About the Security Assessment of Embedded Software in Automated Process Control System

摘要

This work explores theoretical related to the assessment of the embedded software security of programmable logic controllers (PLC) of industrial cyber-physical systems, which are the basic components of automated process control systems. Analysis of the relevance of the problem of evaluating software security has performed, correlation between software complexity and number of vulnerabilities has elucidated. The key features of embedded software affecting information security has identified. A formal approach to the assessment of security, based on the achievement of two indicators, modern software research methods for the presence of vulnerabilities and undeclared capabilities has been considered their shortcomings have covered, in particular, dependence on expert qualifications and open source orientation on vulnerability information. The use of a risk-based approach to the assessment of security, based on the family of standards ISO 29119-2013 has proposed. The proposed refinement and expansion of the basic methods of software in terms of assessing the security of software. Refinements and extensions of the basic software methodology in terms of software security assessment have proposed. The characteristic features and benefits of a risk-based approach have formulated.