Secure Software Developing Recommendations

2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T) Pub Date : 2019-10-01 DOI:10.1109/PICST47496.2019.9061529

V. Grechko, T. Babenko, Larysa Myrutenko

{"title":"Secure Software Developing Recommendations","authors":"V. Grechko, T. Babenko, Larysa Myrutenko","doi":"10.1109/PICST47496.2019.9061529","DOIUrl":null,"url":null,"abstract":"Adverse effects on information in the functioning computer systems of various purpose is carried out in order to violate their confidentiality, integrity and accessibility. These threats arise from software vulnerabilities and result in unauthorized access to data or leakage of sensitive information To solve this problem, firstly, an analysis of the software life cycle was carried out in order to determine the stages of software development. Secondly, taking into account the stages obtained, possible threats to information were identified. A buffer overflow vulnerability was considered as a basic example of a threat. Possible ways of exploiting this vulnerability are given, the pros and cons of detection and counteraction tools are analyzed. As a result, recommendations on the development of safe software are presented, both in general terms and more specific in order to avoid the buffer overflow vulnerability. Having using such recommendations, enterprises could reduce the risk of sensitive information breach and minimize outlane. The results obtained in the paper can also be used to make decisions about the possibility of operating the relevant software.","PeriodicalId":6764,"journal":{"name":"2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T)","volume":"1 1","pages":"45-50"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PICST47496.2019.9061529","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Adverse effects on information in the functioning computer systems of various purpose is carried out in order to violate their confidentiality, integrity and accessibility. These threats arise from software vulnerabilities and result in unauthorized access to data or leakage of sensitive information To solve this problem, firstly, an analysis of the software life cycle was carried out in order to determine the stages of software development. Secondly, taking into account the stages obtained, possible threats to information were identified. A buffer overflow vulnerability was considered as a basic example of a threat. Possible ways of exploiting this vulnerability are given, the pros and cons of detection and counteraction tools are analyzed. As a result, recommendations on the development of safe software are presented, both in general terms and more specific in order to avoid the buffer overflow vulnerability. Having using such recommendations, enterprises could reduce the risk of sensitive information breach and minimize outlane. The results obtained in the paper can also be used to make decisions about the possibility of operating the relevant software.

查看原文本刊更多论文

安全软件开发建议

对各种目的的运行计算机系统中的信息进行不利影响，以违反其保密性，完整性和可访问性。这些威胁来自于软件漏洞，导致数据被未经授权访问或敏感信息泄露。为了解决这个问题，首先对软件生命周期进行分析，以确定软件开发的阶段。其次，考虑到所获得的阶段，确定了对信息的可能威胁。缓冲区溢出漏洞被认为是威胁的一个基本例子。给出了利用该漏洞的可能方法，分析了检测和对抗工具的优缺点。因此，为了避免缓冲区溢出漏洞，本文提出了开发安全软件的建议，包括一般建议和更具体的建议。使用这些建议，企业可以降低敏感信息泄露的风险，并最大限度地减少外泄。本文的研究结果也可用于决策相关软件的可行性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T)

自引率

0.00%

发文量