Quantitative Security Characteristics of Perl Programs

Abstract

The program quality is used to be characterized with error number per 1000 code lines. This parameter is calculated by a statistical regressive analysis of error numbers for successive code versions, with a subsequent extrapolation for the future. This procedure is very tedious even for large companies. It is very hard to verify this estimate for common users, as they have no initial data. There are a lot of methods to estimate code error number, e.g., models Shooman, Musa, Bell-LaPadula, Jelinski-Moranda, Schick-Wolverton, Mills, Lipov, Corcoran, Bernoulli simple intuitive software reliability model, Nelson's software reliability. But often we deal with programs that formally have no errors, at the same time their quality is not evident. The method is proposed to estimate quantitatively a code quality for Perl-routines. This method can identify weaknesses in certain program components, where errors are possible. The proposed method is based on programming style analysis. The method is applicable for any programs with open sources (Python, Perl, PHP, etc). The method can be used for quality comparison and choice of the programs solving similar tasks.

Author Biographies

Anna Alekseevna Kulikovskaya, National Research Center "Kurchatov Institute"

Junior Researcher

Elizaveta Alexandrovna Dorenskaya, National Research Center "Kurchatov Institute"

Software Engineer

Yuri Alexeyevich Semenov, National Research Centre "Kurchatov Institute"; Moscow Institute of Physics and Technology (National Research University)

Lead Researcher of the Institute for Theoretical and Experimental Physics named by A.I. Alikhanov; Deputy Head of the Chair for Computer Science, Institute of Nano-, Bio-, Information, Cognitive and Socio-humanistic Sciences and Technologies, Cand. Sci. (Phys.-Math.)

References

1. Li M., Xiao D., Huang H., Zhang B. Multi-level video quality services and security guarantees based on compressive sensing in sensor-cloud system. Journal of Network and Computer Applications. 2022;205:103456. doi: https://doi.org/10.1016/j.jnca.2022.103456
2. Zhang Z., Wu W., Wu D. A Multi-Mode Learning Behavior Real-time Data Acquisition Method Based on Data Quality. In: 2021 2nd International Symposium on Computer Engineering and Intelligent Communications (ISCEIC). Nanjing, China: IEEE Computer Society; 2021. p. 64-69. doi: https://doi.org/10.1109/ISCEIC53685.2021.00021
3. Wang Y., Yu C., Hou J., Zhang Y., Fang X., Wu S. Research on the Key Issues of Big Data Quality Management, Evaluation, and Testing for Automotive Application Scenarios. Complexity. 2021;2021:9996011. doi: https://doi.org/10.1155/2021/9996011
4. Pipino L.L., Lee Y.W., Wang R.Y. Data quality assessment. Communications of the ACM. 2002;45(4):211-218. doi: https://doi.org/10.1145/505248.506010
5. Govender S.G., Kritzinger E., Loock M. A Framework for the Assessment of Information Security Risk, the Reduction of Information Security Cost and the Sustainability of Information Security Culture. In: Silhavy R. (ed.) Applied Informatics and Cybernetics in Intelligent Systems. CSOC 2020. Advances in Intelligent Systems and Computing. Vol. 1226. Cham: Springer; 2020. p. 69-84. doi: https://doi.org/10.1007/978-3-030-51974-2_7
6. Aiken P.H. Reverse Engineering of Data. IBM Systems Journal. 1998;37(2):246-269. doi: https://doi.org/10.1147/sj.372.0246
7. Arenas M., Bertossi L., Chomicki J. Consistent query answers in inconsistent databases. In: Proceedings of the eighteenth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems (PODS '99). New York, NY, USA: Association for Computing Machinery; 1999. p. 68-79. doi: https://doi.org/10.1145/303976.303983
8. Сarlo B., Cinzia C., Chiara F., Andrea M. Methodologies for data quality assessment and improvement. ACM Computing Surveys. 2009;41(3):16. doi: https://doi.org/10.1145/1541880.1541883
9. Ballou D.P., Wang R., Pazer H.L., Tayi G.K. Modelling Information Manufacturing Systems to Determine Information Product Quality. Management Science. 1998;44(4):433-594. doi: https://doi.org/10.1287/mnsc.44.4.462
10. Bovee M., Srivastava R.P., Mak B. A Conceptual Framework and Belief- Function Approach to Assessing Overall Information Quality. International Journal of Intelligent Systems. 2003;18(1):51-74. doi: https://doi.org/10.1002/int.10074
11. Cappiello C., Francalanci C., Pernici B. Time-Related Factors of Data Quality in Multichannel Information Systems. Journal of Management Information Systems. 2003;20(3):71-91. doi: https://doi.org/10.1080/07421222.2003.11045769
12. Eppler M.J. Managing Information Quality. Increasing the Value of Information in Knowledge-intensive Products and Processes. Heidelberg: Springer Berlin; 2003. 398 p. doi: https://doi.org/10.1007/3-540-32225-6
13. Jarke M., Jeusfeld M.A., Quix C., Vassiliadis P. Architecture and Quality in Data Warehouses: An Extended repository Approach. Information Systems. 1999;24(3):229-253. doi: https://doi.org/10.1016/S0306-4379(99)00017-4
14. Naumann F. Quality-Driven Query Answering for Integrated Information Systems. In: Lecture Notes in Computer Science. Vol. 2261. Heidelberg: Springer Berlin; 2002. 168 p. doi: https://doi.org/10.1007/3-540-45921-9
15. Orr K. Data Quality and Systems Theory. Communications of the ACM. 1998;41(2):66-71. doi: https://doi.org/10.1145/269012.269023
16. Wang R.Y. A Product Perspective on Total Data Quality Management. Communications of the ACM. 1998;41(2):58-65. doi: https://doi.org/10.1145/269012.269022 
17. Wang R.Y., Strong D.M. Beyond Accuracy: What Data Quality Means to Data Consumers. Journal of Management Information Systems. 1996;12(4):5-33. doi: https://doi.org/10.1080/07421222.1996.11518099
18. Wand Y., Wang R.Y. Anchoring Data Quality Dimensions in Ontological Foundations. Communication of the ACM. 1996;39(11):86-95. doi: https://doi.org/10.1145/240455.240479
19. Coust P. Chapter 15 ‒ Methods and Logics for Proving Programs. Formal Models and Semantics. Handbook of Theoretical Computer Science. Elsevier Science; 1990. p. 843-993. doi: https://doi.org/10.1016/B978-0-444-88074-1.50020-2
20. Dorenskaya E.A., Semenov Yu.A. About the Programming Techniques, Oriented to Minimize Errors. Modern Information Technologies and IT-Education. 2017;13(2):50-56. (In Russ., abstract in Eng.) doi: https://doi.org/10.25559/SITITO.2017.2.226
21. Holzmann G.J. The power of 10: rules for developing safety-critical code. Computer. 2006;39(6):95-99. doi: https://doi.org/10.1109/MC.2006.212
22. Schilling W., Alam M. A methodology for quantitative evaluation of software reliability using static analysis. In: 2008 Annual Reliability and Maintainability Symposium. Las Vegas, NV, USA: IEEE Computer Society; 2008. p. 399-404. doi: https://doi.org/10.1109/RAMS.2008.4925829
23. de Sousa A.L.R., de Souza C.R.B., Reis R.Q. A 20-year mapping of Bayesian belief networks in software project management. IET Software. 2022;16(1):14-28. doi: https://doi.org/10.1049/sfw2.12043
24. Sonnekalb T., Heinze T.S., Mäder P. Deep security analysis of program code. Empirical Software Engineering. 2022;27(1):2. doi: https://doi.org/10.1007/s10664-021-10029-x
25. Villalón-Fonseca R. The nature of security: A conceptual framework for integral-comprehensive modeling of IT security and cybersecurity. Computers & Security. 2022;120:102805. doi: https://doi.org/10.1016/j.cose.2022.102805
Published
2022-12-20
How to Cite
KULIKOVSKAYA, Anna Alekseevna; DORENSKAYA, Elizaveta Alexandrovna; SEMENOV, Yuri Alexeyevich. Quantitative Security Characteristics of Perl Programs. Modern Information Technologies and IT-Education, [S.l.], v. 18, n. 4, p. 855-860, dec. 2022. ISSN 2411-1473. Available at: <http://sitito.cs.msu.ru/index.php/SITITO/article/view/926>. Date accessed: 26 apr. 2025. doi: https://doi.org/10.25559/SITITO.18.202204.855-860.
Section
Theoretical and Practical Aspects of Cybersecurity