Надежность и качество сложных систем (Jun 2023)
TESTING THE DYNAMIC EXECUTION OF PYTHON PROGRAM CODE DURING THE CERTIFICATION TESTING (DEVELOPMENT) STAGE IN THE CERTIFICATION SYSTEM OF THE MINISTRY OF DEFENSE OF RUSSIA
Abstract
Background. In many cases, software products subject to verification in the mandatory certification system of the Russian Ministry of Defense are developed using the interpreted Python programming language. When checking applications developed in the Python language for compliance of their code with the requirements of the governing document "Protection against unauthorized access to information. Part 1. Information security software. Classification according to the level of control of the absence of undeclared capabilities" (State Technical Commission of Russia, Moscow, 1999) 1, hereinafter – RD NDV, along with static analysis, a dynamic analysis should be carried out (for control levels of RD NDV 3 and 2). Materials and methods. At the same time, at present, the certification system of the Russian Ministry of Defense lacks certified tools and recommended methods and algorithms that can be used to test the dynamic execution of the Python code of programs at the stage of certification tests. A promising approach in the study of undeclared capabilities of the Python code of applications during dynamic testing is a method based on the use of statistics generated by the built-in profiler of the Python interpreter. Results and conclusions. The article describes in detail the sequence of actions for generating, using statistical data obtained through the Python profiling system, reporting, the analysis of which allows drawing reasonable conclusions on the compliance / non-compliance of the studied application code developed in the Python programming language with the requirements of the RD NDV, in terms of dynamic analysis.
Keywords
