Oulu University Secure Programming Group: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 13:19, 24 November 2012 edit Apalsola (talk \| contribs) Extended confirmed users, Pending changes reviewers 9,079 edits added Category:University of Oulu using HotCat ← Previous edit		Latest revision as of 06:02, 17 August 2023 edit undo InternetArchiveBot (talk \| contribs) Bots, Pending changes reviewers 5,694,855 edits Rescuing 1 sources and tagging 0 as dead.) #IABot (v2.0.9.5) (Whoop whoop pull up - 14623
(6 intermediate revisions by 6 users not shown)
Line 1: The '''Oulu University Secure Programming Group''' ('''OUSPG''') is a research group at the [[University of Oulu]] that studies, evaluates and develops methods of implementing and testing [[Application software\|application]] and [[system software]] in order to prevent, discover and eliminate implementation level security [[Vulnerability (computing)\|vulnerabilities]] in a pro-active fashion. The focus is on implementation level security issues and software [[security testing]]. ==History== OUSPG has been active as an independent academic research group in the Computer Engineering Laboratory in the Department of Electrical and Information Engineering in the University of Oulu since summer 1996. OUSPG is most known for its participation in protocol implementation security testing, which they called [[~~Robustness~~robustness testing]], using the PROTOS mini-simulation method.<ref name="kaksonen_2001">~~Kaksonen,~~{{Cite ~~Rauli.~~thesis ~~2001.~~\|type= Licentiate thesis \|title= A Functional Method for Assessing Protocol Implementation Security ~~(Licentiate~~\|last= ~~thesis).~~Kaksonen \|first= Rauli \|year= 2001 \|place=Espoo. \|publisher= Technical Research Centre of Finland, \|series= VTT Publications 448. ~~128~~\| p.url += ~~app~~http://www. ~~15 p~~vtt.fi/inf/pdf/publications/2001/P448.pdf ~~ISBN 951~~\|access-~~38-5873-1~~date=12 ~~(soft~~September ~~back ed.)~~2013 ~~ISBN~~\|isbn= 951-38-5874-X ~~(on-line~~\| edpages = 128 p.) + app. 15 p\| no-pp=y}}</ref> The PROTOS was co-operated project with VTT and number of industrial partners. The project developed different approaches of testing implementations of protocols using [[Black-box testing\|black-box]] (i.e. functional) testing methods. The goal was to support pro-active elimination of faults with information security implications, promote awareness in these issues and develop methods to support customer driven evaluation and acceptance testing of implementations. Improving the security robustness of products was attempted through supporting the development process. The most notable result of the PROTOS project was the result of the c06-snmp test suite, which discovered multiple vulnerabilities in [[Simple Network Management Protocol\|SNMP]]. The work done in PROTOS is continued in PROTOS-GENOME, which applies automatic structure inference combined with ___domain specific reasoning capabilities to enable automated black-box program robustness testing tools without having prior knowledge of the protocol grammar. This work has resulted in a large number of vulnerabilities being found in [[archive file]] and ~~anti-virus~~[[Antivirus software\|antivirus products]]. ==Commercial spin-offs== Line 21: {{Dual\|source=University of Oulu\|sourcepath=http://www.ee.oulu.fi/research/ouspg/\|sourcearticle=Oulu University Secure Programming Group\|date=12:21, 30 July 2009 (UTC)}} * ~~Kaksonen,~~{{Cite ~~Rauli.~~thesis ~~2001.~~\|type= Licentiate thesis \|title= A Functional Method for Assessing Protocol Implementation Security ~~(Licentiate~~\|last= ~~thesis).~~Kaksonen \|first= Rauli \|year= 2001 \|place=Espoo. \|publisher= Technical Research Centre of Finland, \|series= VTT Publications ~~447.~~448 ~~128~~\| p.url += ~~app~~http://www. ~~15 p~~vtt.~~ ISBN~~fi/inf/pdf/publications/2001/P448.pdf ~~951-38~~\|access-~~5873-1~~date=12 ~~(soft~~September ~~back ed.)~~2013 ~~ISBN~~\|isbn= 951-38-5874-X ~~(on-line~~\| ~~ed.).~~pages ~~http://www~~= 128 p.~~inf~~ + app.~~vtt.fi/pdf/publications/2001/P448.pdf~~ 15 p\| no-pp=y}} * {{cite web\|title=Oulu University Secure Programming Group\|url=https://www.ee.oulu.fi/research/ouspg/\|publisher=University of Oulu\|___location=Oulu\|access-date=12 September 2013\|archive-date=2 November 2013\|archive-url=https://web.archive.org/web/20131102233407/https://www.ee.oulu.fi/research/ouspg/\|url-status=dead}} * http://www.ee.oulu.fi/research/ouspg/ ==External links== * {{cite web\|last=Poulsen\|first=Kevin\|title=Feds, Industry, Battle the Biggest Bug\|url=http://www.securityfocus.com/news/474\|work=SecurityFocus\|access-date=12 September 2013 \|date=12 June 2002}} * http://www.securityfocus.com/news/474 * {{cite web\|title=CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats\|url=https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html\|work=CERT-FI\|publisher=Finnish Communications Regulatory Authority\|access-date=12 September 2013\|___location=Helsinki\|date=6 August 2009}} [[Category:Computer ~~network~~ security organizations]] [[Category:Software testing]] [[Category:University of Oulu\|Secure Programming Group]]