Modeling a Program with Vulnerabilities in the Terms of Its Representations Evolution. Part 1. Life Cycle Scheme

The investigation results of the creating programs process and the resulting vulnerabilities are presented. The first part of the articles series offers a life cycle graphical scheme of the representations (namely, the following: Idea, Conceptual model, Architecture, 2D block diagram, Function diagram, Flowchart, Structogram, Pseudo-code, Classical code, Generation metacode, Script code, Assembly code, Abstract Syntax Tree, Machine Code, Bytecode) through which any sample program passes. The main properties of such representations are indicated - the purpose, form and content, obtaining and restoring representations methods, as well as possible vulnerabilities and ways to detect them. A vulnerabilities nested classification is introduced, consisting of their division according to the structural level in the program, the change in the content of the functionality and the impact on the information being processed.

1. Blagodarenko A.V. Development of a Method, Algorithms and Programs for Automatic Search for Software Vulnerabilities in the Absence of Source Code. PhD Thesis. Taganrog: Southern Federal University Publ.; 2011. 140 p. (in Russ.)

2. Markov A.S., Fadin A.A. System of vulnerabilities and security defects of software resources. Zaŝita informacii. Inside. 2013;3(51):56‒61. (in Russ.)

3. Baev R.V., Skvortsov L.V., Kudriashov E.A., Buchatskii R.A., Zhuikov R.A. Prevention of vulnerabilities arising from optimization of code with undefined behavior. Trudy ISP RAN/Proc. ISP RAS. 2021;4(33):195‒210 (in Russ.)

4. Buinevich M.V., Izrailov K.E. Anthropomorphic approach to describing the interaction of vulnerabilities in program code. Part 1. Types of interactions. Zaŝita informacii. Inside. 2019;5(89):78‒85. (in Russ.)

5. Buinevich M.V., Izrailov K.E. Anthropomorphic approach to describing the interaction of vulnerabilities in program code. Part 2. Vulnerability metric. Zaŝita informacii. Inside. 2019;6(90):61‒65. (in Russ.)

6. Maksimova E.A. Methods for identifying and identifying sources of destructive impacts of infrastructural genesis. Electronic network polythematic journal "Nauchnye trudy KubGTU". 2022;2:86‒99. (in Russ.)

7. Maksimova E.A. Axiomatics of infrastructure destruction of the subject of critical information infrastructure. Informatization and communication. 2022;1:68‒74. (in Russ.) DOI:10.34219/2078-8320-2022-13-1-68-74

8. Maksimova E.A., Buynevich М.В. The method of assessing the infrastructural stability of the subjects of critical information infrastructure. Vestnik UrFO. Security in the Information Sphere. 2022;1(43):50‒63. (in Russ.) DOI:10.14529/secur220107

9. Maksimova E.A. Infrastructural Destructivism of Critical Information Infrastructure Subjects. Moscow ‒ Volgograd: Volgograd State University Publ.; 2021. 181 p. (in Russ.)

10. Vikhrev V.V. On the mechanism for implementing the co-evolutionary model of the life cycle of developing computer programs for learning. Systems and Means of Informatics. 2014;24(4):168‒185. (in Russ.). DOI:10.14357/08696527140411

11. Galimianov A.F., Al-Saffar N.M.F. The Software Product’s Life Cycle with Large Numbers of Users: The Case of Training Programs. VIth International Makhmutov Readings on Problem-Based Learning in the Modern World, 12–14 April 2016, Kazan, Yelabuga, Russia. Yelabuga: Kazan (Volga region) Federal University Publ.; 2016. p.129‒133. (in Russ.)

12. Slepov V.A. Design and development of a software product "personal notepad for writing thoughts". Scientific Review. Technical science. 2020;4:58‒63. (in Russ.)

13. Gishlakaev S.U., Minaev O.M. Basic foundations and processes of software engineering. Proceedings of the XXVII All-Russian Scientific and Practical Conference on Digitalization of Education: Theoretical and Applied Research of Modern Science, 25th January 2021, Rostov-on-Don, Russia. Rostov-on-Don: Southern University Publ.; VVM Publ.; 2021. Part 1. p.18‒22. (in Russ.)

14. Iannone E., Guadagni R., Ferrucci F., De Lucia A., Palomba F. The Secret Life of Software Vulnerabilities: A Large-Scale Empirical Study. IEEE Transactions on Software Engineering. 2023;49(1):44‒63. DOI:10.1109/TSE.2022.3140868

15. Buinevich M., Izrailov K., Vladyko A. The life cycle of vulnerabilities in the representations of software for telecommunication devices. The Proceedings of 18th International Conference on Advanced Communication Technology, ICACT, 31 January‒3 February 2016, Pyeongchang, South Korea. IEEE; 2016. p.430‒435. DOI:10.1109/ICACT.2016.7423420

16. Buinevich M., Izrailov K., Vladyko A. Metric of vulnerability at the base of the life cycle of software representations. The Proceedings of 20th International Conference on Advanced Communication Technology, ICACT, 11‒14 February 2018, Pyeongchang, South Korea. IEEE; 2018. p.1‒8. DOI:10.1109/ICACT.2018.8323940

17. Izrailov K.E. Machine Code algorithmization method for searching for vulnerabilities in telecommunication devices. PhD Thesis. St. Petersburg: The Bonch-Bruevich Saint Petersburg State University of Telecommunications Publ.; 2017. 22 p. (in Russ.)

18. Izrailov K.E. Machine Code algorithmization method for searching for vulnerabilities in telecommunication devices. PhD Thesis. St. Petersburg: The Bonch-Bruevich Saint Petersburg State University of Telecommunications Publ.; 2017. 22 p. (in Russ.)

19. Buinevich M., Izrailov K. Analytical modeling of the vulnerable program code execution. Voprosy kiberbezopasnosti. 2020;3(37):2‒12. (in Russ.) DOI:10.21681/2311-3456-2020-03-02-12.

20. Monastyrnaya V.S., Frolov V.V. Visual language dragon and it is application. Aktual'nye problemy aviacii i kosmonavtiki. 2016;2(12):78‒79. (in Russ.)

21. Parondzhanov V.D. Algorithmic Languages and Programming: DRAGON. Moscow: Yurajt Publ.; 2023. 436 p. (in Russ.)

22. Lapshova A.A. Development of a graphic description of software using the UML language. Teoriya i praktika sovremennoj nauki. 2018;6(36):894‒896. (in Russ.)

23. Dolidze A.N. Overview of specific functions of the FBD language using the example of Logo! Engineering journal of Don. 2022;11(95):1‒10. (in Russ.)

24. Pardo M.X.C., Ferreiro G.R. SFC++: A Tool for Developing Distributed Real-Time Control Software. Microprocessors and Microsystems. 1999;23(2):75‒84. DOI:10.1016/S0141-9331(99)00015-0

25. Akhmerova A.N. Controller programming languages. Features of the application of the languages. Nauchnyj aspekt. 2019;3(3):340‒345. (in Russ.)

26. Turenko D.L. Kirianov K.G. Research of approaches to identification and recovery of program algorithms. Vestnik of Lobachevsky University of Nizhni Novgorod. 2004;(1):37‒46. (in Russ)

27. Nassi I., Shneiderman B. Flowchart techniques for structured programming. SIGPLAN Notices. 8(8):12–26. DOI:10.1145/953349.953350

28. Basov A.S. Classification of programming languages and their features. Vestnik nauki. 2020;2(8):95‒101. (in Russ.)

29. Buinevich M.V., Izrailov K.E., Pokusov V.V., Tailakov V.A., Fedulina I.N. An intelligent method of machine code algorithmization in the interests of finding vulnerabilities in it. Zaŝita informacii. Inside. 2020;5(95):57‒63. (in Russ.)

30. Kizianov A.O., Glagolev V.A. Concept of a universal programming language. Postulat. 2022;1(75). (in Russ.)

31. Morozov D.P., Slepnev A.V. Development of C, C++ code analyzer in Python using Lex, Yacc. Proceedings of the 74th Regional Scientific and Technical Conference of Students, Graduate Students and Young Scientists “Student Spring ‒ 2020”, 26‒27 May 2020, St. Petersburg, Russia. St. Petersburg: The Bonch-Bruevich Saint Petersburg State University of Telecommunications Publ.; 2020. p.28‒32. (in Russ.)

32. Buinevich M.V., Izrailov K.E. Cybersecurity Fundamentals: Ways to Analyze Programs. St. Petersburg: St. Petersburg University of the State Fire Service of the Ministry of Emergency Situations of Russia Publ.; 2022. 92 p. (in Russ.)

33. Lee W.I., Lee G. From natural language to Shell Script: A case-based reasoning system for automatic UNIX programming. Expert Systems with Applications. 1995;9(1):71‒79. DOI:10.1016/0957-4174(94)00050-6

34. Pirogov V. Assembler for Windows. BHV-Petersburg Publ.; 2012. 896 p. (in Russ.)

35. Kapustin D.A., Shvyrov V.V., Shulika T.I. Static analysis of the source code of python applications. Software Engineering. 2022;13(8):394‒403. (in Russ.) DOI:10.17587/prin.13.394-403

36. Suganuma T., Ogasawara T., Kawachiya K., Takeuchi M., Ishizaki K., Koseki A., et al. Evolution of a Java just-in-time compiler for IA-32 platforms. IBM Journal of Research and Development. 2004;48(5.6):767‒795. DOI:10.1147/rd.485.0767

37. Krichanov M.Y., Cheptsov V.Y. Secure UEFI firmware for virtual machines. Sistemnyj administrator. 2021;11(228):75‒81. (in Russ.)

38. Makarov A.V., Skorobogatov S.Y., Chepovskii A.M. Common Intermediate Language and system programming in Microsoft.NET. Moscow, Saratov: Internet University of Information Technologies Publ.; Ai Pi Ar Media Publ.; 2020. 397 p. (in Russ.)

39. Krasov A.V., Sharikov P.I. Methods of protection byte code java-programs from decompilation and theft of source code by an attacker. Vestnik of St. Petersburg State University of Technology and Design. Series 1: Natural and technical Sciences. 2017;(1):47‒50. (in Russ.)

40. Buinevich M.V., Izrailov К.Е. Method and Utility for Recovering Code Algorithms of Telecommunication Devices for Vulnerability Search. Proceedings of the 16th International Conference on Advanced Communications Technology, ICACT, 16‒19 February 2014, Pyeongchang, South Korea. IEEE; 2014. p.172‒176. DOI:10.1109/ICACT.2014.6778943