EXPERIMENTAL METHODOLOGY FOR ASSESSING THE SECURITY OF INTERNAL AFFAIRS BODIES AUTOMATED SYSTEMS SOFTWARE

Abstract

Read online

The purpose of the article is to develop a methodology for conducting a computational experiment to assess the security of software in the dynamics of its operation in internal affairs bodies (ATS) automated systems (AS). The technique allows to identify vulnerabilities that are relevant in the process of software operation and explore the stages of their operation, determine the time characteristics of current vulnerabilities, taking into account the time of their identification and elimination. To achieve this goal, the methods of graph theory and automated static testing of software code based on the use of the SonarQube SAST analyzer were used. As a result of applying the methodology, quantitative values of the initial data necessary for calculating the security indicators of the software used at the ATS informatization facilities in real time were obtained. The following indicators of security for ATS are considered: the level of criticality of vulnerabilities in software, the software readiness factor for safe operation in relation to vulnerabilities, the interval indicator of software security violations and the indicator of temporary software security. Conducting an accurate quantitative assessment of these indicators for various software versions based on the developed software package will allow to choose the optimal (most secure) version for operation at ATS informatization facilities.

Keywords

• current vulnerabilities in software, vulnerability detection time, vulnerability elimination time, time characteristics of vulnerability exploitation, computational experiment, sonarqube sast analyzer.