Affiliation:
1. Saint-Petersburg Federal Research Center of the Russian Academy of Sciences
Abstract
The investigation results of the creating programs process and the resulting vulnerabilities are presented. The first part of the articles series offers a life cycle graphical scheme of the representations (namely, the following: Idea, Conceptual model, Architecture, 2D block diagram, Function diagram, Flowchart, Structogram, Pseudo-code, Classical code, Generation metacode, Script code, Assembly code, Abstract Syntax Tree, Machine Code, Bytecode) through which any sample program passes. The main properties of such representations are indicated - the purpose, form and content, obtaining and restoring representations methods, as well as possible vulnerabilities and ways to detect them. A vulnerabilities nested classification is introduced, consisting of their division according to the structural level in the program, the change in the content of the functionality and the impact on the information being processed.
Publisher
Bonch-Bruevich State University of Telecommunications
Reference40 articles.
1. Blagodarenko A.V. Development of a Method, Algorithms and Programs for Automatic Search for Software Vulnerabilities in the Absence of Source Code. PhD Thesis. Taganrog: Southern Federal University Publ.; 2011. 140 p. (in Russ.)
2. Markov A.S., Fadin A.A. System of vulnerabilities and security defects of software resources. Zaŝita informacii. Inside. 2013;3(51):56‒61. (in Russ.)
3. Baev R.V., Skvortsov L.V., Kudriashov E.A., Buchatskii R.A., Zhuikov R.A. Prevention of vulnerabilities arising from optimization of code with undefined behavior. Trudy ISP RAN/Proc. ISP RAS. 2021;4(33):195‒210 (in Russ.)
4. Buinevich M.V., Izrailov K.E. Anthropomorphic approach to describing the interaction of vulnerabilities in program code. Part 1. Types of interactions. Zaŝita informacii. Inside. 2019;5(89):78‒85. (in Russ.)
5. Buinevich M.V., Izrailov K.E. Anthropomorphic approach to describing the interaction of vulnerabilities in program code. Part 2. Vulnerability metric. Zaŝita informacii. Inside. 2019;6(90):61‒65. (in Russ.)
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献