HOME

TheInfoList



Click Here for Items Related To - Oulu University Secure Programming Group
OR:
Oulu University Secure Programming Group on:   [Wikipedia]   [Google]   [Amazon]

The Oulu University Secure Programming Group (OUSPG) is a research group at the University of Oulu that studies, evaluates and develops methods of implementing and testing application and
system software System software is software designed to provide a platform for other software. An example of system software is an operating system (OS) (like macOS, Linux, Android, and Microsoft Windows). Application software is software that allows users to d ...
in order to prevent, discover and eliminate implementation level security
vulnerabilities Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." The understanding of social and environmental vulnerability, as a methodological approach, involves ...
in a pro-active fashion. The focus is on implementation level security issues and software security testing.


History

OUSPG has been active as an independent academic research group in the Computer Engineering Laboratory in the Department of Electrical and Information Engineering in the University of Oulu since summer 1996. OUSPG is most known for its participation in protocol implementation security testing, which they called robustness testing, using the PROTOS mini-simulation method. The PROTOS was co-operated project with VTT and number of industrial partners. The project developed different approaches of testing implementations of protocols using black-box (i.e. functional) testing methods. The goal was to support pro-active elimination of faults with information security implications, promote awareness in these issues and develop methods to support customer driven evaluation and acceptance testing of implementations. Improving the security robustness of products was attempted through supporting the development process. The most notable result of the PROTOS project was the result of the c06-snmp test suite, which discovered multiple vulnerabilities in
SNMP Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically su ...
. The work done in PROTOS is continued in PROTOS-GENOME, which applies automatic structure inference combined with domain specific reasoning capabilities to enable automated black-box program robustness testing tools without having prior knowledge of the protocol grammar. This work has resulted in a large number of vulnerabilities being found in
archive file In computing, an archive file stores the content of one or more files, possibly compressed, with associated metadata such as file name, directory structure, error detection and correction information, commentary, compressed data archives, sto ...
and antivirus products.


Commercial spin-offs

The group has produced two spin-off companies,
Codenomicon Synopsys, Inc. is an American electronic design automation (EDA) company headquartered in Sunnyvale, California, that focuses on silicon design and verification, silicon intellectual property and software security and quality. Synopsys sup ...
continues the work of the PROTOS and Clarified Networks the work in FRONTIER.


References

* *


External links

* * {{cite web, title=CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats, url=https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html, work=CERT-FI, publisher=Finnish Communications Regulatory Authority, access-date=12 September 2013, location=Helsinki, date=6 August 2009 Computer security organizations Software testing Secure Programming Group