev, Hon. Prof. M.S. Bokarius Kharkiv Research Institute of Forensic Examinations, Kharkiv

Candidate of Technical Sciences, Head of Department of Computer Engineering, Telecommunications, Video- and Audio-recording Research

Viacheslav Davydov, National Technical University "Kharkiv Polytechnic Institute", Kharkiv

Candidate of Technical Sciences, Associate Professor of Computer Engineering and Programming Department

Zhang Liqiang, Neijiang Normal University, Neijiang

teacher, College of Computer Science

References

Kazarin, O. V. (2003), Security of computer systems software, MGUL, Moscow, 212 p.

Podshivalov, G.K., Ternovskov, V.B., Demidov, L.N. and Tarasov B.A. (2016), “Economic security in the face of uncertainty”, Economics: yesterday, today, tomorrow, No. 2, pp. 242-257.

Savin, R. (2007), Testing Dot Com or A Manual on Bug Abuse in Internet Startups, Delo, Moscow, 312 p.

Tikhanychev, O. V. (2018), Theory and practice of decision support automation, Editus, Moscow, 76 p.

Yuzvovich, L.I. and Yudina, E.A. (2014), “An integrated approach to the study of the essence, principles and methods of financial planning at enterprises in the economic system”, Fundamental research, No. 9, pp. 1596-1601.

(2020), CWE List Version 4.1, available at: https://cwe.mitre.org/data/.

Gavrylenko, S., Chelak, V., Hornostal, O. and Vassilev, V. (2020), “Development of a method for identifying the state of a computer system using fuzzy cluster analysis”, Advanced Information Systems, Vol. 4, No. 2, pp. 8-11, DOI: https://doi.org/10.20998/2522-9052.2020.2.02.

Imtiaz, N., Murphy, B. and Williams L. (2019), “How Do Developers Act on Static Analysis Alerts? An Empirical Study of Coverity Usage”, 2019 IEEE 30th International Symposium on Software Reliability Engineering (ISSRE), Berlin, Germany, pp. 323-333, DOI: https://doi.org/10.1109/ISSRE.2019.00040.

Ishizaka, Alessio and Philippe, Nemery (2013), Multi-criteria Decision Analysis: Methods and Software, SAP Labs – China, Shanghai, PRC 2013, 310 p.

(2020), ISO/IEC 27034-1:2011 Information technology – Security techniques – Application security, available at: https://www.iso.org/standard/44378.html.

(2020), ISO/IEC 15408-1:2009 Information technology — Security techniques — Evaluation criteria for IT security, available at: https://www.iso.org/standard/50341.html.

(2020), New ISA/IEC 62443 standard specifies security capabilities for control system components, available at: https://www.isa.org/intech/201810standards/.

O’Connell, and James, L.M. (2013), “SzalmaRoc-Estimator Software and Roc Analysis”, Proceedings the Human Factors and Ergonomics Society Annual Meeting, Vol. 57 is. 1, pp. 1432-1434.

Sanjab, Anibal and Walid, Saad (2016), “On bounded rationality in cyber-physical systems security: Game-theoretic analysis with application to smart grid protection”, Computer Science, Mathematics, 2016 Joint Workshop on Cyber-Physical Security and Resilience in Smart Grids (CPSR-SG), Vienna, 2016, pp. 1-6, DOI: https://doi.org/10.1109/CPSRSG.2016.7684101.

(2020), OWASP Proactive Controls, available at: https://owasp.org/www-project-proactive-controls/.

Semenova, Z.V., Danilova, O.T. and Kovshar, I.R. (2019), “The analysis of security of a stack of technologies for development of web-resources”, Dynamics of systems, mechanisms and machines, Vol. 7, No. 4, pp. 98-105.

Sinha, S.M. (2006), Mathematical Programming. Theory and Methods. Elsevier Science, 572 p.

Zhang, Yuchen and Liu, Jing (2019), “Optimal Decision-Making Approach for Cyber Security Defense Using Game Theory and Intelligent Learning”, Security and Communication Networks Volume, Article ID 3038586, 16 p., DOI: https://doi.org/10.1155/2019/3038586.