Development of graphic-­analytical models for the software security testing algorithm

Abstract

An analysis of one of the main types of software testing, namely security testing has been made. It was established that there are a number of specific features associated with the possibility of negative manipulation with software products. A graphic-analytical model of the algorithm of testing software security was developed. The model based on the theory of semi-Markov processes provides an adequate structural description of the actual testing process. However, accuracy of this model essentially depends on accuracy of reproduction of densities of distribution of duration of the system residence in each of the possible states. An alternative model that uses the method of probability-time graphs is less demanding. For its implementation, it is sufficient to know the mean values of duration of residence in each of the states and the probability of transitions from one state to another. Correlations were obtained for calculating statistical characteristics and density of distribution of the mean time of execution of the software security testing algorithm. The model can be used to study basic stages of software security testing. Application of this model will reduce software vulnerability and improve security of the IT project as a whole. Also, the model is applicable when developing new methods, algorithms, and procedures for managing the IT projects.

Визначено, що існує ряд специфічних особливостей, пов'язаних з можливістю негативних маніпуляцій програмним продуктом. Розроблено графоаналітичну модель алгоритму тестування безпеки програмного забезпечення. Отримано співвідношення для розрахунку статистичних характеристик випадкового часу виконання даного алгоритму. Модель можна використовувати для дослідження етапів тестування безпеки програмного забезпечення. Застосування моделі дозволить знизити уразливість IT-проекту в цілому.