Oulu University Secure Programming Group

The CorenSearchBot has performed a web search with the contents of this page, and it appears to include material copied directly from: http://www.ee.oulu.fi/research/ouspg (Copyvios report) It will soon be reviewed to determine if there are any copyright issues. The content should not be mirrored or otherwise reused until the issue has been resolved. If substantial content is duplicated, unless evidence is provided to the contrary (e.g. evidence of permission to use this content under terms consistent with the Wikimedia Terms of Use or public domain status; see Wikipedia:Donating copyrighted materials), editors will assume that this text is a copyright violation, and will soon delete the copy. Before removing this notice, you should: Check if CorenSearchBot is in error: If so, simply note so on this article's discussion page. Replace the copyrighted text with your own work. Note that simply modified or rephrased text is still an infringement—to remove the copyrighted contents you will need to completely remove them and then write totally new text to replace it. If you hold the copyright to this text and permit its use under the terms consistent with Wikipedia's policies, please see Wikipedia:Donating copyrighted materials for instructions on how to verify the licensing. Replace the copyrighted content with a wikified reference. Check whether it is reasonable to revert to one of the previous versions of the article Remove the copyrighted content if it is not critical to the article.

The Oulu University Secure Programming Group (OUSPG) is a research group at the University of Oulu that studies, evaluates and develops methods of implementing and testing application and system software in order to prevent, discover and eliminate implementation level security vulnerabilities in a pro-active fashion. The focus is on implementation level security issues and software security testing.

OUSPG has been active as an independent academic research group in the Computer Engineering Laboratory in the Department of Electrical and Information Engineering in the University of Oulu since summer 1996.

OUSPG is most known for it's work on protocol implementation security testing, the PROTOS mini-simulation method. The PROTOS project developed different approaches of testing implementations of protocols using black-box (i.e. functional) testing methods. The goal was to support pro-active elimination of faults with information security implications, promote awareness in these issues and develop methods to support customer driven evaluation and acceptance testing of implementations. Improving the security robustness of products was attempted through supporting the development process.

The most notable result of the PROTOS project was the result of the c06-snmp test suite, which discovered multiple vulnerabilities in SNMP.

The work done in PROTOS is continued in PROTOS-GENOME, which applies automatic structure inference combined with domain specific reasoning capabilities to enable automated black-box program robustness testing tools without having prior knowledge of the protocol grammar. This work has resulted in a large number of vulnerabilities being found in archive file and anti-virus products.

• Kaksonen, Rauli. A Functional Method for Assessing Protocol Implementation Security (Licentiate thesis). Espoo. Technical Research Centre of Finland, VTT Publications 447. 128 p. + app. 15 p. ISBN 951-38-5873-1 (soft back ed.) ISBN 951-38-5874-X (on-line ed.). http://www.inf.vtt.fi/pdf/publications/2001/P448.pdf
• http://www.ee.oulu.fi/research/ouspg/

The group has produced two spin-off companies, Codenomicon continues the work of the PROTOS and Clarified Networks the work in FRONTIER.

http://www.securityfocus.com/news/474
https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html