|
|
New Approaches Towards Automated XSS Flaw Detection
Steinhauser, Antonín ; Tůma, Petr (advisor) ; Vorobyov, Kostyantyn (referee) ; Bureš, Miroslav (referee)
Cross-site scripting (XSS) flaws are a class of security flaws particular to web applications. XSS flaws generally allow an attacker to supply affected web application with a malicious input that is then included in an output page without being properly encoded (sanitized). Recent advances in web applica- tion technologies and web browsers introduced various prevention mechanisms, narrowing down the scope of possible XSS attacks, but those mechanisms are usually selective and prevent only a subset of XSS flaws. Among the types of XSS flaws that are largely omitted are the context- sensitive XSS flaws. A context-sensitive XSS flaw occurs when the potentially malicious input is sanitized by the affected web application before being included in the output page, but the sanitization is not appropriate for the browser con- text of the sanitized value. Another type of XSS flaws, which is already better known, but still insufficiently prevented, are the stored XSS flaws. Applica- tions affected by the stored XSS flaws store the unsafe client input in persistent storage and return it in another HTTP response to (possibly) another client. Our work is focused on advancing state-of-the-art automated detection of those two types of XSS flaws using various analysis techniques ranging from purely static analysis to dynamic graybox analysis.
|
|
|
Ionic effects and online preconcentration techniques in separation systems
Boublík, Milan ; Zusková, Iva (advisor) ; Tůma, Petr (referee) ; Vigh, Gyula (referee)
Online preconcentration techniques in capillary electrophoresis (CE) improving sensitivity of electrophoretic separations and are in the scope of interest of many research groups. Therefore, proposal of new techniques for preconcentration and their theoretical description is desirable for their wider application. In this thesis, new preconcentration techniques are proposed and models of ionic strength effects in separation systems of CE and hydrophilic liquid interaction chromatography (HILIC) are presented and new set of pI markers for isoelectric focusing (IEF) was showed with their utilization for characterization of IEF pH gradient. Part of this thesis is keen on proposal of new preconcentration techniques and their theoretical description. We presented two preconcentration techniques, while first is based on sweeping with neutral complexing agent, the second one utilizes pH boundaries that are induced by disturbing phenomena of system zones. Both techniques are described theoretically by means of numerical simulations and by experiments. Both techniques are even utilized for real drug sample or for mixture of similar analytes. For system peak preconcentration technique, flow chart of how to design such method is presented. Second part of this thesis have rather more fundamental subject and...
|
|
|
Load Balancing in Evaluation Systems for Programming Assignments
Buchar, Jan ; Kruliš, Martin (advisor) ; Tůma, Petr (referee)
Systems for automated evaluation of assignments are a valuable aid for both teachers of programming courses and their students. The objective of this thesis is to examine the possibilities of deploying such systems in a large-scale distributed environment and the challenges of such endeavors. A sizable part of the requirements comes from experience with ReCodEx - an assignment evaluation system developed at the department of the supervisor. Modern server multi-core processors provide considerable computing power that can be used for assignment evaluation. However, parallel measurements can interfere with each other. This causes unstable results, which detriments the fairness of grading. Isolation (sandboxing) technologies can cause similar effects. We measure both of these influences and use the results to determine to what degree can multi-core processors be exploited. The problem of efficient distribution of work between multiple evaluation workers is complementary to that of utilizing multi-core machines. We survey scheduling algorithms and design an experiment to compare their performance. Additionally, we examine the possibility of leveraging container technologies to simplify the deployment of software required for evaluation. This leads to both a smaller administration overhead and a less complex...
|
|
|
The use of a gas chromatography for determination of fatty acids and certain xenobiotics
Jaček, Martin ; Tůma, Petr (advisor) ; Pacáková, Věra (referee) ; Vecka, Marek (referee)
The submitted thesis is concerned with the use of gas chromatography (GC) to determine fatty acids (FA) in clinical samples and study of the effect of FA on the occurrence and prevention of selected diseases. The work is focused on FA metabolism in relation to essential FA and highly beneficial polyunsaturated fatty acids (PUFA) of the omega-3 group, such as eicosapentaenoic acid (EPA) and docosahexaenoic acid (DHA), which are insufficiently represented in the nutrition of western populations. The experimental part is concerned with the development of GC methods for determining FA as their methyl esters and their use for analysis of samples in intervention clinical studies of OMEGA and VEGGIE-2. The study of OMEGA concentrates on the incorporation of beneficial omega-3 PUFA into the food chain through microalgae synthesizing EPA and linseed containing mainly α-linolenic acid. These sources were employed to prepare a mixture for feeding poultry and the obtained eggs and chicken meat enhanced in omega-3 FA were used as ingredients for preparing food. Following 8-week dietary intervention performed on healthy volunteers, a statistically significant increase was found in the content of DHA in erythrocytes, equal to 4.4 % before and 5.1 % after the dietary intervention in the test group. The determined...
|
|
|
Determination of proteinogenic amino acids by high-performance separation techniques
Hodek, Ondřej ; Křížek, Tomáš (advisor) ; Pacáková, Věra (referee) ; Tůma, Petr (referee)
(EN) Proteinogenic amino acids are key components of living organisms. Thus, the latest metabolomics research has focused on developing fast and sensitive methods for the determination of amino acids. In this context, this thesis contains two studies describing development of high-performance separation techniques for the quantification of amino acids. In the first study, a capillary electrophoresis method was developed for the determination of free amino acids in tobacco plants, particularly focusing on optimizing the extraction of amino acids from solid plant materials. The extraction procedure was optimized using design of experiments (DoE) to obtain the highest possible extraction yield of amino acids. Factors such as volume and concentration of the extraction solvent (hydrochloric acid) were assessed as the most significant. Subsequently, the optimal values of these factors were determined using response surface methodology (RSM). Lastly, proteinogenic amino acids were quantified using capillary electrophoresis with contactless conductivity detection and calibration with internal standard, which improved the precision of the method. The second study aimed at developing a supercritical fluid chromatography method for the determination of free proteinogenic amino acids in human plasma. The most...
|
|
|
Performance Awareness in Agile Software Development
Horký, Vojtěch ; Tůma, Petr (advisor) ; Rabiser, Rick (referee) ; Koziolek, Anne (referee)
Broadly, agile software development is an approach where code is frequently built, tested and shipped, leading to short release cycles. Extreme version is the DevOps approach where the development, testing and deployment pipelines are merged and software is continuously tested and updated. In this context our work focuses on identifying spots where the participants should be more aware of the performance and offers approaches and tools to improve their awareness with the ultimate goal of producing better software in shorter time. In general, the awareness is raised by testing, documenting, and monitoring the performance in all phases of the development cycle. In this thesis we (1) show a framework for writing performance tests for individual components (e.g. libraries). The tests capture and codify assumptions about the performance into runnable artifacts that simplify repeatability and automation. For evaluation of the performance tests we (2) propose new methods, which can automatically detect performance regressions. These methods are designed with inherent variation of performance data in mind and are able to filter it out in order to detect true regressions. Then we (3) reuse the performance tests to provide the developers with accurate and up-to-date performance API documentation that steer them...
|
|
|
Performance Testing for LTE Infrastructure
Polanka, Martin ; Tůma, Petr (advisor) ; Hnětynka, Petr (referee)
In the past few years, new standards of telecommunication networks brought new approaches to the internal architecture and introduced new components. One of them is the PCRF server component which manages an allocation of bandwidth for all user devices, therefore, it is a performance sen- sitive application. Yet there are no suitable smart traffic generators for such server and there is no comprehensive study of implementations. Based on the server provided by one of the major Czech telecommunication providers, the traffic generator for real scenarios and performance testing was designed and implemented. In addition, the statistics collection from the server was realized with the use of instrumentation. Both of these parts were put to- gether in the form of testing framework which was used for measurements of the designed test cases. The results from the measurement were evalu- ated and describe the behavior of the server in a real-life utilization and also under heavy load. Based on the evaluation, the provider can improve the server implementation and perform further analysis. The traffic generator can be extended to support more test cases and even reused by different telecommunication providers. 1
|
|
|
Smart thermostat on STM32
Marek, Pavel ; Bureš, Tomáš (advisor) ; Tůma, Petr (referee)
Aim of this thesis is to develop a home thermoregulation system. There is an embed- ded device from the STM32 platform that measures actual temperature and regulates the heating based on user's preferences. This device communicates with a central web server through which user can monitor all his devices and change heating preferences on them. Implementation of the communication protocol between the embedded device and the web server periodically sends measured temperature from the embedded device and synchronizes heating preferences on both sides. 1
|
|
|
Network Interface Controller Offloading in Linux
Hlavatý, Ondřej ; Tůma, Petr (advisor) ; Bulej, Lubomír (referee)
Modern network interface controllers allow the host to offload packet processing to hardware in order to improve performance. At the present time, the advanced features are utilized in the Linux kernel by offloading the Traffic Control subsystem. Since this subsystem has been designed for a completely different purpose, its usage for hardware offloading is impractical and unreliable. Furthermore, in its current state the subsystem is not capable of utilizing all hardware features, which are often poorly documented. The presented work adopts a different approach to the problem. Five high-end controllers and their packet-processing pipelines were examined in detail. Accounting for their projected future development, common traits and features were identified. The researched information was used to draft a proposal for a new Linux subsystem, more compatible with hardware offloading than the current solution. The proposed subsystem defines a sufficiently descriptive interface to utilize the majority of hardware-offloaded features while avoiding common problems caused by excessively generalized approach of Traffic Control.
|
|
|
Java Performance Testing For The Masses
Stefan, Petr ; Tůma, Petr (advisor) ; Hnětynka, Petr (referee)
Java is a major platform for performance sensitive applications. Unit testing of functionality has already become a common practice in software devel- opment; however, the amount of projects employing performance tests is substantially lower. A comprehensive study in combination with a short sur- vey among developers is made in order to examine the current situation in open-source projects written in Java. Results show that suitable tools for measurements exist, but they are hard to use or the outputs are difficult to understand. To improve the situation in favor of performance evaluation a set of user friendly tools for collecting, comparing and visualizing the data is designed, implemented, and verified on a sample Java project. 1
|
guest ::
