Generalized risk assessment procedure for software testing of legally regulated measuring instruments
Date
2023-02-28
Journal Title
Journal ISSN
Volume Title
Publisher
Видавництво Львівської політехніки
Lviv Politechnic Publishing House
Lviv Politechnic Publishing House
Abstract
The legal metrology covers measuring instruments (MI), the measurement results of which are used in calculations
for consumed energy resources, in the fields of information protection, security, environmental protection, etc. Most modern
MIs use microcontrollers or are controlled by computers. The software (SW) of such MIs provides an opportunity not only to automate
the processes of measurement and calculation of results but also to ensure long-term storage and data transfer. The manufacturer
is responsible for investigating and assessing all possible risks related to the MI SW. The task of the conformity assessment
body is to assess the conformity of MIs adequately in general and software, in particular, to the established requirements
based on the analysis of risk classes. Standards for information security risk management, information technology security assessment,
and information technology security assessment criteria consider only general issues of software security and risk assessment
without taking into account the scope of its application. The existing regulatory documents on software risk management
were considered. Modern methods of assessing the risks of the MI SW were studied. To assess the risks of software of legally regulated
MIs, a general classification of threats and vulnerabilities of MI SW was made. For choosing threats that affect functionality,
only those that affect metrological characteristics during measurement are taken into account. Possible manifestations of the
impact of threats on stored data can be their distortion or destruction, and transmissions of data can be data distortion during
transmission or data loss due to a break in the telecommunications connection. A proposed simplified risk assessment methodology
for assessing the compliance of MI SW without statistical data on the probabilities of threats and the amount of harm from the
implementation of threats is presented. Risk is defined as the probability of harm due to a certain vulnerability, taking into account
the conditional amount of harm.
Description
Keywords
Software, Measuring instruments, Risk assessment, Assessing compliance
Citation
Gaman V. Generalized risk assessment procedure for software testing of legally regulated measuring instruments / Valentyn Gaman, Serhii Kursin, Oleh Velychko // Measuring Equipment and Metrology. — Lviv : Lviv Politechnic Publishing House, 2023. — Vol 84. — No 3. — P. 47–52.