Modeling the Development of Energy Network Software, Taking into Account the Detection and Elimination of Vulnerabilities

Abstract

This paper solves the problem of modeling the scheme for developing software systems, which can be used in building solutions for secure energy networks. A development scheme is proposed in a set of representations through which each program of the software complex passes, namely the following representations: idea, conceptual model, architecture, algorithm, source code, graphic code, abstract syntax tree, assembler code, machine code, byte code, executed code. The main properties of each representation are indicated, such as the form (text, graphic, programming language, binary, and decoded), development (transformation) methods, as well as vulnerabilities that are detected in it. An example of each representation is given, particularly as applied to the energy networks. The scheme elements (representations, vulnerabilities, forms, etc.) and the main operations for working with their elements (representation transformation, vulnerability injection, and detection) are presented in an analytical form. An example of a development scheme for a simple software complex of energy networks is given. The classification of vulnerabilities is introduced; it divides the vulnerabilities according to the structural level, functioning disruption, and information impact. The vulnerabilities in each of the views are substantiated using the common vulnerabilities and exposures (CVE) database. An experiment was conducted to demonstrate the vulnerability spread across representations during the development of a software complex example for the energy network. The features of the applications of the obtained results for energy networks are taken into account. The advantages, disadvantages, and limitations of the study, as well as ways to eliminate them, are discussed.