|
|
Computer Identification Using JavaScript Timestamps
Jireš, Michal ; Večeřa, Vojtěch (referee) ; Polčák, Libor (advisor)
This thesis deals with remote computer identification based on its internal clock skew. This clock skew will be determined using JavaScript timestamps. The goal of this thesis is to create web page, that will use clock skew to identify computer. This web page will also be used to test time distortion capabilities of browser extension JavaScript Restrictor. Web page will try to identify computer using different security presents thus testing their efficiency.
|
|
|
Impact of the Application of the Content-Security-Policy Header on Firefox Webextensions
Inhliziian, Bohdan ; Večeřa, Vojtěch (referee) ; Polčák, Libor (advisor)
Čtyři roky starý bug v oficiální Bugzille prohlížeče Firefox hlásí, že hlavička Content-Security-Policy ovlivňuje chování rozšíření prohlížeče. Cílem této práce je otestovat a analyzovat všechna rozšíření Firefoxu z oficiálního uložiště rozšíření a zjistit, kolik z nich je ovlivněno bugem. Práce má čtyři fáze: stáhnout všechna rozšíření z uložiště, vytvořit použitelné webové GUI, implementovat testovací aplikaci, provést testy a vyhodnotit výsledky. V rámci práce jsme zjistili, že aplikace hlavičky CSP na webu může ovlivnit přibližně 10% rozšíření Firefoxu a 29% rozšíření doporučených Firefoxem. Celkový počet uživatelů všech ovlivněných doporučených rozšíření je 11 650 730. Tento výzkum upozorňuje na problém a nutit tvůrce prohlížeče, aby jej vyřešili a ukazuje jeho rozměr.
|
|
|
Porting of Chrome Zero Functionality to JavaScript Restrictor
Horňák, Peter ; Večeřa, Vojtěch (referee) ; Polčák, Libor (advisor)
This thesis deals with improvements of security and privacy protection of web browser users by enhancing functionality of web browser extension called JavaScript Restrictor, which prototype was created in order to protect users on web. Within this thesis are analyzed security measures realized by tool Chrome Zero, which implements measures against microarchitectural attacks, attacks abusing high resolution timers and abuse of JavaScript engine. Thesis evaulates topicality of measures and integrates selected into JavaScript Restrictor. Measures are tested and evaluated from every day use point of view.
|
|
|
Strategies for Distributed Password Cracking
Večeřa, Vojtěch ; Pluskal, Jan (referee) ; Veselý, Vladimír (advisor)
This thesis introduces viable password recovery tools and their categories as well as the technologies and hardware commonly used in this field of informatics. It follows by an overview of the available benchmarking tools for the given hardware. Thesis later contains a description of the custom benchmarking process targeting the aspects of interest. Later, the thesis moves to a distributed system FITcrack as it proposes and experimentally implements new features. The thesis finishes by comparison of the additions against the original state and highlights the areas of improvement.
|
|
|
Password Recovery of ZIP Archives Using GPU
Večeřa, Vojtěch ; Veselý, Vladimír (referee) ; Hranický, Radek (advisor)
The main goal of this thesis was to expand tool Wrathion by adding yet unsupported encryption methods of .ZIP format and by adding support for .7z format. This thesis contains the description of used technologies, detailed analysis of formats denoted above, as well as the description of module designs and implementations. All functionalities were tested on real devices. The measurement results contain information about time needed for password recovery, performance and acceleration of the password recovery. The thesis also covers comparison with other known tools.
|
|
|
Impact of the Application of the Content-Security-Policy Header on Firefox Webextensions
Inhliziian, Bohdan ; Večeřa, Vojtěch (referee) ; Polčák, Libor (advisor)
Čtyři roky starý bug v oficiální Bugzille prohlížeče Firefox hlásí, že hlavička Content-Security-Policy ovlivňuje chování rozšíření prohlížeče. Cílem této práce je otestovat a analyzovat všechna rozšíření Firefoxu z oficiálního uložiště rozšíření a zjistit, kolik z nich je ovlivněno bugem. Práce má čtyři fáze: stáhnout všechna rozšíření z uložiště, vytvořit použitelné webové GUI, implementovat testovací aplikaci, provést testy a vyhodnotit výsledky. V rámci práce jsme zjistili, že aplikace hlavičky CSP na webu může ovlivnit přibližně 10% rozšíření Firefoxu a 29% rozšíření doporučených Firefoxem. Celkový počet uživatelů všech ovlivněných doporučených rozšíření je 11 650 730. Tento výzkum upozorňuje na problém a nutit tvůrce prohlížeče, aby jej vyřešili a ukazuje jeho rozměr.
|
|
|
Porting of Chrome Zero Functionality to JavaScript Restrictor
Horňák, Peter ; Večeřa, Vojtěch (referee) ; Polčák, Libor (advisor)
This thesis deals with improvements of security and privacy protection of web browser users by enhancing functionality of web browser extension called JavaScript Restrictor, which prototype was created in order to protect users on web. Within this thesis are analyzed security measures realized by tool Chrome Zero, which implements measures against microarchitectural attacks, attacks abusing high resolution timers and abuse of JavaScript engine. Thesis evaulates topicality of measures and integrates selected into JavaScript Restrictor. Measures are tested and evaluated from every day use point of view.
|
|
|
Computer Identification Using JavaScript Timestamps
Jireš, Michal ; Večeřa, Vojtěch (referee) ; Polčák, Libor (advisor)
This thesis deals with remote computer identification based on its internal clock skew. This clock skew will be determined using JavaScript timestamps. The goal of this thesis is to create web page, that will use clock skew to identify computer. This web page will also be used to test time distortion capabilities of browser extension JavaScript Restrictor. Web page will try to identify computer using different security presents thus testing their efficiency.
|
|
|
Strategies for Distributed Password Cracking
Večeřa, Vojtěch ; Pluskal, Jan (referee) ; Veselý, Vladimír (advisor)
This thesis introduces viable password recovery tools and their categories as well as the technologies and hardware commonly used in this field of informatics. It follows by an overview of the available benchmarking tools for the given hardware. Thesis later contains a description of the custom benchmarking process targeting the aspects of interest. Later, the thesis moves to a distributed system FITcrack as it proposes and experimentally implements new features. The thesis finishes by comparison of the additions against the original state and highlights the areas of improvement.
|
|
|
Password Recovery of ZIP Archives Using GPU
Večeřa, Vojtěch ; Veselý, Vladimír (referee) ; Hranický, Radek (advisor)
The main goal of this thesis was to expand tool Wrathion by adding yet unsupported encryption methods of .ZIP format and by adding support for .7z format. This thesis contains the description of used technologies, detailed analysis of formats denoted above, as well as the description of module designs and implementations. All functionalities were tested on real devices. The measurement results contain information about time needed for password recovery, performance and acceleration of the password recovery. The thesis also covers comparison with other known tools.
|
guest ::
RSS feed.