Misplaced Pages

Oulu University Secure Programming Group

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

The Oulu University Secure Programming Group ( OUSPG ) is a research group at the University of Oulu that studies, evaluates and develops methods of implementing and testing application and system software in order to prevent, discover and eliminate implementation level security vulnerabilities in a pro-active fashion. The focus is on implementation level security issues and software security testing .

#576423

6-861: OUSPG has been active as an independent academic research group in the Computer Engineering Laboratory in the Department of Electrical and Information Engineering in the University of Oulu since summer 1996. OUSPG is most known for its participation in protocol implementation security testing, which they called robustness testing , using the PROTOS mini-simulation method. The PROTOS was co-operated project with VTT and number of industrial partners. The project developed different approaches of testing implementations of protocols using black-box (i.e. functional) testing methods. The goal

12-447: Is any quality assurance methodology focused on testing the robustness of software . Robustness testing has also been used to describe the process of verifying the robustness (i.e. correctness) of test cases in a test process. ANSI and IEEE have defined robustness as the degree to which a system or component can function correctly in the presence of invalid inputs or stressful environmental conditions. The term "robustness testing"

18-498: Is continued in PROTOS-GENOME, which applies automatic structure inference combined with domain specific reasoning capabilities to enable automated black-box program robustness testing tools without having prior knowledge of the protocol grammar. This work has resulted in a large number of vulnerabilities being found in archive file and antivirus products . The group has produced two spin-off companies, Codenomicon continues

24-506: The work of the PROTOS and Clarified Networks the work in FRONTIER. As of 12:21, 30 July 2009 (UTC), this article is derived in whole or in part from University of Oulu . The copyright holder has licensed the content in a manner that permits reuse under CC BY-SA 3.0 and GFDL . All relevant terms must be followed. The original text was at "Oulu University Secure Programming Group" Robustness testing Robustness testing

30-609: Was first used by the Ballista project at Carnegie Mellon University . They performed testing of operating systems for dependability based on the data types of POSIX API, producing complete system crashes in some systems. The term was also used by OUSPG and VTT researchers taking part in the PROTOS project in the context of software security testing. Eventually the term fuzzing (which security people use for mostly non-intelligent and random robustness testing) extended to also cover model-based robustness testing. Fault injection

36-546: Was to support pro-active elimination of faults with information security implications, promote awareness in these issues and develop methods to support customer driven evaluation and acceptance testing of implementations. Improving the security robustness of products was attempted through supporting the development process. The most notable result of the PROTOS project was the result of the c06-snmp test suite, which discovered multiple vulnerabilities in SNMP . The work done in PROTOS

#576423