Language of the Program Code Uniform Presentation for Searching Medium and High-Level Vulnerabilities: the Basic Provisions of Paradigm

M. Buinevich, K. Izrailov, V. Pokussov
{"title":"Language of the Program Code Uniform Presentation for Searching Medium and High-Level Vulnerabilities: the Basic Provisions of Paradigm","authors":"M. Buinevich, K. Izrailov, V. Pokussov","doi":"10.21681/2311-3456-2021-6-78-89","DOIUrl":null,"url":null,"abstract":"Purpose of the study: increasing the efficiency of an expert in searching for medium-level (in algorithms) and high-level (in architecture) vulnerabilities in the program code due to the innovative paradigm of the language for its presentation. Method: consists in the analysis of relevant works on the subject of approaches, methods and notations for representing algorithms and software architecture with highlighting the strengths and weaknesses of solutions, synthesizing the paradigm for the presentation of the program code and qualitatively assessing the effectiveness of each of the provisions of the paradigm (by contradiction method); efficiency is understood as a combination of its three indicators: the number of type I and II errors, the search time and the cognitive stress of the expert. The results obtained: description of the idea and 7 main provisions of the paradigm of the pseudocode language for a unified description of algorithms and architecture with the maximum necessary and minimum sufficient degree of formalization; the main practical significance of the representations of the program code obtained in this way is their intended use for analysis by an information security expert for the presence of medium and high-level vulnerabilities; also, for each position, their qualitative influence on the performance indicators of vulnerability search by an expert was established.","PeriodicalId":422818,"journal":{"name":"Voprosy kiberbezopasnosti","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Voprosy kiberbezopasnosti","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.21681/2311-3456-2021-6-78-89","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

Purpose of the study: increasing the efficiency of an expert in searching for medium-level (in algorithms) and high-level (in architecture) vulnerabilities in the program code due to the innovative paradigm of the language for its presentation. Method: consists in the analysis of relevant works on the subject of approaches, methods and notations for representing algorithms and software architecture with highlighting the strengths and weaknesses of solutions, synthesizing the paradigm for the presentation of the program code and qualitatively assessing the effectiveness of each of the provisions of the paradigm (by contradiction method); efficiency is understood as a combination of its three indicators: the number of type I and II errors, the search time and the cognitive stress of the expert. The results obtained: description of the idea and 7 main provisions of the paradigm of the pseudocode language for a unified description of algorithms and architecture with the maximum necessary and minimum sufficient degree of formalization; the main practical significance of the representations of the program code obtained in this way is their intended use for analysis by an information security expert for the presence of medium and high-level vulnerabilities; also, for each position, their qualitative influence on the performance indicators of vulnerability search by an expert was established.
面向中高级漏洞搜索的程序代码统一表示语言:范式的基本规定
研究的目的:提高专家在程序代码中搜索中级(算法)和高级(架构)漏洞的效率,这是由于该语言在其表示方面的创新范式。方法:包括分析有关表示算法和软件架构的方法、方法和符号的相关作品,突出解决方案的优点和缺点,综合表示程序代码的范例,并定性地评估范例中每个条款的有效性(通过矛盾法);效率被理解为它的三个指标的组合:第一类和第二类错误的数量,搜索时间和专家的认知压力。得到的结果是:描述了伪代码语言的思想和范式的7个主要规定,实现了对算法和体系结构的统一描述,具有最大必要和最小充分的形式化程度;以这种方式获得的程序代码表示的主要实际意义是,信息安全专家可以将其用于分析中、高级漏洞的存在;此外,对于每个职位,建立了其对专家脆弱性搜索绩效指标的定性影响。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信