Translate this page:
Please select your language to translate the article


You can just close the window to don't translate
Library
Your profile

Back to contents

Software systems and computational methods
Reference:

Mironov S.V., Kulikov G.V. Analysis of the potential methods for software testing without source code

Abstract: The article considers the prevailing contradictions between the nature of the vulnerabilities in source code, safety requirements limitations of regulatory and methodological basis of tests and software developers who do not provide the source code for testing purposes. Methods of software products analysis that do not require the source code of programs, are widely used abroad but in our country are not well known yet. The article investigates the question can such methods and means increase the effectiveness of certification testing of software. The authors determine the necessary changes in the regulations to open up the possibility of applying the methods of testing programs without source code in the certification tests. Methods used in the study: software engineering, analysis of complex systems, the theory of reliability of complex systems, the synthesis software, compiling software. The paper shows that the use of methods for testing without source code allows to find such common vulnerabilities in the software that can’t be effectively detected because of the regulatory restrictions for the presence of source code. The experience of certification tests on the absence of undeclared features and program bookmarks, as well as independent software testing allows to determine the priority areas for improvement of the regulatory, based on the application of the methods of testing software without source code.


Keywords:

evaluation of data protection, software security, detection of undeclared features, detection of software bookmarks, software testing, software certification, software vulnerability, identification of vulnerable programs, signature analysis, testing programs


This article can be downloaded freely in PDF format for reading. Download article


References
1. Golosovskii M.S. Model' zhiznennogo tsikla razrabotki programmnogo obespecheniya v ramkakh nauchno-issledovatel'skikh rabot//Avtomatizatsiya i sovremennye tekhnologii. 2014. ¹ 1. S. 43-46.
2. Markov A.S., Mironov S.V., Tsirlov V.L. Opyt testirovaniya setevykh skanerov uyazvimostei // Informatsionnoe protivodeistvie ugrozam terrorizma. 2005. ¹ 5. S. 109-122.
3. Nashchekin P.A., Nepomnyashchikh A.V., Sosnin Yu.V., Kulikov G.V. Kriterii i metody proverki vypolneniya trebovanii po zashchishchennosti avtomatizirovannoi sistemy pri izmenenii nastroek ili vydelennykh resursov sredstv zashchity informatsii // Voprosy zashchity informatsii. 2013. ¹ 4 (102). S. 50-53.
4. Zakonodatel'no-pravovoe i organizatsionno-tekhnicheskoe obespechenie informatsionnoi bezopasnosti AS i IVS / Pod red. I.V.Kotenko. SPb: VUS, 2000. 190 s.
5. Markov A.S., Mironov S.V., Tsirlov V.L. Vyyavlenie uyazvimostei programmnogo obespecheniya v protsesse sertifikatsii // Informatsionnoe protivodeistvie ugrozam terrorizma. 2006. ¹ 7. S. 177-186.
6. Bogomolov A.V., Chuikov D.S., Zaporozhskii Yu.A. Sredstva obespecheniya bezopasnosti informatsii v sovremennykh avtomatizirovannykh sistemakh//Informatsionnye tekhnologii. 2003. ¹ 1. S.2-8.
7. Nepomnyashchikh A.V., Kulikov G.V., Sosnin Yu.V., Nashchekin P.A. Metody otsenivaniya zashchishchennosti informatsii v avtomatizirovannykh sistemakh ot nesanktsionirovannogo dostupa // Voprosy zashchity informatsii. 2014. ¹ 1 (104). S. 3-12.
8. Rukovodyashchii dokument Gostekhkomissii Rossii «Zashchita ot nesanktsionirovannogo dostupa k informatsii. Chast' 1. Programmnoe obespechenie sredstv zashchity informatsii. Klassifikatsiya po urovnyu kontrolya otsutstviya nedeklarirovannykh vozmozhnostei» 1999. 122 s.
9. Fedorov M.V., Kalinin K.M., Bogomolov A.V., Stetsyuk A.N. Matematicheskaya model' avtomatizirovannogo kontrolya vypolneniya meropriyatii v organakh voennogo upravleniya // Informatsionno-izmeritel'nye i upravlyayushchie sistemy. 2011. T. 9. ¹ 5. S. 46-54.
10. Sosnin Yu.V., Kulikov G.V., Nepomnyashchikh A.V. Kompleks matematicheskikh modelei optimizatsii konfiguratsii sredstv zashchity informatsii ot nesanktsionirovannogo dostupa // Programmnye sistemy i vychislitel'nye metody. 2015. ¹ 1. S. 32-44.
11. Markov A.S., Mironov S.V., Tsirlov V.L.. Vyyavlenie uyazvimostei v programmnom kode // Otkrytye sistemy, ¹12, 2005. S.64-69.
12. Markov A.S., Mironov S.V., Tsirlov V.L. Razrabotka politiki bezopasnosti organizatsii v svete noveishei normativnoi bazy // Zashchita informatsii. Konfident. 2004. ¹ 2. S. 20.
13. Khovard M., LeBlank D., Viera D. 19 smertnykh grekhov, ugrozhayushchikh bezopasnosti programm: kak nedopustit' tipichnykh oshibok. M.: Izdatel'skii Dom «DMK-press», 2006. 442 s.
14. Maiers G. Iskusstvo testirovaniya programm. M.: Finansy i statistika, 1982. 162 s.
15. Lakutin A. Autsorsing testirovaniya programmnogo obespecheniya. M.: KIS, 2002. 412 s.
16. Golosovskii M.S. Informatsionno-logicheskaya model' protsessa razrabotki programmnogo obespecheniya // Programmnye sistemy i vychislitel'nye metody. 2015. ¹ 1. S. 59-68.
17. Standard for Software Unit Testing. ANSI/IEEE Std 1008-1987. 31 r.
18. Kotlyarov V.P., Kolikova T.V. Osnovy testirovaniya programmnogo obespecheniya. M.: Internet-universitet informatsionnykh tekhnologii, 2006. 285 s.
19. Kozlov V.E., Bogomolov A.V., Rudakov S.V., Olenchenko V.T. Matematicheskoe obespechenie obrabotki reitingovoi informatsii v zadachakh ekspertnogo otsenivaniya//Mir izmerenii. 2012. ¹ 9. S. 42-49.
20. Kukushkin Yu.A., Bogomolov A.V., Ushakov I.B. Matematicheskoe obespechenie otsenivaniya sostoyaniya material'nykh sistem//Informatsionnye tekhnologii. 2004. Prilozhenie k ¹ 7. 24 s.
21. Beizer B. Testirovanie chernogo yashchika: tekhnologii funktsional'nogo testirovaniya programmnogo obespecheniya sistem. SPb.: Piter, 2004. 236 s