Radamsa is a completely automated data security testing tool developed by The University of Oulu, which is the architect of the structure and the creator of testing events. In it, the best properties of previously developed automated data security testing tools have been collated. The Radamsa software has been developed in the course of a four-year Cloud Software programme. Business partners in the project have included Ericsson, Nokia, F-Secure, Google, the Mozilla Foundation and WebKit.org. Radamsa is based on an open source code.
"One effective way to look for vulnerabilities, that attackers also favour for their attacks, is a search programme in practice. A piece of data is sought against each programme that causes an error in the functioning of the programme. Naturally, the programme has to have a defect so that this will work, but in practice all our cases had at least one defect", stated The University of Oulu's Professor of Embedded Systems Juha Röning.
The search for mechanical errors like this is called fuzzing. Often, it makes use of pieces of information that are known to be understood by the programme (such as databases and web traffic) as models by which the fuzzer can construct the same types of attacks with which it can see if there are vulnerabilities in the programme.
Over a hundred browser vulnerabilities have been found in Google Chrome and Mozilla Firefox.
"We defined a vulnerability as a defect that can probably be used in an attack that happens through the browser, based on the manufacturers analysis. A successful attack normally needs between one and five errors to get control of the computer's other content through the site", stated Juha Röning.
Firefox is wholly, and Google Chrome for the most part, an open source project that uses a lot of shared files. In this way, vulnerabilities that have been fixed usually help to improve data security. According to Juha Röning, most defects have indirectly improved the security of almost all Apple devices, Android phones and smart TVs.
Mozilla security announcements:
The Radamsa software has been developed in the course of a four-year Cloud Software programme. Cloud Software Finland is a four-year programme of Tivit (2010-2014), which focuses on developing various aspects of Cloud services. The programme is funded by Tekes and is available at www.cloudsoftwareprogram.org .
Further information about Radamsa:
Juha Röning: tel. +040 518 1621The University of Oulu