Certification and identification of possible threats to information security of software and firmware

Abstract

A number of methods, methods and tools are proposed for certification of software and firmware in information systems in order to select approaches and tools for working in non-standard situations in a constantly changing regulatory and methodological framework and possible threats to their information security. The type of certification under consideration is limited to methods and techniques for analyzing vulnerabilities and undeclared capabilities. This type of certification is intended for software research. Not all possible aspects related to this type of certification have been considered, however, the novelty and advantages of the approaches are based on some original approaches in cases where it is not clear how to present sets of input data for testing. Approaches to certification tests are presented using tools of our own design, which allows you to identify the main parameters necessary for assembling software and its research, and to parse software written in various programming languages. Based on the program of testing and verification of the object of assessment in accordance with the requirements of information security under a certain level of control, methods for conducting certification studies are proposed, the advantages of approaches using the available and proposed tools are shown. To save on the purchase of tools, some well-known, free and freely distributed tools, as well as effective and inexpensive software products, are proposed for use in tests.