Modeling a Program with Vulnerabilities in the Terms of Its Representations Evolution. Part 2. Analytical Model and Experiment

Abstract

The investigation results of the creating programs process and the resulting vulnerabilities are presented. In the second part of the articles series, a program life cycle generalized analytical model of the based on its representations is proposed, taking into account the direct and reverse transformation methods. Also, the model reflects the occurrence and detection of vulnerabilities and their classification. A particularly model is synthesized from it, reflecting the current state of the program representations evolution, and on the basis of which a number of fundamental statements were derived, written in an analytical form. To base the performance of models in reflecting vulnerabilities terms, the following two experiments are carried out: retrospective-factual, comparing real-life vulnerabilities with a particularly model; and practical demonstration the evolution of vulnerability in representations in the process of the simplest program evolution. As a result of the second experiment, the increase in coverage by the vulnerability of representations in the development process is clearly shown.