Volume 11 - Issue 1
Method and algorithms of visual audit of program interaction
- Mikhail V. Buinevich
Saint-Petersburg University of State Fire Service of EMERCOM of Russia, Saint-Petersburg, Russia, The Bonch-Bruevich State University of Telecommunications, Saint-Petersburg, Russia
bmv1958@yandex.ru
- Konstantin E. Izrailov
St. Petersburg Federal Research Center of the Russian Academy of Sciences, Saint-Petersburg, Russia, The Bonch-Bruevich State University of Telecommunications, Saint-Petersburg, Russia
konstantin.izrailov@mail.ru
- Igor V. Kotenko
St. Petersburg Federal Research Center of the Russian Academy of Sciences, Saint-Petersburg, Russia
ivkote@comsec.spb.ru
- Pavel A. Kurta
The Bonch-Bruevich State University of Telecommunications, Saint-Petersburg, Russia
expert@kurta.ru
Keywords: Software, Interaction, Audit, Visualization, Information Security
Abstract
Modern software products consist of a lot of executable files. Simultaneously, there are complex data
flows between them. As a result, the task of auditing such data interactions of programs arises. In particular,
this can be in demand in the field of information security for detecting holes in architectures
of solutions. Such types of programs as PE (for Windows), ELF (for Linux), CIL (.Net bite code),
JBC (Java bite code) and Script (interpretable code) should be mentioned. The types of interactions
include direct program fetching, direct import of libraries and exchange of external files. The paper
discusses the authors’ own method of analysing software products and visualizing the interaction of
programs to be studied by the Expert subsequently. The work of the method is based on the generalized
model of interactions set analytically. The authors describe the results of the experiment with
the developed prototype, implementing this method for five standardized and qualitatively different
software products. The results of the experiment are analyzed by the expert from the point of view of
product information security. A conclusion is made about the necessity of automatizing the expert’s
work. For this purpose, we propose the corresponding algorithms as the pseudo-code.