THE TECHNIQUE OF ANALYSIS OF SOFTWARE OF ON-BOARD COMPUTERS OF AIR VESSEL TO ABSENCE OF UNDECLARED CAPABILITIES BY SIGNATURE-HEURISTIC WAY

The article considers the issues of civil aviation aircraft onboard computers data safety. Information security undeclared capabilities stand for technical equipment or software possibilities, which are not mentioned in the documentation. Documentation and tests content requirements are imposed during the software certification. Documentation requirements include documents composition and content of control (specification, description and program code, the source code). Test requirements include: static analysis of program codes (including the compliance of the sources with their loading modules monitoring); dynamic analysis of source code (including implementation of routes monitoring). Currently, there are no complex measures for checking onboard computer software. There are no rules and regulations that can allow controlling foreign production aircraft software, and the actual receiving of software is difficult. Consequently, the author suggests developing the basics of aviation rules and regulations, which allow to analyze the programs of CA aircraft onboard computers. If there are no software source codes the two approaches of code analysis are used: a structural static and dynamic analysis of the source code; signature-heuristic analysis of potentially dangerous operations. Static analysis determines the behavior of the program by reading the program code (without running the program) which is represented in the assembler language - disassembly listing. Program tracing is performed by the dynamic analysis. The analysis of aircraft software ability to detect undeclared capabilities using the interactive disassembler was considered in this article.

software, aircraft on-board computer, undeclared capabilities, structural static analysis, dynamic analysis, signature-heuristic analysis

1. Zashchita ot nesanktsionirovannogo dostupa k informatsii Chast' 1. Programmnoye obespecheniye sredstv zashchity informatsii. Klassifikatsiya po urovnyu kontrolya otsutstviya nedeklarirovannykh vozmozhnostey [Protection against unauthorized access to information Part 1. Software protection information. Classification by the level of control of absence undeclared -bath options]. Prikaz predsedatelya Gostekhkomissii Rossii [Order of the Chairman of the State Technical Commission of Russia]. June 4, 1999, № 114. 4 p. (in Russian)

2. Kasperski K. Komp'yuternyye virusy iznutri i snaruzhi [Computer viruses inside and outside]. SPb., Peter, 2006, 400 p. (in Russian)

3. Petrov V.I. Nedeklarirovannyye vozmozhnosti programmnogo obespecheniya bortovykh komp'yuterov vozdushnogo sudna [Undeclared capabilities of software-board computers of the aircraft]. Grazhdanskaya aviatsiya na sovremennom etape razvitiya nauki, tekhniki i obshchestva. Sbornik tezisov dokladov uchastnikov Mezhdunarodnoy nauchno-tekhnicheskoy konferentsii, posvyashchennoy 45-letiyu Universiteta [Civil aviation at the present stage of development of science, technology and society. Abstracts of the participants of the International scientific conference devoted to the 45th anniversary of the University]. Moscow, Academy named after N.E. Zhukovsky Publ., 2016, p. 160. (in Russian)

4. Fedosov Ye.A., Chuyanov G.A., Kos'yanchuk V.V., Sel'vesyuk N.I. Perspektivnyy oblik i tekhnologii razrabotki kompleksov bortovogo oborudovaniya vozdushnykh sudov [Perspective image of technology and the development of systems of aircraft avionics]. Obshcherossiyskiy nauchnotekhnicheskiy zhurnal «Polet». [Flight. All-Russian scientific and technical journal], 2013, № 8, pp. 41–52. (in Russian)

5. Polovinchuk N.Y., Dryukov A.A., Doroszewska O.V., Kalashnikov V.V. Algoritmicheskoye i programmnoye obespecheniye po iscledovaniyu bortovykh vychislitel'nykh ustroystv [Algorithmic and the software on the researches of the onboard computing devices]. Innovatsionnyye protsessy v sovremennom mire (Innoforum-2016). Materialy mezhdunarodnoy nauchno-prakticheskoy konferentsii [Innovative processes in the modern world (Innoforum 2016). Proceedings of the international scientific-practical conference]. Moscow, 2016, pp. 380–383. (in Russian)

6. Bolelov E.A. Modeli vykhodnykh signalov radionavigatsionnykh izmeriteley bortovogo kompleksa primenitel'no k usloviyam anomal'nogo rezhima ikh funktsionirovaniya [Model output signals navigation gauges avionics complex in relation to the conditions of the anomalous mode of their functioning]. Problemy bezopasnosti Rossiyskogo obshchestva [Security Problems of the Russian society], 2015, № 2, pp. 44–50. (in Russian)

7. Kuznetsov S.V. Analiz struktury sovremennyh kompleksov i sistem avioniki vozdushnyh sudov grazhdanskoj aviacii [Analysis of the structure of modern avionics systems and complexes of civil aircrafts]. Nauchnyj Vestnik MGTU GA [Scientific Bulletin of the MSTUCA], 1998, no. 3, pp. 5–26. (in Russian)

8. Kuznetsov S.V. Matematicheskiye modeli protsessov i sistem tekhnicheskoy ekspluatatsii avioniki kak markovskiye i polumarkovskiye protsessy [Mathematical models of processes and systems of avionic technical operation as Markov and Semimarkov processes]. Nauchnyj Vestnik MGTU GA [Scientific Bulletin of the MSTUCA], 2015, no. 213, pp. 28–33. (in Russian)