OUSPG
   HOME

TheInfoList



Click Here for Items Related To - OUSPG
OR:
OUSPG on:   [Wikipedia]   [Google]   [Amazon]

The Oulu University Secure Programming Group (OUSPG) is a research group at the
University of Oulu The University of Oulu ( fi, Oulun yliopisto) is one of the largest universities in Finland, located in the city of Oulu. It was founded on July 8, 1958. The university has around 13,000 students and 2,900 staff. 21 International Master's P ...
that studies, evaluates and develops methods of implementing and testing
application Application may refer to: Mathematics and computing * Application software, computer software designed to help the user to perform specific tasks ** Application layer, an abstraction layer that specifies protocols and interface methods used in a c ...
and
system software System software is software designed to provide a platform for other software. Examples of system software include operating systems (OS) like macOS, Linux, Android and Microsoft Windows, computational science software, game engines, search engin ...
in order to prevent, discover and eliminate implementation level security
vulnerabilities Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...
in a pro-active fashion. The focus is on implementation level security issues and software
security testing Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing the security testing ...
.


History

OUSPG has been active as an independent academic research group in the Computer Engineering Laboratory in the Department of Electrical and Information Engineering in the University of Oulu since summer 1996. OUSPG is most known for its participation in protocol implementation security testing, which they called
robustness testing Robustness testing is any quality assurance methodology focused on testing the robustness of software. Robustness testing has also been used to describe the process of verifying the robustness (i.e. correctness) of test cases in a test process. A ...
, using the PROTOS mini-simulation method. The PROTOS was co-operated project with VTT and number of industrial partners. The project developed different approaches of testing implementations of protocols using
black-box In science, computing, and engineering, a black box is a system which can be viewed in terms of its inputs and outputs (or transfer characteristics), without any knowledge of its internal workings. Its implementation is "opaque" (black). The te ...
(i.e. functional) testing methods. The goal was to support pro-active elimination of faults with information security implications, promote awareness in these issues and develop methods to support customer driven evaluation and acceptance testing of implementations. Improving the security robustness of products was attempted through supporting the development process. The most notable result of the PROTOS project was the result of the c06-snmp test suite, which discovered multiple vulnerabilities in
SNMP Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behaviour. Devices that typically ...
. The work done in PROTOS is continued in PROTOS-GENOME, which applies automatic structure inference combined with domain specific reasoning capabilities to enable automated black-box program robustness testing tools without having prior knowledge of the protocol grammar. This work has resulted in a large number of vulnerabilities being found in
archive file In computing, an archive file is a computer file that is composed of one or more files along with metadata. Archive files are used to collect multiple data files together into a single file for easier portability and storage, or simply to compress ...
and antivirus products.


Commercial spin-offs

The group has produced two spin-off companies,
Codenomicon Synopsys is an American electronic design automation (EDA) company that focuses on silicon design and verification, silicon intellectual property and software security and quality. Products include tools for logic synthesis and physical design ...
continues the work of the PROTOS and
Clarified Networks Synopsys is an American electronic design automation (EDA) company that focuses on silicon design and verification, silicon intellectual property and software security and quality. Products include tools for logic synthesis and physical desig ...
the work in FRONTIER.


References

* *


External links

* * {{cite web, title=CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats, url=https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html, work=CERT-FI, publisher=Finnish Communications Regulatory Authority, access-date=12 September 2013, location=Helsinki, date=6 August 2009 Computer security organizations Software testing Secure Programming Group