Control of undeclared capabilities

Maxim Repin
Specialist of JSC "Concern "BEGA"

Anastasia Sakulina
Specialist of JSC "Concern "BEGA"

Nowadays, due to the increase in cases of leaks confidential information(CI) the main question becomes about its reliable protection.

Unlike state secrets and personal data, regulatory documents in the field of CI protection are advisory in nature, so a natural question arises: should you follow them or not?

Let's consider the need and feasibility of certification of CI protection equipment according to levels of control over the absence of undeclared capabilities (NDC).

Levels of control over the absence of non-compliance materials

There are four levels of control absence of NDV. To protect CIs, level 4 is usually used, but level 3 can also be used, which includes a more thorough analysis of the absence of NDV.

The main difference between the indicated levels of control is that the 4th level involves activities only for static software analysis, and at the 3rd level of control activities are also carried out for dynamic analysis. The process of static analysis at these levels differs in the volume of regulated technological operations. Accordingly, by certifying its product at Level 3, the developer also gains access to the market for means of protecting state secrets.

We often hear the following arguments in favor of certification:

• certified software correctly performs its information security functions;
• Certified software guarantees the absence of built-in mechanisms that could harm customer information.

In practice, having a software certificate does not always ensure compliance with these statements.

If we take those products offered on the domestic market that have a certificate, then they often present a rather deplorable sight, since they usually have a full range of software errors and do not provide either ease of use or flexibility of settings.

IN large companies finding errors in programs and testing them is separate stage, built according to strictly established methods and carried out big amount employees. additional verification during certification, requiring a long period of time and significant financial costs, only gives competitors a head start, reducing company profits and significantly increasing the cost of the final product due to certification costs.

In the free software market, these functions are performed by enthusiasts. They often have very deep knowledge in this area, and their number is much larger than the staff of any laboratory. This allows you to thoroughly go through the entire code and fix all the weak points.

IN this moment testing laboratories that carry out certification for the absence of NDV have neither human nor technical resources, allowing at the proper level and in as soon as possible carry out verification procedures for complex software.

Another problem is that software updates and patches are violations of the terms of the issued certificate and require repeat procedure checks. A similar situation occurs if the certificate has expired. If there is a new guidance document on monitoring the absence of NDV established procedure confirmation and renewal of the certificate, which is based on an analysis of the compliance of the certified properties of the newly provided product with the properties of the old certified version, no longer works.

The paradox of the problem of having software bookmarks (SW) in a product

This paradox lies in the fact that PP may be absent from the software before certification, but appear after it. The illusion of obtaining a certificate can significantly reduce the vigilance of developers and lead to unpredictable consequences for the customer. Individual organizations Using these bookmarks, they will be able to carry out hidden monitoring and capture of any company information and use it at their discretion. If these bookmarks are identified, not only will the end user, but also the development company, which will receive a significant blow to its image, reputation and weaken its position in the market. The customer will be forced to rebuild the entire protection system anew, and this will result in new costs.

The information security regulation system is very in a good way in order to set a certain level of product quality, but this should not interfere with competition and be a tool for regulating the market.

Analysis of the current situation shows that certification of products for protecting confidential information is not relevant enough, since it creates unnecessary illusions of security. When choosing software To protect yourself, you need to be guided, first of all, by the reviews of experts and the reputation of the developers.

At the moment, to build a truly reliable protection system, it is better to invest money in competent and proven system administrators and consultants. Their knowledge and experience will help you choose the most reliable and suitable solutions for a particular company.

Articles on the topic

In the requirements for information security during design information systems the characteristics characterizing the information security means used are indicated. They are defined by various acts of regulators in the field of security information security, in particular - FSTEC and the FSB of Russia. What security classes there are, types and types of protective equipment, as well as where to find out more about this, are reflected in the article.

Introduction

Today, issues of ensuring information security are the subject of close attention, since technologies being implemented everywhere without ensuring information security become a source of new serious problems.

The Russian FSB reports on the seriousness of the situation: the amount of damage caused by attackers over several years around the world ranged from $300 billion to $1 trillion. According to information provided Prosecutor General Russian Federation, only in the first half of 2017 in Russia the number of crimes in the field high technology increased sixfold total amount damage exceeded $18 million. An increase in targeted attacks in the industrial sector in 2017 was noted throughout the world. In particular, in Russia the increase in the number of attacks compared to 2016 was 22%.

Information technologies began to be used as weapons for military-political, terrorist purposes, and to interfere in internal affairs sovereign states, as well as for committing other crimes. The Russian Federation stands for the creation of an international information security system.

In the territory Russian Federation owners of information and operators of information systems are obliged to block attempts of unauthorized access to information, as well as monitor the state of security of the IT infrastructure on permanent basis. At the same time, information protection is ensured by taking various measures, including technical ones.

Information security tools, or information protection systems, ensure the protection of information in information systems, which are essentially a collection of information stored in databases, information technologies, ensuring its processing, and technical means.

Modern information systems are characterized by the use of various hardware and software platforms, the territorial distribution of components, as well as interaction with open data networks.

How to protect information in such conditions? The corresponding requirements are imposed authorized bodies, in particular, FSTEC and the FSB of Russia. Within the framework of the article, we will try to reflect the main approaches to the classification of information security systems, taking into account the requirements of these regulators. Other ways of describing the classification of information protection equipment, reflected in regulatory documents Russian departments, and foreign organizations and agencies go beyond of this article and are not considered further.

The article may be useful to novice specialists in the field of information security as a source of structured information on methods of classifying information security based on the requirements of the FSTEC of Russia (to a greater extent) and, briefly, the FSB of Russia.

The structure that determines the procedure and coordinates the provision of information security using non-cryptographic methods is the FSTEC of Russia (formerly the State Technical Commission under the President of the Russian Federation, State Technical Commission).

If the reader has ever seen the State Register of Certified Information Security Tools, which is formed by the FSTEC of Russia, then he certainly paid attention to the presence in the descriptive part of the purpose of the information protection system such phrases as “RD SVT class”, “level of absence of non-compliance with non-compliance data”, etc. (Figure 1) .

Figure 1. Fragment of the register of certified information protection devices

Classification of cryptographic information security tools

The FSB of Russia has defined classes of cryptographic information protection systems: KS1, KS2, KS3, KV and KA.

The main features of KS1 class information security equipment include their ability to withstand attacks carried out from outside controlled area. This implies that the creation of attack methods, their preparation and implementation is carried out without the participation of specialists in the field of development and analysis of cryptographic information security. It is assumed that information about the system in which the specified information security systems are used can be obtained from open sources.

If a cryptographic information security system can withstand attacks blocked by means of class KS1, as well as those carried out within the controlled area, then such information security corresponds to class KS2. It is possible, for example, that during the preparation of an attack information about physical measures protection of information systems, provision of a controlled area, etc.

If it is possible to resist attacks if you have physical access to funds computer technology with installed cryptographic information security systems, they speak of compliance of such means with class KS3.

If cryptographic information security resists attacks that were created with the participation of specialists in the field of development and analysis specified funds, including research centers, it was possible to conduct laboratory studies of protective equipment, then we're talking about on compliance with the HF class.

If specialists in the field of using NDV system software were involved in the development of attack methods, the corresponding design documentation and there was access to any hardware components of cryptographic information security, then protection against such attacks can be provided by means of the KA class.

Classification of electronic signature protection means

Facilities electronic signature depending on the ability to withstand attacks, it is customary to compare them with the following classes: KS1, KS2, KS3, KV1, KV2 and KA1. This classification is similar to that discussed above in relation to cryptographic information security.

conclusions

The article examined some methods of classifying information security systems in Russia, the basis of which is normative base regulators in the field of information security. The considered classification options are not exhaustive. Nevertheless, we hope that the presented summary information will allow a novice specialist in the field of information security to quickly navigate.

And, by the way, there is no “license for NDV”.

I'm not digging into it, I just want to figure it out.

The applicant may be one of the developers if the development is joint.

The applicant is simply - then why should he do this?

If for further production, then a license is needed.

If not, then you need a set of documents for certification, an agreement with the developer on the use of the development, or some other basis. IN in this case Why does he need a certificate if it is impossible to produce with subsequent sale.

> by the developer about the use of the development or other basis. In this case

> why does he need a certificate if it is impossible to produce with subsequent sale.

How to get FSTEC certification

Receiving the coveted certificate

On certification of non-cryptographic information and telecommunication systems according to the requirements of the FSB

I.G. Shaposhnikov, Director of LLC "Center for Certification Research", Ph.D.

V.A. Myltsev, Deputy Director for Licensing and Certification LLC "Center for Certification Research"

ONE of the areas of activity of the FSB (formerly FAPSI) is the certification of cryptographic information protection means. The certification studies themselves are carried out in accredited laboratories and centers. At the same time, product compliance with information security requirements is confirmed. LLC "Center for Certification Research" (CSR) was created as an organization engaged in the certification of cryptographic equipment. Therefore, with the first licenses received, the center acquired the status of a testing laboratory for certification of encryption technology in accordance with the communication security requirements established by FAPSI. Certification of encryption technology is an area of ​​activity in which it is necessary for the certification customer to have a clear understanding of the procedure for its implementation. The latter, as a rule, are aware of what actions they need to take in order to successfully complete the certification procedure and what materials to submit. Specified order legally fixed in a number of regulatory documents(for example, PKZ-2005).

In accordance with new requirements

IN Lately The scope of certified products according to FSB information security requirements has expanded significantly. Nowadays, not only telecommunications equipment is certified, including cryptographic means protection, but also without any.

Currently, in addition to encryption technology, the FSB certifies:

• digital PBX;
• firewalls;
• plesiochronous digital hierarchy equipment;
• software used in automated systems ah ITCS for special purposes;
• antiviral agents.

When carrying out certification studies, regulatory documents (requirements, methods) of the FSB are used. Currently, such documents exist for all types of the above telecommunications equipment that do not contain cryptographic information protection means. CRC became a pioneer in conducting certification studies in accordance with these new requirements, took part in the creation of regulatory methodological documents and works in strict accordance with them.

The purpose of this article is to give some idea of ​​the existing difficulties in certifying equipment that does not contain encryption technology. It is also necessary to dwell on the requirements that are presented to the creators of this technology.

IN last years Many new non-state development companies have appeared, usually unfamiliar with this procedure. Deficiency of widespread drugs plays a negative role (for example, like PKZ-99 and PKZ-2005) state documents regulating the development and certification of safety requirements. In their absence, the order of conduct is determined existing practice. Below we will try to reflect the most important points of the procedure, based on the experience of the CRC.

From application to certificate

So, certification includes the following necessary steps:

• submitting an application for certification to the FSB - indicating the certification scheme and the names of standards and other regulatory documents for compliance with the requirements of which certification must be carried out;
• coordination of the level of certification requirements;
• development of technical specifications and conclusion of an agreement with a testing laboratory;
• presentation of samples of certified products and all necessary documentation for testing;
• conducting certification tests;
• modification (if necessary) of products according to safety requirements with subsequent verification;
• preparing a report and sending it to the FSB; » preparation of a report to the FSB and issuance of a certificate.

The level of requirements for certified products, as a rule, is determined by the certification customer together with the FSB and the customer of the system where the certified equipment will be located. At the same time there is also a limitation functionality hardware - only the functions used in this application, others are deleted or blocked at the software or hardware level. Most high level information protection requirements are associated with the processing of information containing information that constitutes a state secret. Accordingly, when certifying technical means intended for their processing, maximum amount types of tests, and each one is held to the most stringent standards. This, naturally, entails longer and more labor-intensive research. And the equipment developer (applicant) is required to provide the most detailed and complete materials(documentation) on certified equipment.

List of submitted documentation for certified equipment

1. A detailed diagram of the architecture of the certified object, in which all function blocks and connections between them.

2. Description of the operation of the entire product.

3. For each board (subunit) the following must be provided:

• technical description;
• setup instructions;
• user manual;
• electrical circuit diagram;
• list of elements;
• functional diagram.

4. Detailed description Software that must contain:

• software architecture;
• functional diagram;
• algorithms are the most significant procedures and functions;
• a list of all modules and their meaning;
• a list of all procedures, functions, constants and variables and their purpose;
• all source texts with comments;
• development tools for working with software source codes;
• configuration files for development tools;
• compilation tools, methods and order of assembly of the final software project;
• testing schemes for certified equipment and all declared functionality on the certified equipment.

Standards do not change

It is necessary to especially emphasize the fact that certification involves “freezing” the process of equipment development at a certain stage, corresponding to the needs of the customer of a special telecommunication system. Therefore, all of the above documentation must refer to this one “frozen” modification. The latter will undergo a full range of tests, receive a certificate and become a model. It will be used to produce equipment that will be covered by the concept of “certified.”

Developers of telecommunications equipment regularly change the software of the equipment in order to correct errors, expand the functions performed, or to track the transforming hardware (for example, the element base), that is, continuous modernization of the equipment occurs. However, extending the certificate to equipment with any transformations requires additional research. This is where, as a rule, misunderstanding arises between the developer and the certifying organization. First, the first one submits documentation, different parts of which relate to different stages“development” of the equipment, and after certification considers it possible to make minor, from his point of view, changes, which does not meet high requirements requirements for certified equipment.

Such strict security criteria information security in telecommunications equipment according to the requirements of the FSB are determined by the area of ​​its use. The FSB certificate provides the opportunity to operate equipment in higher authorities authorities. Therefore, the hardware developer should consider whether certification is necessary before pursuing certification. It is possible that it will be enough to get FSTEC certificate, which allows the equipment to be used in government agencies. If the decision on certification according to the FSB requirements has been made, then you should begin working with specialists from the certification laboratory to draw up technical specifications, determine the level of protection, and compile a list of documentation and equipment for certification. In the Center for Contemporary Art, for example, such preparation is carried out even before concluding an agreement with organizations.

An important point further collaboration The certifying organization and the customer determine the scope of research and, accordingly, the cost of work. Due to the complexity of the equipment being examined, it is sometimes difficult to establish this volume without conducting preliminary studies. Then, at first, a contract is concluded only for the first stage of work, when preliminary analysis documentation, a program and test methods are being developed, which are consistent with the relevant division of the FSB. The agreed research program becomes the objective document on the basis of which the volume of future research, the timing of its implementation and the cost of work are determined.

One more thing worth noting important point implementation of certification studies - examination of submitted reports in expert organization(unit of the 8th FSB Center). This stage is not included in the certification agreement (since the FSB cannot be a party to the agreement), but its implementation usually takes up to two months. The result of the examination is the conclusion of the 8th FSB Center on compliance with security requirements. Of course, the positive conclusions of the certification laboratory's reports do not guarantee the same positive assessments of the conclusion. However, the practice of our testing laboratory shows that the coincidence of conclusions is almost one hundred percent. A positive conclusion entitles you to receive a certificate.

Discussion

Do they require certification? If required, then on the basis of what documents?

I don’t understand since when the professional term for encryption technology began with the letter “O9” inside.

Previously, only “LOBERS” wrote this way.

No prices, no clear requirements.

Where were you certifiers?

Please note that certification said technology recognized as necessary, since this guarantees a certain level of stability in the operation of information and telecommunication systems against computer attacks, unauthorized access to information resources, illegal or erroneous actions service personnel. That is why certified equipment, as a rule, is in demand by government customers, which is important for its developers.

What is this even about?

What has been done in this direction?

Did you just blow bubbles?

The intern wrote (first bottom photo) - and both censors (top photos) were apparently asleep.

"ONE of the areas of activity of the FSB (formerly FAPSI)"

as if the FSB used to be called FAPSI :)

The personnel of the 8th Main Directorate of the KGB were divided between the KGB and the SVR

then from the KGB they were called FSK and somewhere there, FAPSI was formed from the same ones.

And when Putin divided FAPSI between the FSO, FSB and SVR, he already confused everyone.

So they call themselves whatever they want, assuming that the name of the head of the department (department) says something to the initiates.

In a word, don’t load - it’s all one mess.

It’s just that previously this area was under the jurisdiction of FAPSI. When FAPSI was divided, it went to the FSB

Did you study the subject from the encyclopedia?

Or did you intentionally introduce this error there (in the encyclopedia)?

As far as I can tell in a professional (NOT Amateur) environment, the term

CIPHER "o9TEHNIKA" has been written since ancient times without the connective "O9".

O - this is for clickers of the Shchechelev level and other “JOURNALISTS9-” specialists9.

Real Guidance document(RD) establishes a classification of software (both domestic and imported) information security tools (IS), including those built into general system and application software, according to the level of control over the absence of undeclared capabilities in it.

The document does not apply to software for cryptographic information protection tools.

The level of control is determined by the fulfillment of the set of requirements specified by this RD :

to the composition and content of documentation, submitted by the applicant for testing the information protection software

The guidance document was developed in addition to the RD “Computer facilities. Protection against unauthorized access to information. Indicators of security against unauthorized access to information", M., Military Publishing House, 1992,

RD “Automated systems. Protection against unauthorized access to information. Classification of automated systems and requirements for information protection", M., Military Publishing House,

1992 and RD “Computer facilities. Firewalls. Protection against unauthorized access to information. Indicators of security against unauthorized access to information,” M., 1997.

The document is intended for specialists testing laboratories, customers, information security software developers while monitoring it in terms of the absence of undeclared capabilities.

1. General Provisions

1.1. Classification applies to software designed to protect restricted information.

1.2. Installed four levels of control lack of undeclared capabilities. Each level is characterized by a certain minimum set of requirements.

1.3. For software used to protect information, attributed to state secret, a level of control must be ensured not lower than third.

1.4 . The highest level of control – first , sufficient for software used to protect information classified as “OV”.

Second level of control sufficient for software used to protect information marked “CC”.

Third level of control sufficient for software used to protect information marked “C”.

1.5 Most low level control - fourth , sufficient for software used for protection confidential information.

2. Terms and definitions

2.1. Undeclared capabilities - functionality of the software that is not described or does not correspond to those described in the documentation, the use of which may violate the confidentiality, availability or integrity of the processed information. The implementation of undeclared capabilities, in particular, are software bookmarks.

2.6. The actual execution route of functional objects is the sequence of functional objects actually executed when certain conditions(input data).

Protection against unauthorized access to information Part 1. Information security software

Classification according to the level of control over the absence of undeclared capabilities

Approved by the decision of the Chairman of the State technical commission under the President of the Russian Federation dated June 4, 1999 N 114

This Guidance Document (RD) establishes the classification of software (both domestic and imported) information security tools (IS), including those built into general system and application software, according to the level of control over the absence of undeclared capabilities in it.

The document does not apply to software for cryptographic information protection tools.

The level of control is determined by the fulfillment of the set of requirements specified by this RD, imposed by:
- to the composition and content of the documentation submitted by the applicant for testing the information protection software;
- to the content of the tests.

The guidance document has been developed to complement:
- RD “Computer facilities. Protection against unauthorized access to information. Indicators of security against unauthorized access to information”, M., Military Publishing House, 1992;
- RD “Automated systems. Protection against unauthorized access to information. Classification of automated systems and requirements for information protection”, M., Military Publishing House, 1992;
- RD “Computer facilities. Firewalls. Protection against unauthorized access to information. Indicators of security against unauthorized access to information", M., 1997.

The document is intended for specialists in testing laboratories, customers, and information security software developers when monitoring it in terms of the absence of undeclared capabilities.

1. GENERAL PROVISIONS

1.1. The classification applies to software designed to protect restricted information.

1.2. Four levels of control over the absence of undeclared capabilities are established. Each level is characterized by a certain minimum set of requirements.

1.3. For software used to protect information classified as state secrets, a control level of at least third must be ensured.

1.4. The highest level of control is the first, sufficient for software used to protect information classified as “OV”.

The second level of control is sufficient for software used to protect information marked “CC”.

The third level of control is sufficient for software used to protect information classified as “C”.

1.5 The lowest level of control is the fourth, sufficient for software used to protect confidential information.

2. TERMS AND DEFINITIONS

2.1. Undeclared capabilities are software functionality that is not described or does not correspond to those described in the documentation, the use of which may violate the confidentiality, availability or integrity of the processed information.

The implementation of undeclared capabilities, in particular, are software bookmarks.

2.2. Software bookmarks are functional objects deliberately added to the software, which, under certain conditions (input data), initiate the execution of software functions not described in the documentation, leading to a violation of the confidentiality, availability or integrity of the processed information.

2.3. A functional object is a program element that carries out actions to implement a completed fragment of the program algorithm.

Functional objects can be procedures, functions, branches, operators, etc.

2.4. Information object- a program element containing fragments of information circulating in the program. Depending on the programming language as information objects can be variables, arrays, records, tables, files, fragments random access memory and so on.

2.5. The execution route of functional objects is a sequence of executed functional objects determined by the algorithm.

2.6. The actual execution route of functional objects is the sequence of functional objects that are actually executed under certain conditions (input data).

2.7. The critical route for the execution of functional objects is a route during which there is a possibility of uncontrolled violation established rules processing information objects.

2.8. Static analysis of program source codes is a set of methods for monitoring (in)compliance of software functionality implemented and declared in the documentation, based on structural analysis and decomposition of program source codes.

2.9. Dynamic analysis of program source codes is a set of methods for monitoring (in)compliance of software functionality implemented and declared in the documentation, based on the identification of actual execution routes of functional objects with subsequent comparison with routes constructed in the process of static analysis.

3. REQUIREMENTS FOR THE LEVEL OF CONTROL
3.1. LIST OF REQUIREMENTS

Table 1

Designations
"-" - no requirements for this level;
"+" - new or Additional requirements;
"=" - the requirements are the same as the requirements of the previous level.

3.2. REQUIREMENTS FOR THE FOURTH LEVEL OF CONTROL

3.2.1. Control of the composition and content of documentation

The documentation submitted by the applicant must include:

Specification (GOST 19.202-78), containing information about the composition of the software and documentation for it;

Description of the program (GOST 19.402-78), containing basic information about the composition (indicating the checksums of the files included in the software), logical structure and the software operating environment, as well as a description of methods, techniques and rules for operating technological equipment when creating software;

Application description (GOST 19.502-78), containing information about the purpose of the software, scope of application, methods used, class of tasks to be solved, application restrictions, minimum configuration of hardware, operating environment and operating procedure.

Source texts of programs (GOST 19.401-78) included in the software.

For imported software, the composition of the documentation may differ from the required one, but the content must comply with the requirements of the specified GOSTs.

3.2.2. Monitoring the initial state of the software

Control consists of recording the initial state of the software and comparing the results obtained with those given in the documentation.

The results of monitoring the initial state of the software should be calculated unique values ​​of checksums of load modules and source codes of programs included in the software.

Checksums must be calculated for each file included in the software.

3.2.3. Static analysis of program source codes

Static analysis of program source codes should include the following technological operations:
- control of completeness and lack of redundancy of software source texts at the file level;
- control of compliance of software source texts with its object (boot) code.

3.2.4. Reporting

Upon completion of the tests, a report (protocol) is drawn up containing the results:
- monitoring the initial state of the software;
- control of the completeness and absence of redundancy of the source texts of the controlled software at the file level;
- control of compliance of source texts with its object (boot) code.

3.3. REQUIREMENTS FOR THE THIRD LEVEL OF CONTROL

3.3.1. Control of the composition and content of documentation

The requirements fully include similar requirements for the fourth level of control.

In addition, an “Explanatory Note” (GOST 19.404-79) must be presented, containing basic information about the purpose of the components included in the software, the parameters of the processed data sets (database subschemas), generated return codes, a description of the variables used, operating algorithms and etc.

3.3.2. Monitoring the initial state of the software

The requirements fully include similar requirements for the fourth level of control.

3.3.3.Static analysis of program source codes

In addition to similar requirements for the fourth level of control, additional the following requirements:
- control of completeness and lack of redundancy of software source texts at the level of functional objects (procedures);
- control of connections of functional objects (modules, procedures, functions) for management;
- control of connections of functional objects (modules, procedures, functions) according to information;
- control of information objects various types(for example, local variables, global variables, external variables, etc.);
- formation of a list of routes for executing functional objects (procedures, functions).

3.3.4. Dynamic analysis of program source codes

Dynamic analysis of program source codes should include the following technological operations:
- control of the execution of functional objects (procedures, functions);
- comparison of actual execution routes of functional objects (procedures, functions) and routes constructed in the process of static analysis.

3.3.5. Reporting

In addition to similar requirements for the fourth level of control, the report (protocol) must additionally contain the results of:
- control of the completeness and lack of redundancy of the source texts of the controlled software at the level of functional objects (procedures);
- control of connections of functional objects (modules, procedures, functions) for management;
- control of connections of functional objects (modules, procedures, functions) according to information;
- control of information objects of various types (for example, local variables, global variables, external variables, etc.);
- forming a list of routes for executing functional objects (procedures, functions);
- monitoring the execution of functional objects (procedures, functions);
- comparison of actual execution routes of functional objects (procedures, functions) and routes constructed in the process of static analysis.

3.4. REQUIREMENTS FOR THE SECOND LEVEL OF CONTROL

3.4.1. Control of the composition and content of documentation

3.4.2. Monitoring the initial state of the software

The requirements fully include similar requirements for the third level of control.

3.4.3. Static analysis of program source codes

- control of the completeness and lack of redundancy of the source texts of the controlled software at the level of functional objects (functions);
- syntactic control of the presence of specified structures in the source texts of software from the list (base) of potentially dangerous ones program constructs;
- formation of a list of routes for the execution of functional objects (branches);
- analysis of critical routes for the execution of functional objects (procedures, functions) for lists of information objects specified by the expert;
- construction of block diagrams, diagrams, etc. from the source texts of the controlled software, and subsequent comparative analysis of the operation algorithm of functional objects (procedures, functions) and the operation algorithm given in “ Explanatory note”.

3.4.4. Dynamic analysis of program source codes

In addition to similar requirements for the third level of control, the following requirements are additionally imposed:
- control of the execution of functional objects (branches);
- comparison of actual execution routes of functional objects (branches) and routes constructed in the process of static analysis

3.4.5 Reporting

In addition to similar requirements for the third level of control, the report (protocol) must additionally contain the results of:
- control of completeness and lack of redundancy of source texts of controlled software at the level of functional objects (functions);
- syntactic control of the presence of specified constructions in the source texts of the software from the list (base) of potentially dangerous constructions;
- generating a list of routes for executing functional objects (branches);
- analysis of critical routes for the execution of functional objects (procedures, functions) for lists of information objects specified by an expert;
- construction of block diagrams, diagrams, etc. from the source texts of the controlled software, and subsequent comparative analysis algorithm of operation of functional objects (procedures, functions) and the algorithm of operation given in the “Explanatory Note”;
- monitoring the execution of functional objects (branches);
- comparison of actual execution routes of functional objects (branches) and routes constructed in the process of static analysis.

3.5. REQUIREMENTS FOR THE FIRST LEVEL OF CONTROL

3.5.1. Control of the composition and content of documentation

3.5.2. Monitoring the initial state of the software

The requirements fully include similar requirements for the second level of control.

3.5.3. Static analysis of program source codes

In addition to similar requirements for the second level of control, the following requirements are additionally imposed:
- control of compliance of software source texts with its object (boot) code using certified compilers;
- semantic control of the presence of specified structures in the source texts of the software from the list (base) of potentially dangerous structures.

3.5.4. Dynamic analysis of program source codes

The requirements fully include similar requirements for the second level of control.

3.5.5. Reporting

In addition to similar requirements for the second level of control, the report (protocol) must additionally contain the results of:
- monitoring the compliance of software source texts with its object (boot) code using certified compilers;
- semantic control of the presence of specified structures in the source texts of the software from the list (base) of potentially dangerous structures.