DOI: 10.7256/2306-4196.2017.1.20351

Abstract: The subject of research is mathematical software software certification procedures for information security requirements in view of time constraints, regulatory and design requirements. This essential requirement is the availability of the source code on the test software, which is quite critical for developers as a potential channel formed intellectual property leakage. To overcome this drawback, the technique of testing the compilers on the lack of mechanisms for the implementation of undeclared capabilities to stage software compilation. The research methodology combines the methods of software engineering, theory of possibilities of object-oriented programming, systems analysis, the theory of reliability. The main conclusion of the study is that by forming an optimal set of tests using the mathematical apparatus of the theory of games, spending his compiling and analyzing the control flow graphs and data obtained from the compiler output and built according to the original texts of the tests, we can conclude the presence or absence in the test compiler mechanisms introduction of undeclared capabilities in the compiled software.

DOI: 10.7256/2454-0714.2015.2.16767

Abstract: The article considers the prevailing contradictions between the nature of the vulnerabilities in source code, safety requirements limitations of regulatory and methodological basis of tests and software developers who do not provide the source code for testing purposes. Methods of software products analysis that do not require the source code of programs, are widely used abroad but in our country are not well known yet. The article investigates the question can such methods and means increase the effectiveness of certification testing of software. The authors determine the necessary changes in the regulations to open up the possibility of applying the methods of testing programs without source code in the certification tests. Methods used in the study: software engineering, analysis of complex systems, the theory of reliability of complex systems, the synthesis software, compiling software. The paper shows that the use of methods for testing without source code allows to find such common vulnerabilities in the software that can’t be effectively detected because of the regulatory restrictions for the presence of source code. The experience of certification tests on the absence of undeclared features and program bookmarks, as well as independent software testing allows to determine the priority areas for improvement of the regulatory, based on the application of the methods of testing software without source code.