Vladimir Iurevich Telezhnikov scite author profile

Vladimir Iurevich Telezhnikov

2Publications

0Citation Statements Received

0Citation Statements Given

How they've been cited

How they cite others

Affiliations

Publications

Order By: Most citations

Building a methodology for secure system software development on the example of operating systems

Devyanin¹,

Telezhnikov²,

Хорошилов³

2021

Proceedings of ISP RAS

View full text Add to dashboard Cite

System software is a cornerstone of any software system, so building secure system software in accordance with requirements of certification authorities and state-of-the-art practices is an important scientific and technical problem. One of possible approaches to cope with the problem is to build a methodology for secure system software development including advanced scientific technologies and industry best practices. The paper presents current results achieved in building such methodology in the following directions. The first one is regulatory framework improvement including development of GOST R specifications defining requirements to formal models of access control policies and their formal verification. The second direction is design and verification of formal models of corresponding security functional requirements. The third direction is application of new and well established technologies of static and run-time analysis of systems software. The considered technologies include static analysis, fuzzing, functional and unit testing as well as testing the system software against formal models of its functional security requirements. The forth direction is development of methods for acquisition of results of all kinds of the analysis and for its analytical processing. All the directions are illustrated by practical examples of application of the methodology to development of Astra Linux operating system distribution that is certified according to the highest evaluation assurance levels.

show abstract

Approaches for improving the efficiency of protected OS components fuzzing

Egorova¹,

Panov²,

Telezhnikov³

et al. 2022

Proceedings of ISP RAS

View full text Add to dashboard Cite

Fuzzing as a part of the continuous integration is a necessary tool, aimed primarily at the providing confidence in the software being developed. At the same time, in the presence of significant amounts of the source code, fuzzing becomes a resource-intensive task. That’s why increasing the efficiency of fuzzing to reach needed code sections more quickly without reducing quality becomes an important line of research. The article deals with approaches to improve the efficiency of fuzzing both for kernel and for user-space software. On the other hand, on these amounts of program code, static code analysis produces a huge number of warnings about possible errors, and the main resources within this type of analysis are required not to obtain to result, but for analytical processing. In this regard, in the article considerable attention is paid to the approach of correlating the results of static and dynamic code analysis using the developed tool, which also allows to implement directed fuzzing in order to confirm the warnings of static analyzer, which significantly increases the efficiency of testing components of the protected OS Astra Linux.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.