Oulu University Secure Programming Group: Difference between revisions

The '''Oulu University Secure Programming Group''' ('''OUSPG''') is a research group at the [[University of Oulu]] that studies, evaluates and develops methods of implementing and testing [[Application software|application]] and [[System software|system software]] in order to prevent, discover and eliminate implementation level security [[Vulnerability (computing)|vulnerabilities]] in a pro-active fashion. The focus is on implementation level security issues and software [[security testing]].

OUSPG is most known for its participation in protocol implementation security testing, which they called [[Robustnessrobustness testing]], using the PROTOS mini-simulation method.<ref name="kaksonen_2001">Kaksonen,{{Cite Rauli.thesis 2001.|type= Licentiate thesis |chapter= |title= A Functional Method for Assessing Protocol Implementation Security (Licentiate|url= thesis).|last= Kaksonen |first= Rauli |year= 2001 |place=Espoo. |publisher= Technical Research Centre of Finland, |series= VTT Publications 448. 128|accessdate= p.|docket= +|oclc= app.| 15url p= http://www.vtt.fi/inf/pdf/publications/2001/P448.pdf ISBN|accessdate=12 951-38-5873-1September (soft2013 back ed.)|format=PDF ISBN|isbn= 951-38-5874-X (on-line| edpages = 128&nbsp;p.) + app. 15&nbsp;p.| nopp=y}}</ref>

The PROTOS was co-operated project with VTT and number of industrial partners. The project developed different approaches of testing implementations of protocols using [[Black-box testing|black-box]] (i.e. functional) testing methods. The goal was to support pro-active elimination of faults with information security implications, promote awareness in these issues and develop methods to support customer driven evaluation and acceptance testing of implementations. Improving the security robustness of products was attempted through supporting the development process.

The most notable result of the PROTOS project was the result of the c06-snmp test suite, which discovered multiple vulnerabilities in [[Simple Network Management Protocol|SNMP]].

The work done in PROTOS is continued in PROTOS-GENOME, which applies automatic structure inference combined with ___domain specific reasoning capabilities to enable automated black-box program robustness testing tools without having prior knowledge of the protocol grammar. This work has resulted in a large number of vulnerabilities being found in [[archive file]] and anti-virus[[Antivirus software|antivirus products]].

* Kaksonen,{{Cite Rauli.thesis 2001.|type= Licentiate thesis |chapter= |title= A Functional Method for Assessing Protocol Implementation Security (Licentiate|url= thesis).|last= Kaksonen |first= Rauli |year= 2001 |place=Espoo. |publisher= Technical Research Centre of Finland, |series= VTT Publications 447.448 128|accessdate= p.|docket= +|oclc= app.| 15url p.&nbsp;ISBN 951-38-5873-1 (soft back ed.) ISBN 951-38-5874-X (on-line ed.).= http://www.inf.vtt.fi/inf/pdf/publications/2001/P448.pdf |accessdate=12 September 2013 |format=PDF |isbn= 951-38-5874-X | pages = 128&nbsp;p. + app. 15&nbsp;p.| nopp=y}}

* {{cite web|last=Poulsen|first=Kevin|title=Feds, Industry, Battle the Biggest Bug|url=http://www.securityfocus.com/news/474|work=SecurityFocus|accessdate=12 September 2013 |date=12 June 2002}}

* {{cite web|title=CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats|url=https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html|work=CERT-FI|publisher=Finnish Communications Regulatory Authority|accessdate=12 September 2013|___location=Helsinki|date=6 August 2009}}