Approach to assessment of firmware security under fuzzy input data

The article highlights the issues of security and software security, which turn to be secondary in the design and development of software tools in order to please the speedy launch of the software product on the market. Due to the fact that the cost of eliminating security defects is higher in the late stages of design, the scientific problem of assessing software security under high uncertainty has been considered. The functional requirements for security of the firmware are given. A new approach is proposed for assessing the firmware security. The subject of research is a firmware designed to control various devices and microcontrollers. Based on GOST R 56939-2016 “Information security. Secure software development. General requirements” there have been developed the security requirements (qualitative and quantitative) for the embedded software, the assessment of which allows determining the level of security of the firmware as a whole. The fuzzy logic apparatus was used to optimize the assessment process in conditions of possible uncertainty, inconsistency, incompleteness and qualitative nature of the input data. The proposed method will help minimize the economic risks at the stages of operation and maintenance of embedded systems.