Certification and identification of possible threats to information security of software and firmware

E.G. Komarov, V. Lozovetsky, V. V. Lebedev, A.V. Archipenko
{"title":"Certification and identification of possible threats to information security of software and firmware","authors":"E.G. Komarov, V. Lozovetsky, V. V. Lebedev, A.V. Archipenko","doi":"10.18698/2542-1468-2022-5-145-157","DOIUrl":null,"url":null,"abstract":"A number of methods, methods and tools are proposed for certification of software and firmware in information systems in order to select approaches and tools for working in non-standard situations in a constantly changing regulatory and methodological framework and possible threats to their information security. The type of certification under consideration is limited to methods and techniques for analyzing vulnerabilities and undeclared capabilities. This type of certification is intended for software research. Not all possible aspects related to this type of certification have been considered, however, the novelty and advantages of the approaches are based on some original approaches in cases where it is not clear how to present sets of input data for testing. Approaches to certification tests are presented using tools of our own design, which allows you to identify the main parameters necessary for assembling software and its research, and to parse software written in various programming languages. Based on the program of testing and verification of the object of assessment in accordance with the requirements of information security under a certain level of control, methods for conducting certification studies are proposed, the advantages of approaches using the available and proposed tools are shown. To save on the purchase of tools, some well-known, free and freely distributed tools, as well as effective and inexpensive software products, are proposed for use in tests.","PeriodicalId":12343,"journal":{"name":"Forestry Bulletin","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Forestry Bulletin","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.18698/2542-1468-2022-5-145-157","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

A number of methods, methods and tools are proposed for certification of software and firmware in information systems in order to select approaches and tools for working in non-standard situations in a constantly changing regulatory and methodological framework and possible threats to their information security. The type of certification under consideration is limited to methods and techniques for analyzing vulnerabilities and undeclared capabilities. This type of certification is intended for software research. Not all possible aspects related to this type of certification have been considered, however, the novelty and advantages of the approaches are based on some original approaches in cases where it is not clear how to present sets of input data for testing. Approaches to certification tests are presented using tools of our own design, which allows you to identify the main parameters necessary for assembling software and its research, and to parse software written in various programming languages. Based on the program of testing and verification of the object of assessment in accordance with the requirements of information security under a certain level of control, methods for conducting certification studies are proposed, the advantages of approaches using the available and proposed tools are shown. To save on the purchase of tools, some well-known, free and freely distributed tools, as well as effective and inexpensive software products, are proposed for use in tests.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
认证和识别可能对信息安全构成威胁的软件和固件
为了在不断变化的监管和方法框架以及可能对其信息安全构成威胁的非标准情况下选择工作的方法和工具,建议了许多方法、方法和工具来认证信息系统中的软件和固件。所考虑的认证类型仅限于分析漏洞和未声明功能的方法和技术。这种类型的认证是针对软件研究的。并非与此类认证相关的所有可能方面都被考虑过,然而,在不清楚如何呈现用于测试的输入数据集的情况下,这些方法的新颖性和优点是基于一些原始方法。使用我们自己设计的工具来介绍认证测试的方法,这些工具允许您确定组装软件及其研究所需的主要参数,并解析用各种编程语言编写的软件。根据在一定控制水平下的信息安全要求对评估对象进行测试和验证的方案,提出了进行认证研究的方法,并展示了使用现有和建议的工具的方法的优势。为了节省购买工具的费用,建议在测试中使用一些知名的、免费的和免费分发的工具,以及有效的和廉价的软件产品。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Structural features of forest phytocoenosis formed on rock plants after a fire Renewal of Pinus brutia var. pityusa (Steven) Silba in reserved territories of Mountain Crimea Evolutionary nonlinear chemistry of self-organizing mesophase (liquid crystal) structures of wood: from morphogenesis to regulation of carbon formation (review) Results of RB-55 chopping complex production inspection Influence of ash-leaved maple (Acer negundo L.) on scots pine natural renewal in Barnaul ribbon pine forest
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1