News

SecFutur members met in Linköping 
December 10, 2010

The consortium of the SecFutur research and development project held its project meeting on 30th November and 1st December in Linköping with the participation of the 9 consortium members from all over Europe as well as two associated partners from Canada and Australia. The participants analyzed the requirements of the distributed mesh-network case study and discussed the input requirements to the security building blocks work package.

SecFutur’s aim is to develop and establish a security engineering process for embedded systems, providing a set of implemented resource-efficient security building blocks, each addressing a specific complex non-functional requirement.

The work is funded as a “Small or medium-scale focused research project” (STREP) by the EU’s 7th Framework Programme. SecFutur is coordinated by Fraunhofer, Europe’s largest application-oriented research organization.

SEARCH-LAB hosted the uTRUSTit project meeting in Budapest 
December 2, 2010

uTRUSTit - “Usable Trust in the Internet of Things” aims at guaranteeing transparency in the underlying security and reliability properties of the Internet of Things as well as integrating the user directly in the trust chain. As the leader of the work packages “Security Framework” and “Dissemination and Exploitation”, SEARCH-LAB was happy to host the project meeting in Budapest on 30th November and 1st December 2010.

During the meeting we had lively discussions with partners from Austria, Belgium, Germany, Norway and Sweden on the key definitions the project will build upon. Targeted use case scenarios have been refined, and the technical synchronization of the work packages has been also tackled. The second day focused on various methods dealing with better understanding of the user perception of trust and the general needs and requirements regarding trust in the Internet of Things solutions.

uTRUSTit is a “small or medium-scale focused research project” (STREP) funded by the 7th Framework Programme of the EU and coordinated by the Austrian Center for Usability Research and Engineering (CURE).

We attended the ANIKETOS project meeting in Bilbao 
November 26, 2010

ANIKETOS – “Secure and Trustworthy Composite Services”, the 3.5-year “large scale integrating project” (IP) held its project meeting in Bilbao on 23-25 November. The meeting was attended by the representatives of all the 17 industrial and research organizations forming the ANIKETOS consortium.

The project focuses on secure and trustworthy composite services by establishing and maintaining trustworthiness and secure behavior in a constantly changing service environment of the Future Internet.

The main objective of the Bilbao meeting was to consolidate the existing work; furthermore, the consortium members started discussions on the strategy of community building and reviewed the requirement list based on different scenarios of ANIKETOS.

ARTEMIS projects evaluated 
October 25, 2010

Together with its partners from all around Europe, SEARCH-LAB is proud to have two projects positively evaluated by the Call 2010 of the European Union’s ARTEMIS Embedded Computing Systems Initiative.

The nSHIELD – “New embedded systems architecture for multi-layer dependable solutions” project addresses security, privacy and dependability in the context of Embedded Systems as “built in” rather than as “add-on” functionalities. The consortium of 33 members is coordinated by SELEX Galileo, a leader in defense electronics markets.

The other positively evaluated project with the involvement of SEARCH-LAB is SYMBEOSE – “Symbian: the embedded operating system for Europe”, which is to defend Europe’s leadership in the smartphone software domain. The consortium includes prominent members like Nokia, ST-Ericsson or Infineon, and a number of leading academic and research institutions from all around Europe.

The ARTEMIS Joint Technology Initiative –implemented as a Joint Undertaking of the European Commission, the Member States and ARTEMISIA – supports R&D activities through open and competitive calls for proposals on a yearly base, through a 10-year, € 2.5 billion research program on Embedded Computing Systems.

https://www.artemis-ju.eu/public_authority_board_2
https://www.artemis-ju.eu/attachments/174/ARTEMIS-PAB-2010-D.05_v6.pdf

Only two weeks left to register for our secure coding courses at OWASP AppSec DC 2010! 
October 21, 2010

Do not miss the opportunity to attend our secure coding courses to be held on 8-9 November in Washington D.C. at the OWASP AppSec DC 2010 conference. We have elaborated two special practice-oriented one-day courses for this unique event, which deal with Java-related security issues and the security of web applications.

Java Security Overview introduces the basic security solutions provided by Java, tackling issues like the Java Security Architecture and the security services of the Java Standard Edition. In addition, it also provides a comprehensive introduction to Java specific security vulnerabilities. Attendees thus not only learn how to use the different Java security features, but they can also examine and correct typical implementation bugs in example source code snippets through a number of hands-on exercises.

Practical Web Security Overview gives an overview of the applicable security solutions in web applications, focusing on the most important technologies like Web Services. The most severe security threats of web-based technologies are introduced through a number of hands-on exercises prepared in a plug-and-play manner. Topics include input validation-related vulnerabilities – like different injection flaws, Cross Site Scripting, or Cross Site Request Forgery –, problems stemming from improper use of security features, error handling, and many more.

Registration is still open; sign up to get state-of-the-art knowledge and enjoy our exercises.

International Board of Advisors meeting of SAFECode 
October 19, 2010

As a member of the International Board of Advisors of the Software Assurance Forum for Excellence in Code (SAFECode), Zoltán Hornák took part in its annual meeting, which was held on 11th October in London.

SAFECode is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods. SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. Its members include Adobe Systems, EMC, Juniper Networks, Microsoft, Nokia, SAP and Symantec.

SAFECode’s International Board of Advisors provides third-party perspective and expertise to assist SAFECode in its efforts to advance software assurance. It is comprised of individuals from government agencies, private sector organizations and academic institutions from around the world, all of whom are individually appointed because of their ability to offer insight critical to achieving SAFECode’s mission.

For more details please see the website of the SAFECode initiative.

SEARCH-LAB at the RSA Conference Europe 2010 
October 15, 2010

SEARCH-LAB attended the RSA Conference Europe 2010, which is the most comprehensive forum in information security and whose 19th annual event was held on 12-14 October in London. Besides discovering the latest trends and technologies, the event offered a great opportunity for networking and knowledge-sharing.

The RSA Conference drives the information security agenda worldwide with annual industry events in the USA, Europe and Japan. This year’s event was the 19th in the series, it built on the spirit of collaboration inspired by those who cracked the code of the Rosetta Stone. The event invited the attendees coming from over 50 countries around the world to decode the mysteries of information security, uncovering new ways to stem data theft, breaches and other cybercrimes.

For more info please see the website of the event.

Get registered for our secure coding courses at the OWASP Conference in Washington D.C. 
September 27, 2010

We are happy to announce that our training classes on "Java security overview" and "Web security overview" will be presented at the OWASP AppSec DC 2010 Conference in Washington D.C.

The course materials have been updated by the latest advances in the software development industry and the most recent achievements of our security research laboratory. Both courses include numerous hands-on exercises, prepared in a plug-and-play manner; by using a preset VMware virtual machine, the examples can be followed, executed and attacked in a unified environment.

OWASP is a not-for-profit worldwide charitable organization focused on improving the security of application software. The OWASP AppSec conference series is dedicated to bringing together industry, government, security researchers and practitioners to discuss the state of the art in application security. The AppSec DC 2010 is expected to attract a worldwide audience of around 700 people interested in “what’s next”.

The maximum number of participants is limited, so do not miss the opportunity and get registered for our one-day practice-oriented courses.

For more details and registration please click on the website of the event.

ANIKETOS - Secure and Trustworthy Composite Services 
September 24, 2010

The kick-off meeting of ANIKETOS research project took place on 22-24 September at SINTEF premises in Trondheim, Norway.

The 3.5-year large scale integrating project (IP) was named after the unconquerable Olympian god who presided over the defence of fortified towns and citadels. The consortium is coordinated by the Norwegian SINTEF, the largest independent research organization in Scandinavia. The team consists of 17 organizations from 10 countries, including large industrial and research players.

The project will focus on secure and trustworthy composite services by establishing and maintaining trustworthiness and secure behavior in a constantly changing service environment of the Future Internet. The project will align existing and develop new technology, methods, tools and security services that support the design-time creation and run-time dynamic behavior of composite services, addressing service developers, service providers and service end users.

SEARCH-LAB will contribute to ANIKETOS with its strong expertise in security evaluation, research and education. We will lead the “Tutorials and Trainings” work package and also conduct security evaluation of the prototype implementations. We will be involved in the specification of security requirements and the research on monitoring mechanisms as well.

Meet us at the ICT 2010 in Brussels 
September 17, 2010

SEARCH-LAB will be there at the ICT Event 2010, the Europe's most visible forum for ICT research and innovation. The event will take place on 27-29 September in Brussels, Belgium.

This biennial event has become a unique gathering point for researchers, business people, investors, and high level policy makers in the field of digital innovation. ICT 2010 will focus on policy priorities such as Europe's Digital Agenda and the 2011-2012 financial program of the European Union for funding research and innovation in ICT.

It is a great opportunity to discover latest research trends in information and communication technologies, meet potential research and business partners as well as visit the exhibition of Europe's latest cutting edge ICT research.

We would be happy to meet you there, do not hesitate to contact us to arrange a meeting in advance!

For more information please see the website of the event at http://ec.europa.eu/information_society/events/ict/2010/index_en.htm.

uTRUSTit - Usable TRUST in the Internet of Things 
September 15, 2010

uTRUSTit, our newly started international research project was kicked-off on 15th September in Vienna, Austria. The project is funded by the 7th Framework Programme of the EC, and is a “Small or medium-scale focused research project” (STREP) coordinated by the Austrian Center for Usability Research and Engineering (CURE).
The uTRUSTit project, whose name derives from “Usable Trust in the Internet of Things”, aims at guaranteeing transparency in the underlying security and reliability properties of the Internet of Things (IoT) as well as integrating the user directly in the trust chain. The consortium is composed of experienced security researchers, practitioners as well as simulation and usability laboratories from different parts of Europe.

The project results will enable system manufacturers and system integrators to express the underlying security concepts to users in a comprehensible way, allowing them to make valid judgments and informed decisions regarding the trustworthiness of such systems. The project’s design guidelines on trust will help the industry to implement the trust-feedback toolkit developed by uTRUSTit in a secure, usable and accessible way.

In the project SEARCH-LAB will lead the “Security Framework” and “Dissemination and Exploitation” work packages; furthermore, we will investigate security implications of the Internet of Things with special focus on human perception of trust and develop methods to detect a system’s security trustworthiness.

Do not miss our Secure C/C++ Programming course at the Hacktivity Conference 
August 30, 2010

First time in the history of Hacktivity, SEARCH-LAB provides a one-day secure coding course for all interested attendees before the event on Tuesday, 14th September. Get ready for the latest trends in computer security, and participate in the training through a number of hands-on exercises!
Our workshop on "The art of exploiting and preventing C/C++ vulnerabilities" gives an insight into the typical "old style" security relevant programming bugs as well as the protection and mitigation techniques. Attendees will learn how to find and exploit different flaws, and how to prevent the occurrence or the exploitation of these vulnerabilities through running, attacking and analyzing vulnerable code examples. Hands-on practical exercises will provide a step-by-step introduction to the attack methods and protection techniques. By using a preset virtual machine attendees will be able to follow, execute and attack different exercises in a unified environment.
The course is designed to provide the basic need-to-know for those, who are interested in deep, bit-level technical details of hacking. Basic knowledge of C/C++ language and familiarity with the concepts of assembly programming are required to follow the material.

For registration please see the website of the event at http://hacktivity.hu/portal/hu/hacktivity2010/treningek.

Join us at the Hacktivity Conference 
July 20, 2010

Are you interested in the latest trends of IT security, with special regard to embedded systems? Get registered to the Hacktivity Conference and do not miss our presentation on "Security of video set-top boxes – hardware hacking techniques" to be held at 9.30 a.m. on Sunday, 19th September. The presentation will give an overview on the current state-of-the-art in hardware level protection techniques and the up-to-date penetration testing methods.

Hacktivity, the largest hacker conference in Central and Eastern Europe will be held in the Dürer Garden in Budapest, Hungary, on September 18 and 19, 2010. It is an international event gathering more than 500 official and alternative representatives of the information security profession; it is an informal and informative happening presenting a set of speeches that go into bit-level technical details in computer security. This year's keynote speaker will be Bruce Schneier, the most famous IT security expert in the world.

For more information and registration please visit the website of the event at http://hacktivity.hu/portal/en.

Extended services in Embedded Systems Security 
February 26, 2010

Besides offering the highest level of security evaluation services for software-based products, like operating systems, desktop applications or even smart phones, we have now extended our service portfolio with hardware-level security evaluation of embedded systems. A thus focused assessment provides a high added value to companies developing security sensitive products. Security issues of embedded devices are essential in application areas like those of identification and payment devices, wide range of sensors operating in hostile environment, alarm systems, copy protection of game consoles, or e.g. for ensuring integrity and authenticity of flight data recorder units (FDR).

In our comprehensive approach to embedded systems, security vulnerabilities are analyzed on both software and hardware level by combining manual evaluation with automated testing techniques. To provide these services, SEARCH-LAB's qualified evaluation environment already meets the strictest security and organizational requirements of various customers worldwide.

For further details please check out our homepage's new section on Embedded Systems Security and contact us at info@search-lab.hu.

Meet us at CeBIT 2010 
February 25, 2010

SEARCH-LAB will be at CeBIT 2010, the world's leading trade fair for the ICT industry, to be held on 2-6 March 2010 in Hannover.

We are always open to meet and run discussions on any potential fields of cooperation in IT and physical security, so please do not hesitate to contact us to arrange a meeting in Hannover.

CeBIT is the world's largest business event for the digital world. The key target groups are users from industry, the wholesale/retail sector, skilled trades, banks, the services sector, government agencies, science and all users passionate about technology. To find our more about the event please visit the official webpage of CeBIT.

SHIELDS workshop on Modelling and Detection of Vulnerabilities 
January 14, 2010

The SHIELDS consortium – a member of which is SEARCH-LAB – has taken the initiative for a workshop on Modelling and Detection of Vulnerabilities (MDV 2010) at the Third International Conference on Software Testing, Verification and Validation (ICST 2010).

The workshop will be held on 10 April 2010 in Paris, France. Paper submission date for MDV has been extended to 29 January 2010.

SEARCH-LAB publishes SHIELDS website
August 26, 2009

The final website of the SHIELDS project – hosted and operated by SEARCH-LAB – was launched on 18th August, and is now open to the public.

The website contains all necessary information about SHIELDS including publications, workshops, public deliverables, modeling and security tools that were developed during the project, and supplementary documents. The website also contains demos of the user interface, methods and tools in action.

The SHIELDS project is focused on model-based detection and elimination of software vulnerabilities within the design and development tools. The participants including SEARCH-LAB conduct research and development on models for software vulnerabilities and security countermeasures, develop a repository where such models can be stored, and extend and adapt security and development tools to make use of this repository.

The project is funded by the European Union as a STREP under the thematic area of 'Information Society Technologies' of the Seventh Framework Programme. Learn more about SHIELDS at the webpage of the project.

Open Trusted Computing framework implemented by the OpenTC project
June 19, 2009

The OpenTC research project defined and implemented an open Trusted Computing framework. The framework was built on the cost-efficient and widely deployed Trusted Platform Module (TPM) specified by the Trusted Computing Group (TCG) and the new generation of x86 CPUs from Intel and AMD.

The architecture is applicable to a wide range of platform types, e.g. servers, GRID technology, mobile phones and industrial automation. It provides basic building blocks for complex, distributed scenarios with inherent, multilateral trust and security capabilities. Project results are distributed as Open Source software, supporting Linux in particular.

The project started in 2005 and run in cooperation with 21 partners from all over Europe including SEARCH-LAB. The work was funded by the European Union as an Integrated Project under the thematic area of 'Information Society Technologies' of the Sixth Framework Programme.

DESEREC research project was successfully closed
April 23, 2009

With the participation of SEARCH-LAB, DESEREC project was closed after a three-year-long cooperation with 16 European partners.

With the participation of SEARCH-LAB, DESEREC project was closed after a three-year-long cooperation with 16 European partners.

The project aimed at increasing the dependability of critical, open, and interconnected complex information systems - on which many European activities rely -, by a coordinated multi-disciplinary effort. To ensure coherent and efficient dependability management of these complex systems relying on an information network, the project provides solutions on three domains; planning, detection and response.

The methods, tools and utilities are provided with hooks for interactions (notifications, provisions, self-learning and human-aided rules optimization) and share a common repository with the topology, the planned configurations, the rules for activities precedence, and similar.

The work was funded by the European Union as an Integrated Project under the thematic area of 'Information Society Technologies' of the Sixth Framework Programme.

Flinder team's expanding at SEARCH-LAB
February 5, 2007

The increasing demand for our automated security testing tool as well as its further research have required two new test engineers

Flinder's first commercially available version was released in April 2006. Since then it has been a great success on the software development market. To meet the increasing demands from our customers, we've contracted two new test engineers from 1st February on. Their duty will be to plan, prepare, execute and report the executed test cases using the Flinder framework providing indispensable security services to our customers.

Flinder team prepares for EU FP7 projects
January 15, 2007

We are looking for partners to form project consortia, in which we take the responsibility for security testing and security auditing of software developments

The Seventh Framework Programme for research and technological development (FP7) is the European Union's chief instrument for funding research over the period 2007 to 2013. It is designed to support a wide range of participants from individual researchers and universities through public authorities to small and medium sized enterprises. The first calls for project proposals to apt for research and development funding from the FP7 have been announced at the beginning of January.

The Flinder team seeks partners to be involved in research consortia with security testing and security auditing of software developments in EU-funded projects. Are you interested in further research and development related to automated security testing? Please contact us at any of our addresses.

Season's Greetings
December 22, 2006

We wish you a Merry Christmas and a Happy New Year!
Have a great holiday and see you in 2007!

Second phase of Common Criteria Laboratory project ended
December 12, 2006

SEARCH-LAB is preparing to become an accredited Common Criteria evaluation laboratory with the support of the Economic Competitiveness Operational Programme (GVOP) of Hungary

To offer even higher-quality services for Flinder customers, SEARCH-LAB is preparing to become an accredited Common Criteria evaluation laboratory, with special focus on independent testing and vulnerability analysis.

In the second project phase we have compiled a vulnerability database listing and describing the most frequent security-relevant programming errors committed by software developers. The document will be used as an internal educational material for our testers as well as will be a reference material for future testing. SEARCH-LAB is committed continuously improve both product and service quality based on regular internal training and active research and development.

The preparation activities are partially supported by the Economic Competitiveness Operational Programme (GVOP) of the Hungarian Government.

Flinder at the EuroSTAR Conference
December 11, 2006

Our automated security testing tool was introduced at the Software Testing Analysis & Review Conference in Manchester

The 14th EuroSTAR conference on Software Testing Analysis & Review took place in Manchester, England on 4-7 December 2006. For over a decade now, EuroSTAR has been the most successful and widely acknowledged gathering of European software testing professionals as well as the premier training and education event on the testing calendar.

Represented by the head of sales and marketing, Mr. Attila Simon, SEARCH-LAB's innovative automated security testing tool, Flinder, met with a warm response on this prominent event.

Flinder at Symbian SmartPhone Show 2006
October 19, 2006

Flinder introduced for the Symbian software licensees and potential partners

SEARCH-LAB participated at the Symbian Smartphone Show 2006, which took place on 17-18 October in London. The event featured 120 exhibiting companies, 60 free seminars, and over 3000 attendees from the entire smartphone industry.

The two-day event was a great opportunity for us to meet stakeholders of the mobile industry from around the world, furthermore, to introduce our automated security testing tool Flinder for the Symbian software licensees and potential partners. Though Flinder is a general-purpose, platform-independent automated security testing tool, SEARCH-LAB has invested large efforts into building highly-specialized custom modules enabling high-performance security test automation on the Symbian platform in embedded devices, such as smartphones.

Kristóf Kerényi presented Flinder at John von Neumann Society Congress
June 30, 2006

Our innovation was successfully introduced at the prestigious Congress of the John von Neumann Society

The 9th National Congress on "Information Society - no other choice. National development - together with Europe" organized by the John von Neumann Computer Society took place on 27-29 June 2006 at the Széchenyi University of Győr.

The congress program included plenary sessions, roundtable discussions and eight specific sections, one of them focusing on IT security, where Mr. Kristóf Kerényi introduced Flinder to the participants.

The John von Neumann Computer Society is a scientific organization of the Hungarian IT community, which plays a leading role in nation-wide dissemination of "computer literacy". It organizes national and international conferences, seminars and workshops, gives presentations, supports and evaluates research and development ideas as well as education and training programs, awards prizes and certificates, with a special focus on students and young experts, and it coordinates the activity of the European Computer Driving License (ECDL) Foundation in Hungary.

NOVINEX represented Flinder at the 2nd European Research & Innovation Exhibition in Paris
June 12, 2006

Flinder met with a warm response at this prominent event

The European Research & Innovation Exhibition held on 8-11 June 2006 in Paris was a unique event bringing together major European players in scientific, entrepreneurial and institutional circles, with the aim of encouraging exchanges, promoting research results, highlighting the key role that research and innovation play in economic competitiveness as well as fostering scientific careers among young people.

Flinder was represented at this unique event by NOVINEX Innovation and Research Exploitation Agency, our partner taking the responsibility for marketing and exploitation of our automated security testing tool.

Paper on the fault-injection technique used by Flinder for white-box testing published in Híradástechnika
May 5, 2006

Paper by Gergely Tóth and Zoltán Hornák on "Security testing with source-code-based fault injection" in the May 2006 issue on Security of Infocommunication Systems of the Scientific Association for Infocommunications' magazine

Exploitable security vulnerabilities cause huge damages year by year; therefore thorough testing of new software is essential. This paper introduces Flinder, an automated security testing tool, which discovers security flaws relying on fault-injection-based security testing, and provides a cost effective alternative for today's expensive security enhancing techniques, such as formal validation or exhaustive testing.

>>More information is available in the Library.

First version of Flinder is available now
April 12, 2006

We closed the development project and released the first commercially available version of our automated security testing tool

We are proud to inform you that the development of our automated security testing tool Flinder has research an important milestone, the first commercial available version has been released. By releasing Flinder, SEARCH-LAB's traditional human-intelligence-based security evaluation methodology is extended with automated security testing techniques resulting in greater test coverage and systematic analysis of critical IT security components.

Flinder is a robust, flexible and easy-to-customize automated testing tool, which discovers typical security-relevant programming bugs and detects potential vulnerabilities of the evaluated product by systematically generating and executing a vast number of special test vectors, aiming at finding security-relevant programming errors. It can handle various network protocols and runs under the most popular operating systems, including Linux, Windows and Symbian platforms.

The development of Flinder was supported by the Economic Competitiveness Operational Programme (GVOP) of Hungary. Are you interested in automated security testing? Please ask for a personal consultation to find the best security testing and audit service for you.