An Automated Algorithm for Auditing Encryption Policies in Software Systems
Аннотация
This paper presents an automated auditing algorithm for evaluating the enforcement of encryption policies in software systems. The proposed approach addresses key limitations of existing auditing practices, including the complexity of heterogeneous configurations, the inconsistency between policy requirements and operational settings, and the reliance on manual inspection. The methodology formalizes encryption policies as structured requirements and evaluates their compliance against configuration and runtime data using deterministic compatibility and risk assessment functions. By aggregating local deviations into a unified risk index, the algorithm provides a quantitative and reproducible measure of system-level non-compliance. The proposed method enables continuous monitoring of encryption policy enforcement across multiple architectural layers, including application, network, and storage components. Experimental evaluation on a test software system demonstrates that the algorithm effectively identifies policy violations, captures their relative impact on security risk, and tracks compliance improvements over successive audit iterations. The results indicate a consistent reduction in the overall risk index following corrective actions applied to cryptographic parameters such as key length, protocol configuration, and certificate management. The presented approach is platform-agnostic and relies on formal modeling rather than heuristic inspection, making it suitable for integration into enterprise and large-scale information systems. The findings confirm that a mathematically grounded auditing framework can enhance the precision, transparency, and repeatability of encryption policy compliance assessment.
Перевод пока недоступен