面向中高级漏洞搜索的程序代码统一表示语言:范式的基本规定

M. Buinevich, K. Izrailov, V. Pokussov
{"title":"面向中高级漏洞搜索的程序代码统一表示语言:范式的基本规定","authors":"M. Buinevich, K. Izrailov, V. Pokussov","doi":"10.21681/2311-3456-2021-6-78-89","DOIUrl":null,"url":null,"abstract":"Purpose of the study: increasing the efficiency of an expert in searching for medium-level (in algorithms) and high-level (in architecture) vulnerabilities in the program code due to the innovative paradigm of the language for its presentation. Method: consists in the analysis of relevant works on the subject of approaches, methods and notations for representing algorithms and software architecture with highlighting the strengths and weaknesses of solutions, synthesizing the paradigm for the presentation of the program code and qualitatively assessing the effectiveness of each of the provisions of the paradigm (by contradiction method); efficiency is understood as a combination of its three indicators: the number of type I and II errors, the search time and the cognitive stress of the expert. The results obtained: description of the idea and 7 main provisions of the paradigm of the pseudocode language for a unified description of algorithms and architecture with the maximum necessary and minimum sufficient degree of formalization; the main practical significance of the representations of the program code obtained in this way is their intended use for analysis by an information security expert for the presence of medium and high-level vulnerabilities; also, for each position, their qualitative influence on the performance indicators of vulnerability search by an expert was established.","PeriodicalId":422818,"journal":{"name":"Voprosy kiberbezopasnosti","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Language of the Program Code Uniform Presentation for Searching Medium and High-Level Vulnerabilities: the Basic Provisions of Paradigm\",\"authors\":\"M. Buinevich, K. Izrailov, V. Pokussov\",\"doi\":\"10.21681/2311-3456-2021-6-78-89\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Purpose of the study: increasing the efficiency of an expert in searching for medium-level (in algorithms) and high-level (in architecture) vulnerabilities in the program code due to the innovative paradigm of the language for its presentation. Method: consists in the analysis of relevant works on the subject of approaches, methods and notations for representing algorithms and software architecture with highlighting the strengths and weaknesses of solutions, synthesizing the paradigm for the presentation of the program code and qualitatively assessing the effectiveness of each of the provisions of the paradigm (by contradiction method); efficiency is understood as a combination of its three indicators: the number of type I and II errors, the search time and the cognitive stress of the expert. The results obtained: description of the idea and 7 main provisions of the paradigm of the pseudocode language for a unified description of algorithms and architecture with the maximum necessary and minimum sufficient degree of formalization; the main practical significance of the representations of the program code obtained in this way is their intended use for analysis by an information security expert for the presence of medium and high-level vulnerabilities; also, for each position, their qualitative influence on the performance indicators of vulnerability search by an expert was established.\",\"PeriodicalId\":422818,\"journal\":{\"name\":\"Voprosy kiberbezopasnosti\",\"volume\":\"17 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Voprosy kiberbezopasnosti\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.21681/2311-3456-2021-6-78-89\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Voprosy kiberbezopasnosti","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.21681/2311-3456-2021-6-78-89","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

研究的目的:提高专家在程序代码中搜索中级(算法)和高级(架构)漏洞的效率,这是由于该语言在其表示方面的创新范式。方法:包括分析有关表示算法和软件架构的方法、方法和符号的相关作品,突出解决方案的优点和缺点,综合表示程序代码的范例,并定性地评估范例中每个条款的有效性(通过矛盾法);效率被理解为它的三个指标的组合:第一类和第二类错误的数量,搜索时间和专家的认知压力。得到的结果是:描述了伪代码语言的思想和范式的7个主要规定,实现了对算法和体系结构的统一描述,具有最大必要和最小充分的形式化程度;以这种方式获得的程序代码表示的主要实际意义是,信息安全专家可以将其用于分析中、高级漏洞的存在;此外,对于每个职位,建立了其对专家脆弱性搜索绩效指标的定性影响。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Language of the Program Code Uniform Presentation for Searching Medium and High-Level Vulnerabilities: the Basic Provisions of Paradigm
Purpose of the study: increasing the efficiency of an expert in searching for medium-level (in algorithms) and high-level (in architecture) vulnerabilities in the program code due to the innovative paradigm of the language for its presentation. Method: consists in the analysis of relevant works on the subject of approaches, methods and notations for representing algorithms and software architecture with highlighting the strengths and weaknesses of solutions, synthesizing the paradigm for the presentation of the program code and qualitatively assessing the effectiveness of each of the provisions of the paradigm (by contradiction method); efficiency is understood as a combination of its three indicators: the number of type I and II errors, the search time and the cognitive stress of the expert. The results obtained: description of the idea and 7 main provisions of the paradigm of the pseudocode language for a unified description of algorithms and architecture with the maximum necessary and minimum sufficient degree of formalization; the main practical significance of the representations of the program code obtained in this way is their intended use for analysis by an information security expert for the presence of medium and high-level vulnerabilities; also, for each position, their qualitative influence on the performance indicators of vulnerability search by an expert was established.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Model for Building Competencies of a Computer Crime Investigator ASSESSMENT AND PREDICTION OF THE COMPLEX OBJECTS STATE: APPLICATIOIN FOR INFORMATION SECURITY Cellular Automata and Their Generalizations in Cryptography. Part 1 A METHOD OF PARAMETRIC SYNTHESIS OF CRYPTO-CODE STRUCTURES FOR MONITORING AND RESTORING THE INTEGRITY OF INFORMATION Application of Methods of Theory of Fuzzy Sets to Assess the Risk of Violations of Critical Properties Protected Resources Automated Control System
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1