GENERALIZED RISK ASSESSMENT PROCEDURE FOR SOFTWARE TESTING OF LEGALLY REGULATED MEASURING INSTRUMENTS-Reference-Cited by-同舟云学术

GENERALIZED RISK ASSESSMENT PROCEDURE FOR SOFTWARE TESTING OF LEGALLY REGULATED MEASURING INSTRUMENTS

Published:2023 Issue:3 Volume:84 Page:47-52
ISSN:0368-6418
Container-title:Measuring Equipment and Metrology
language:
Short-container-title:MEM

Author:

Gaman Valentyn^ORCID, ,Kursin Serhii^ORCID,Velychko Oleh^ORCID, ,

Abstract

The legal metrology covers measuring instruments (MI), the measurement results of which are used in calculations for consumed energy resources, in the fields of information protection, security, environmental protection, etc. Most modern MIs use microcontrollers or are controlled by computers. The software (SW) of such MIs provides an opportunity not only to automate the processes of measurement and calculation of results but also to ensure long-term storage and data transfer. The manufacturer is responsible for investigating and assessing all possible risks related to the MI SW. The task of the conformity assessment body is to assess the conformity of MIs adequately in general and software, in particular, to the established requirements based on the analysis of risk classes. Standards for information security risk management, information technology security assessment, and information technology security assessment criteria consider only general issues of software security and risk assessment without taking into account the scope of its application. The existing regulatory documents on software risk management were considered. Modern methods of assessing the risks of the MI SW were studied. To assess the risks of software of legally regulated MIs, a general classification of threats and vulnerabilities of MI SW was made. For choosing threats that affect functionality, only those that affect metrological characteristics during measurement are taken into account. Possible manifestations of the impact of threats on stored data can be their distortion or destruction, and transmissions of data can be data distortion during transmission or data loss due to a break in the telecommunications connection. A proposed simplified risk assessment methodology for assessing the compliance of MI SW without statistical data on the probabilities of threats and the amount of harm from the implementation of threats is presented. Risk is defined as the probability of harm due to a certain vulnerability, taking into account the conditional amount of harm.

Publisher

Lviv Polytechnic National University

Subject

Industrial and Manufacturing Engineering,Metals and Alloys,Strategy and Management,Mechanical Engineering

Reference15 articles.

1. [1] Technical regulation of measuring equipment. Resolution of the Cabinet of Ministers of Ukraine, 24.02.2016, № 163. - Available at: https://zakon.rada.gov.ua/laws/show/163- 2016-%D0%BF#Text.

2. [2] Technical regulation of legally regulated measuring equipment. Resolution of the Cabinet of Ministers of Ukraine, 13.01.2016, № 94. - Available at: https://zakon.rada. gov.ua/laws/show/94-2016-%D0%BF#Text.

3. [3] WELMEC 7.2:2021. Issue 9. Software Guide (Measuring Instruments Directive 2014/32/EU1). - WELMEC, 2021. - 148 с. https://www.welmec.org/welmec/documents/ guides/7.2/2021/WELMEC_Guide_7.2_v2021.pdf.

4. [4] Directive 2014/32/EU of 26 February 2014 on the harmonization of the laws of the Member States relating to the making available on the market of measuring instruments (recast). - Available at: https://eur-lex.europa.eu/eli/dir/2014/32/oj. [5] ISO/IEC 27005:2022, "Information technology - Security techniques - Information security risk management", ISO, 2022.

5. [6] ISO/IEC 18045:2008, "Common Methodology for Information Technology Security Evaluation", ISO, 2008.