One of the leading areas of cybersecurity of communication networks is considered – the introduction of preventive mechanisms, among which the most promising are the methods of active security analysis. These methods allow, in addition to timely detection of vulnerabilities of the target system (analyzed system), to confirm the possibility of their implementation, that is, to validate vulnerabilities by simulating the real actions of a potential attacker. The urgent need to validate vulnerabilities out of the many identified is caused by the fact that some of them can only be theoretical, while others are exploited using malicious scripts (exploits). At the same time, the process of validating vulnerabilities is practically not studied. That is why the work carried out an experimental study of the functioning of modern tools for exploiting vulnerabilities. Based on the observations, general quantitative characteristics of the vulnerability validation process were identified. A mathematical model for the analysis of the above characteristics based on Bernstein polynomials has been developed. It is the polynomial representation of the procedure for confirming the possibility of implementing the identified vulnerabilities that makes it possible to describe the dynamics of this process, taking into account the complex and volatile nature of the environment. Analytical dependencies are obtained for the number of cases of successful and negative confirmation of vulnerabilities. In particular, negative validation cases include simply failed attempts to validate vulnerabilities, as well as attempts that resulted in critical errors on the target system during the rational cycle of validating the identified vulnerabilities. The proposed dependencies make it possible to construct the probability distribution laws for the above characteristics of the vulnerability testing process.
The paper presents the possibility of applying the model of limited rationality to solve the forming project teams for the IT systems development and implementation problem.To achieve this goal, the following tasks were set and achieved: a review of standards in the field of information technology, which determine the requirements for labor resources involved in the project work was performed; a model of limited rationality for the selection of executors in the project team, which is based on the parameters and characteristics of the project conditions and the achievement of the overall project goal was presented; a formal description of the selection of executors and generation of a project team for the IT systems development and implementation in accordance with the functional requirements of the project. The main factor in the development and implementation of information systems is a thorough approach to the appointment of workers for project work. It is the formation of a project team in the context of attracting limited labor resources that work on the project during its implementation and the requirements for project tasks, is the main factor in the successful implementation of the whole project. According to flexible methodologies, when the project implementation plan may change at each iteration, the peculiarity of the project teams formation involved in the IT systems development and implementation determines the limitations on the quality requirements for individual project iterations. The use of models of limited rationality allows to balance between the requirements for the whole project and the requirements for specific project tasks in accordance with the possible involvement of executors for the most effective selection. The importance of selection of labor resources in the project team with the appropriate levels of competence and qualification for the possibility of performing all project tasks was substantiated.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.