Davydov V. Models and methods of increasing the bytecode-oriented software security of during cyberattacks

The dissertation is devoted to solving the current scientific and technical problem of improving the security of software during cyberattacks in computer systems based on the development the models and methods of software code obfuscation and the license keys creation for copyright protection. A study and comparative analysis of bytecode-oriented software models and methods security was conducted, which showed that the existing models and methods of desktop software security at the system level of design do not fully eliminate the impact of threats to the corresponding security threats. Therefore, the existing modules and methods of software protection do not meet the quality requirements regulated by international standards and standards of Ukraine on software quality. It is shown that increasing the security of software affects other indicators of software quality, namely: portability, maintainability, performance. A method for checking the logical and semantic similarity of standard sequential program schemes has been developed, which is based on finding the most similar in terms of thermal history paths in the program. This method uses a graph of agreed program paths as a reference structure. The iterative procedure that performs this calculation is the procedure for constructing the graph markup. The developed method allowed to pass to polynomial calculations of thermal history ways search at a stage of the graph marking for parallel calculations instead of existing exponential. This allowed to reduce the time of checking the code for logical and semantic similarity to determine the impact of the code obfuscation developed method on its correctness. A GERT-model of the obfuscation process of software modules has been developed, which is based on the mathematical apparatus of the Gamma-distribution at all stages of modeling the obfuscation process. This allowed to achieve the model unification in terms of the GERT-network modification. The results of the study showed that for the developed mathematical model, when adding another obfuscation process, the variance of the execution time increases by 12%, and when it is removed from the system, it decreases to 13%. The mathematical expectation of execution time changes in a geometric progression – so, when removing 1 node there is a decrease in mathematical expectation by 9%, and when increasing by 1 node – an increase in mathematical expectation by 26%. This shows the insignificance of changes in the studied indicators in terms of model modification and confirms the hypothesis of model unification in terms of using the mathematical apparatus of the Gamma-distribution as the main one. This reduces the time to decide on the feasibility of using the obfuscation process in the use of flexible methodologies. The method of safe transition in GERT-networks used as a graph of the control logic of the software product is developed. This logic is implemented depending on the identification or serial number. The methodology of scaling of the developed mathematical model by its horizontal and vertical scaling is developed. The expediency of using each type of scaling is shown taking into account the criticality of the execution time of the software security check based on the license identifiers. Thus, with vertical scaling, due to the use of a parallel data processing process, the data processing time has not changed. This gives the prerequisites for the use of this type of scaling at the critical time of the process, as well as the need to significantly increase the length of the license key on weak devices (e.g., embedded devices and Internet of Things). When scaling horizontally, due to the use of additional sequential data processing processes, the processing time increased significantly (3.43 times). However, the introduction of additional sequential actions increases the analysis time of the behavior algorithm. This gives the prerequisites for the use of this type of scaling when using application software, where the start time of the program is not critical.