Oulu University Secure Programming Group

Oulu University Secure Programming Group

The Oulu University Secure Programming Group (OUSPG) is a research group at the University of Oulu that studies, evaluates and develops methods of implementing and testing application and system software in order to prevent, discover and eliminate implementation level security vulnerabilities in a pro-active fashion. The focus is on implementation level security issues and software security testing.

Contents

History

OUSPG has been active as an independent academic research group in the Computer Engineering Laboratory in the Department of Electrical and Information Engineering in the University of Oulu since summer 1996.

OUSPG is most known for its participation in protocol implementation security testing, which they called Robustness testing, using the PROTOS mini-simulation method.[1]

The PROTOS was co-operated project with VTT and number of industrial partners. The project developed different approaches of testing implementations of protocols using black-box (i.e. functional) testing methods. The goal was to support pro-active elimination of faults with information security implications, promote awareness in these issues and develop methods to support customer driven evaluation and acceptance testing of implementations. Improving the security robustness of products was attempted through supporting the development process.

The most notable result of the PROTOS project was the result of the c06-snmp test suite, which discovered multiple vulnerabilities in SNMP.

The work done in PROTOS is continued in PROTOS-GENOME, which applies automatic structure inference combined with domain specific reasoning capabilities to enable automated black-box program robustness testing tools without having prior knowledge of the protocol grammar. This work has resulted in a large number of vulnerabilities being found in archive file and anti-virus products.

Commercial spin-offs

The group has produced two spin-off companies, Codenomicon continues the work of the PROTOS and Clarified Networks the work in FRONTIER.

References

  1. ^ Kaksonen, Rauli. 2001. A Functional Method for Assessing Protocol Implementation Security (Licentiate thesis). Espoo. Technical Research Centre of Finland, VTT Publications 448. 128 p. + app. 15 p. ISBN 951-38-5873-1 (soft back ed.) ISBN 951-38-5874-X (on-line ed.).

As of 12:21, 30 July 2009 (UTC), this article is derived in whole or in part from University of Oulu. The copyright holder has licensed the content utilized under CC-By-SA and GFDL. All relevant terms must be followed. The original text was at "Oulu University Secure Programming Group".

External links


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Clarified Networks — Type Privately held company Founded 2006 Headquarters Oulu, Finland Area served worldwide Products …   Wikipedia

  • Fuzz testing — Fuzzing redirects here. For other uses, see Fuzz (disambiguation). Fuzz testing or fuzzing is a software testing technique, often automated or semi automated, that involves providing invalid, unexpected, or random data to the inputs of a computer …   Wikipedia

  • Codenomicon — Type Privately held company Founded 2001 Headquarters Oulu, Finland Area served worldwide Products …   Wikipedia

  • Finland — /fin leuhnd/, n. 1. Finnish, Suomi. a republic in N Europe: formerly a province of the Russian Empire. 5,109,148; 130,119 sq. mi. (337,010 sq. km). Cap.: Helsinki. 2. Gulf of, an arm of the Baltic, S of Finland. * * * Finland Introduction Finland …   Universalium

  • History of virtual learning environments 1990s — In the history of virtual learning environments, the 1990s was a time of growth, primarily due to advent of the affordable computer and of the Internet.1990s1990* Formal Systems Inc. of Princeton, NJ, USA introduces a DOS based Assessment… …   Wikipedia

  • Internet Relay Chat — IRC redirects here. For other uses, see IRC (disambiguation). For IRC channels dedicated to Wikipedia, see Wikipedia:IRC Internet Relay Chat (IRC) is a protocol for real time Internet text messaging (chat) or synchronous conferencing.[1] It is… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”