ANALYSIS AND COMPARATIVE RESEARCH OF THE MAIN APPROACHES TO THE MATHEMATICAL FORMALIZATION OF THE PENETRATION TESTING PROCESS
DOI:
https://doi.org/10.26906/SUNZ.2021.2.070Keywords:
information security, vulnerable software, security testing, penetrationAbstract
In dynamic models, threats (vulnerabilities) can be viewed as a flow of temporary events. If the intervals of realized cyber threats are recorded, then a continuous log-list of events related to software security can be formed. In some cases and models, only the number of realized cyber threats for an arbitrary time interval can be recorded. In this case, the software response to threats can be represented only at discrete points. In static models, the implementation of cyber threats is not related to time, but the dependence of the number of errors or the number of implemented test cases (models by error area) on the characteristics of the input data (models by data area) is taken into account. The article analyzes the methods of mathematical formalization of the software penetration testing process. This software testing method is one of many approaches to testing the security of computer systems. The article substantiates the importance of the processes of preliminary prototyping and mathematical formalization. The classification is carried out and the advantages and disadvantages of the main approaches of mathematical modeling are highlighted. The list and main characteristics of dynamic and static models are presented. One of the negative factors of formalization is indicated - the neglect of the factors of a priori uncertainty in the safety parameters in static models.Downloads
References
Adetunji Adebiyi A Neural Network Based Security Tool for Analyzing Software // Adetunji Adebiyi, Johnnes Arreymbi, Chris Imafidon / Technological Innovation for the Internet of Things 4th IFIP WG 5.5/SOCOLNET Doctoral Conference on Computing, Electrical and Industrial Systems, DoCEIS 2013, Costa de Caparica, Portugal, April 15-17, 2013. Proceedings
Daniel Dalalana Bertoglio Overview and open issues on penetration test // Daniel Dalalana Bertoglio, Avelino Francisco Zorzo / Journal of the Brazilian Computer Society (2017) 23:2 DOI 10.1186/s13173-017-0051-1
Kostadinov Dimitar Introduction: Intelligence Gathering & Its Relationship to the Penetration Testing Process [Electronic resource]. URL: https://resources.infosecinstitute.com/penetration-testing-intelligence-gathering
Mukhin, V., Kuchuk, N., Kosenko, N., Kuchuk, H. and Kosenko, V. Decomposition Method for Synthesizing the Computer System Architecture , Advances in Intelligent Systems and Computing, AISC, vol. 938, pp 289-300, DOI: https://doi.org/10.1007/978-3-030-16621-2_27
Markov A.S. Models for evaluating and planning software tests for safety requirements information // Bulletin of MSTU im. N.E. Bauman. Ser. "Instrument Engineering", 2011. Special issue "Technical means and systems of information protec- tion ". S. 90-103.
Model-based Testing with SpecExplorer [Electronic resource]. URL:https://www.microsoft.com/en-us/research/project/model-based-testing-with-specexplorer/
Nickerson С. and other. The Penetration Testing Execution Standard / Chris Nickerson, Dave Kennedy,Chris John Riley, Eric Smith, Iftach Ian Amit, Andrew Rabie, Stefan Friedli, Justin Searle, BrandonKnight, Chris Gates, Joe McCray, Carlos Perez,John Strand, Steve Tornio, Nick Percoco, DaveShackelford, Val Smith, Robin Wood, Wim Remes,Rick Hayes. 30.04.2012 [Electronic resource]. URL: http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines
Sanchez, M.A. Computer Science and Engineering—Theory and Applications / Sanchez, M.A., Aguilar, L., Castañón-Puga, M., Rodríguez Díaz, A. 2018. – 101 р.
Semenov, S., Sira, O., Kuchuk, N. Development of graphicanalytical models for the software security testing algorithm / Eastern-European Journal of Enterprise Technologies, Vol 2, No 4 (92), pp. 39-46, DOI: https://doi.org/10.15587/1729-4061.2018.127210
Study A Penetration Testing Model / Germany, Bonn. 111 р. [Electronic resource]. – URL: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/Penetration/penetration_pdf.pdf?__blob=publ icationFile
