The dissertation solves the actual scientific and applied problem of predicting and assessing the level of quality and security of software at the life cycle’s early stages by developing methods and tools for predicting the level of quality and security of computer systems' software.
The object of research is the processes of predicting the level of quality and security of computer systems' software.
Subject of research are methods and tools for predicting the level of quality and security of computer systems' software.
The aim of the dissertation research is to provide an assessment of the existing set of requirements from the point of view of the predicted level of quality and security of computer systems' software that is planned to be implemented according to such a set of requirements by developing methods and tools for predicting the level of security and quality of computer systems' software.
In the dissertation, the method for analyzing requirements for computer systems' software for the search for values of quality attributes was first time developed, which differs from the known ones by imposing certain restrictions on the formation of a specification of software requirements by structuring requirements containing quality attributes and provides a selection of values of attributes of software quality from natural language specification of software requirements, which are used to evaluate the values of software quality characteristics and for a comprehensive assessment of software quality; the developed method is important for automating the processing of requirements and minimizing subjective influence and human participation in the processes of information processing and software quality and security assessment.
The thesis also first developed a method for predicting the quality level of computer systems' software, which differs from the known methods in that it allows predicting the value of quality level of developed software on the basis of the processing of values of attributes of software quality, which are in the specification of requirements. Thus, the proposed method allows comparing software requirements specifications, immediately refusing to implement a software system based on unsuccessful specifications (reducing the likelihood of failed and challenged projects, saving time and money), and making a well-grounded choice of specifications for the further computer systems’ software realization and implementation with high quality (if errors and bugs are not introduced at the next work during computer systems’ software development).
The dissertation further develops the method of identifying and classifying failures and vulnerabilities, which, unlike the known ones, identifies and classifies failures and vulnerabilities and provides a conclusion as to whether a failure has occurred, and, if a failure has occurred, the user is given its type. In addition, the developed method of ensuring the security of computer system software by identifying and classifying failures and vulnerabilities provides a conclusion as to whether a functional capability is a vulnerability, and, if the functional capability is a vulnerability, the user is given its type.
The dissertation improves the method for determining the security level of computer systems' software, which, unlike the known, establishes the dependence of the value of security of the software on values of the quality attributes and generates a predicted numerical value of the security of the software on the basis of attributes, and provides prediction of the security level of the software based on the obtained numerical value, and also provides comparison of requirements specifications according to the predicted security level of the developed software and the possibility of rejecting unsuccessful specifications.
The results of the dissertation are implemented in: PE “Avivi”; LLC “Deymos”; NGO “IT Cluster of Khmelnytskyi”; in the educational process of Khmelnytskyi National University; in the implementation of state budget topics of Khmelnytskyi National University “Self-organized distributed system for detecting malicious software in computer networks” (State Research Project No. 0121U109936), “System for detecting malware and computer attacks in corporate networks using false attack objects and traps” (State Research Project No. 0124U000980).
