Modeling a Program with Vulnerabilities in the Terms of Its Representations Evolution. Part 1. Life Cycle Scheme-Reference-Cited by-同舟云学术

Modeling a Program with Vulnerabilities in the Terms of Its Representations Evolution. Part 1. Life Cycle Scheme

Published:2023-03-13 Issue:1 Volume:9 Page:75-93
ISSN:2712-8830
Container-title:Proceedings of Telecommunication Universities
language:
Short-container-title:jour

Author:

Izrailov K.¹^ORCID

Affiliation:

1. Saint-Petersburg Federal Research Center of the Russian Academy of Sciences

Abstract

The investigation results of the creating programs process and the resulting vulnerabilities are presented. The first part of the articles series offers a life cycle graphical scheme of the representations (namely, the following: Idea, Conceptual model, Architecture, 2D block diagram, Function diagram, Flowchart, Structogram, Pseudo-code, Classical code, Generation metacode, Script code, Assembly code, Abstract Syntax Tree, Machine Code, Bytecode) through which any sample program passes. The main properties of such representations are indicated - the purpose, form and content, obtaining and restoring representations methods, as well as possible vulnerabilities and ways to detect them. A vulnerabilities nested classification is introduced, consisting of their division according to the structural level in the program, the change in the content of the functionality and the impact on the information being processed.

Publisher

Bonch-Bruevich State University of Telecommunications

Reference40 articles.

1. Blagodarenko A.V. Development of a Method, Algorithms and Programs for Automatic Search for Software Vulnerabilities in the Absence of Source Code. PhD Thesis. Taganrog: Southern Federal University Publ.; 2011. 140 p. (in Russ.)

2. Markov A.S., Fadin A.A. System of vulnerabilities and security defects of software resources. Zaŝita informacii. Inside. 2013;3(51):56‒61. (in Russ.)

3. Baev R.V., Skvortsov L.V., Kudriashov E.A., Buchatskii R.A., Zhuikov R.A. Prevention of vulnerabilities arising from optimization of code with undefined behavior. Trudy ISP RAN/Proc. ISP RAS. 2021;4(33):195‒210 (in Russ.)

4. Buinevich M.V., Izrailov K.E. Anthropomorphic approach to describing the interaction of vulnerabilities in program code. Part 1. Types of interactions. Zaŝita informacii. Inside. 2019;5(89):78‒85. (in Russ.)

5. Buinevich M.V., Izrailov K.E. Anthropomorphic approach to describing the interaction of vulnerabilities in program code. Part 2. Vulnerability metric. Zaŝita informacii. Inside. 2019;6(90):61‒65. (in Russ.)

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Methodology for Machine Code Reverse Engineering. Part 1. Preparation of the Research Object;Proceedings of Telecommunication Universities;2023-11-14

2. Survey of existing methods for detecting source code duplicates;National Security and Strategic Planning;2023-09-04

3. Modeling a Program with Vulnerabilities in the Terms of Its Representations Evolution. Part 2. Analytical Model and Experiment;Proceedings of Telecommunication Universities;2023-05-30