The possibilities of ensuring the security of the software product in the conditions of unauthorized access

Economic Annals-ХХI: Volume 189, Issue 5-6(1), Pages: 90-100

Citation information:
Dziatkovskii, A., & Hryneuski, U. (2021). The possibilities of ensuring the security of the software product in the conditions of unauthorized access. Economic Annals-XXI, 189(5-6(1)), 90-100. doi: https://doi.org/10.21003/ea.V189-09


Anton Dziatkovskii
Co-Founder,
Platinum Software Development Company
67-170 Punane Str., Lasnamae Distr., Tallin, 13619, Estonia
founder@platinum.fund
ORCID ID: https://orcid.org/0000-0001-7408-3054

Uladzimir Hryneuski
Chief Content Marketing,
Platinum Software Development Company
67-170 Punane Str., Lasnamae Distr., Tallin, 13619, Estonia
vsvoboden@gmail.com
ORCID ID: https://orcid.org/0000-0002-8506-5131

The possibilities of ensuring the security of the software product in the conditions of unauthorized access

Abstract. Ensuring the security of a software product in the conditions of large companies, taking into account confidential financial and corporate data, is quite an urgent topic in 2021-2023. Over the past year, the number of leaks of confidential information reached a historic peak, together with cyber attacks, and amounts to 114 identified cases. In modern conditions, software security testing is aimed at identifying security errors and design flaws at all stages of the software development lifecycle. At the same time, at the design stage, this type of work should be provided in order to facilitate the implementation of these characteristics in the final version of the security-related system.

Research has shown that there is a wide range of opportunities for developing and using security testing software. These options may differ in implementation technologies, cost and other tactical and technical indicators, characteristics of individual elements, and so on. The main task of developing a software security testing method is to develop, improve and select models, methods and tools that belong to a subset and provide maximum software security indicators.

Our approach allows us to prevent any penetration into the information system, while maintaining 100% security of confidential files and the system as a whole. The threat prevention model works with the help of proactive technology, and if you calculate the economic effect of these measures, it can be different, depending on the value of the enterprise’s information itself, and can also be calculated in millions of US dollars. The reliability of the results of mathematical modelling of technologies for creating and implementing «penetration testing» tools is evaluated. The experimental results showed that for all the studied data types, the confidence probability that the value of the statistical value «does not deviate» from the mathematical expectation by more than 1 is 0.94.

Keywords: Security; Software Product; Unauthorized Access; Economic Security; Information; GERT; Cyberattack

JEL Classіfіcatіon: D85; E17; M15

Acknowledgements and Funding: The authors received no direct funding for this research.

Contribution: The author contributed equally to this work.

DOI: https://doi.org/10.21003/ea.V189-09

References

  1. Aloul, F. A., Al-Ali, A. R., Al-Dalky, R., Al-Mardini, M., & El-Hajj, W., (2012). Smart grid security: Threats, vulnerabilities and solutions. International Journal of Smart Grid and Clean Energy, 1(1), 1-6.
    https://doi.org/10.12720/sgce.1.1.1-6
  2. Al-Shaer, E., & Rahman, M. A. (2016). Security and resiliency analytics for smart grids. Advances in Information Security.
    https://doi.org/10.1007/978-3-319-32871-3
  3. Dewa, Z., & Maglaras, L. A. (2016). Data mining and intrusion detection systems. International Journal of Advanced Computer Science and Applications, 7(1), 62-71.
    https://doi.org/10.14569/IJACSA.2016.070109
  4. Dileep, G. (2020). A survey on smart grid technologies and applications. Renewable Energy, 146, 2589-2625.
    https://doi.org/10.1016/j.renene.2019.08.092
  5. Ferrag, M. A., Maglaras, L. A., Janicke, H, Jiange, J., & Shu, L. (2018). A systematic review of data protection and privacy preservation schemes for smart grid communications. Sustainable Cities and Society, 38, 806-835.
    https://doi.org/10.1016/j.scs.2017.12.041
  6. Ferrag, M. A., Maglaras, L., Moschoyiannis, S., & Janickeb, H. (2020). Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. Journal of Information Security and Applications, 50, 102419.
    https://doi.org/10.1016/j.jisa.2019.102419
  7. Harrison, M. A., Ruzzo, W. L., & Ullman, J. D. (1976). Protection in Operating Systems. Communications of the ACM, 19(8), 461-471.
    https://doi.org/10.1145/360303.360333
  8. IEEE. (2018). IEEE Std 1003.1-2017 (Revision of IEEE Std 1003.1-2008) and The Open Group Technical Standard Base Specifications, Issue 7. IEEE and The Open Group.
    http://pubs.opengroup.org/onlinepubs/9699919799
  9. Kanner, A. M., & Ukhlinov, L. M. (2012). Access control in GNU/Linux. Information Security Questions, 3, 35-38.
    https://www.okbsapr.ru/library/publications/kanner_2012_4 (in Russ.)
  10. Kimani, K., Oduol, V., & Langat, K. (2019). Cyber security challenges for iot-based smart grid networks. International Journal of Critical Infrastructure Protection, 25, 36-49.
    https://doi.org/10.1016/j.ijcip.2019.01.001
  11. Li, X., Liang, X., Lu, R., Shen, X., Lin, X., & Zhu, H., (2012). Securing smart grid: cyber attacks, countermeasures, and challenges. IEEE Communications Magazine, 50(8), 38-45.
    https://doi.org/10.1109/MCOM.2012.6257525
  12. Maglaras, L. A., & Jiang, J. (2014). A real time OCSVM intrusion detection module with low overhead for SCADA systems. International Journal of Advanced Research in Artificial Intelligence 3(10), 45-53.
    https://doi.org/10.14569/IJARAI.2014.031006
  13. Maglaras, L. A., & Jiang, J. (2014). Ocsvm model combined with k-means recursive clustering for intrusion detection in scada systems. 10th International conference on heterogeneous networking for quality, reliability, security and robustness (pp. 133-134).
    https://doi.org/10.1109/QSHINE.2014.6928673
  14. Maglaras, L. A., Kim, K. H., Janicke, H., Ferrag, M. A., Rallis, S., Fragkou, P., Maglaras, A., & Cruzg, T. J. (2018). Cyber security of critical infrastructures. ICT Express, 4(1), 42-45.
    https://doi.org/10.1016/j.icte.2018.02.001
  15. Matveychikov, I. V. (2014). Overview of Dynamic Operating System‘s Kernel Hooking Methods (Study Case of Linux Kernel). Bezopasnost Informatsionnykh Tekhnology, 4, 75-82.
    https://bit.mephi.ru/index.php/bit/article/view/146 (in Russ.)
  16. Rakitskiy, Y. S., & Belim, S. V. (2011). Model of Union Two Mandatory Security Policies. Bezopasnost Informatsionnykh Tekhnology, 1, 125-126 (in Russ.).
  17. Sandhu, R., Ferraiolo, D. F., & Kuhn, R. (2000). The NIST Model for Role – based Access Control: towards a unified standard. Proceedings of the fifth ACM Workshop on Role-based Access Control (pp. 47-63). New York: ACM.
    https://doi.org/10.1145/344287.344301
  18. Shcheglov, K. A., & Shcheglov, A. Yu. (2014). A Consistent Model of Mandatory Access Control. Journal of Instrument Engineering, 57(4), 12-15 (in Russ.).
  19. Sutherland, B. R. (2020). Securing smart grids with machine learning. Joule, 4(3), 521-522.
    https://doi.org/10.1016/j.joule.2020.02.013

Received 24.03.2021
Received in revised form 9.04.2021
Accepted 22.04.2021
Available online 10.06.2021