Oulu University Secure Programming Group: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 12:40, 16 July 2010 edit ScottMHoward (talk \| contribs) 8,765 edits Adding/Fixing a Reference List ← Previous edit		Latest revision as of 06:02, 17 August 2023 edit undo InternetArchiveBot (talk \| contribs) Bots, Pending changes reviewers 5,694,874 edits Rescuing 1 sources and tagging 0 as dead.) #IABot (v2.0.9.5) (Whoop whoop pull up - 14623
(8 intermediate revisions by 7 users not shown)
Line 1: The '''Oulu University Secure Programming Group''' ('''OUSPG''') is a research group at the [[University of Oulu]] that studies, evaluates and develops methods of implementing and testing [[Application software\|application]] and [[system software]] in order to prevent, discover and eliminate implementation level security [[Vulnerability (computing)\|vulnerabilities]] in a pro-active fashion. The focus is on implementation level security issues and software [[security testing]]. ▼ ~~{{orphan\|date=February 2010}}~~ == History ==▼ ▲The '''Oulu University Secure Programming Group''' ('''OUSPG''') is a research group at the [[University of Oulu]] that studies, evaluates and develops methods of implementing and testing application and system software in order to prevent, discover and eliminate implementation level security vulnerabilities in a pro-active fashion. The focus is on implementation level security issues and software security testing. OUSPG has been active as an independent academic research group in the Computer Engineering Laboratory in the Department of Electrical and Information Engineering in the University of Oulu since summer 1996. ▼ OUSPG is most known for its participation in protocol implementation security testing, which they called [[~~Robustness~~robustness testing]], using the PROTOS mini-simulation method. <ref name="kaksonen_2001">~~Kaksonen,~~{{Cite ~~Rauli.~~thesis ~~2001.~~\|type= Licentiate thesis \|title= A Functional Method for Assessing Protocol Implementation Security ~~(Licentiate~~\|last= ~~thesis).~~Kaksonen \|first= Rauli \|year= 2001 \|place=Espoo. \|publisher= Technical Research Centre of Finland, \|series= VTT Publications 448. ~~128~~\| p.url += ~~app~~http://www. ~~15 p~~vtt.fi/inf/pdf/publications/2001/P448.pdf ~~ISBN 951~~\|access-~~38-5873-1~~date=12 ~~(soft~~September ~~back ed.)~~2013 ~~ISBN~~\|isbn= 951-38-5874-X ~~(on-line~~\| edpages = 128 p.) + app. 15 p\| no-pp=y}}</ref>▼ ▲== History == ▲OUSPG has been active as an independent academic research group in the Computer Engineering Laboratory in the Department of Electrical and Information Engineering in the University of Oulu since summer 1996. The PROTOS was co-operated project with VTT and number of industrial partners. The project developed different approaches of testing implementations of protocols using [[Black-box testing\|black-box]] (i.e. functional) testing methods. The goal was to support pro-active elimination of faults with information security implications, promote awareness in these issues and develop methods to support customer driven evaluation and acceptance testing of implementations. Improving the security robustness of products was attempted through supporting the development process.▼ ▲OUSPG is most known for its participation in protocol implementation security testing, which they called [[Robustness testing]], using the PROTOS mini-simulation method. <ref>Kaksonen, Rauli. 2001. A Functional Method for Assessing Protocol Implementation Security (Licentiate thesis). Espoo. Technical Research Centre of Finland, VTT Publications 448. 128 p. + app. 15 p. ISBN 951-38-5873-1 (soft back ed.) ISBN 951-38-5874-X (on-line ed.).</ref> The most notable result of the PROTOS project was the result of the c06-snmp test suite, which discovered multiple vulnerabilities in [[Simple Network Management Protocol\|SNMP]].▼ ▲The PROTOS was co-operated project with VTT and number of industrial partners. The project developed different approaches of testing implementations of protocols using black-box (i.e. functional) testing methods. The goal was to support pro-active elimination of faults with information security implications, promote awareness in these issues and develop methods to support customer driven evaluation and acceptance testing of implementations. Improving the security robustness of products was attempted through supporting the development process. The work done in PROTOS is continued in PROTOS-GENOME, which applies automatic structure inference combined with ___domain specific reasoning capabilities to enable automated black-box program robustness testing tools without having prior knowledge of the protocol grammar. This work has resulted in a large number of vulnerabilities being found in [[archive file]] and ~~anti-virus~~[[Antivirus software\|antivirus products]].▼ ▲The most notable result of the PROTOS project was the result of the c06-snmp test suite, which discovered multiple vulnerabilities in [[SNMP]]. == Commercial spin-offs ==▼ ▲The work done in PROTOS is continued in PROTOS-GENOME, which applies automatic structure inference combined with ___domain specific reasoning capabilities to enable automated black-box program robustness testing tools without having prior knowledge of the protocol grammar. This work has resulted in a large number of vulnerabilities being found in archive file and anti-virus products. ▲== Commercial spin-offs == The group has produced two spin-off companies, [[Codenomicon]] continues the work of the PROTOS and [[Clarified Networks]] the work in FRONTIER. ==References== {{~~reflist~~Reflist}} {{Dual\|source=University of Oulu\|sourcepath=http://www.ee.oulu.fi/research/ouspg/\|sourcearticle=Oulu University Secure Programming Group\|date=12:21, 30 July 2009 (UTC)}} * ~~Kaksonen,~~{{Cite ~~Rauli.~~thesis ~~2001.~~\|type= Licentiate thesis \|title= A Functional Method for Assessing Protocol Implementation Security ~~(Licentiate~~\|last= ~~thesis).~~Kaksonen \|first= Rauli \|year= 2001 \|place=Espoo. \|publisher= Technical Research Centre of Finland, \|series= VTT Publications ~~447.~~448 ~~128~~\| p.url += ~~app~~http://www. ~~15 p~~vtt.~~ ISBN~~fi/inf/pdf/publications/2001/P448.pdf ~~951-38~~\|access-~~5873-1~~date=12 ~~(soft~~September ~~back ed.)~~2013 ~~ISBN~~\|isbn= 951-38-5874-X ~~(on-line~~\| ~~ed.).~~pages ~~http://www~~= 128 p.~~inf~~ + app.~~vtt.fi/pdf/publications/2001/P448.pdf~~ 15 p\| no-pp=y}} * {{cite web\|title=Oulu University Secure Programming Group\|url=https://www.ee.oulu.fi/research/ouspg/\|publisher=University of Oulu\|___location=Oulu\|access-date=12 September 2013\|archive-date=2 November 2013\|archive-url=https://web.archive.org/web/20131102233407/https://www.ee.oulu.fi/research/ouspg/\|url-status=dead}} * http://www.ee.oulu.fi/research/ouspg/ == External links == * {{cite web\|last=Poulsen\|first=Kevin\|title=Feds, Industry, Battle the Biggest Bug\|url=http://www.securityfocus.com/news/474\|work=SecurityFocus\|access-date=12 September 2013 \|date=12 June 2002}} * http://www.securityfocus.com/news/474 * {{cite web\|title=CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats\|url=https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html\|work=CERT-FI\|publisher=Finnish Communications Regulatory Authority\|access-date=12 September 2013\|___location=Helsinki\|date=6 August 2009}} [[Category:Computer ~~network~~ security organizations]] [[Category:Software testing]] [[Category:University of Oulu\|Secure Programming Group]]