|
|
Secure communication within the PX4 platform
Ligocki, Roman ; Martinásek, Zdeněk (oponent) ; Číka, Petr (vedoucí práce)
PX4 platform is one of the most common software packages used to control unmanned systems. It uses the MAVLink protocol for communication between the autopilot, ground control station or other devices in the MAVLink network. This protocol is specially designed to suit unmanned systems using radio with low passthrough. With the rising number of unmanned systems, the number of cyber attacks on these devices is also increasing. This diploma thesis presents an analysis of the MAVLink protocol and PX4 platform, and describes possible security vulnerabilities in telemetry connection. Based on these findings, a security implementation was created. This implementation contains encryption, access control, authentication and a key exchange system. Security implementation is based on the MonoCypher cryptography library. The whole implementation was programmed in C language. Author's goal was to share results with the community around PX4 platform. Therefore, pull requests have been created to the public repository during the final part of thesis.
|
|
|
Integrace SELinux audit záznamů do ABRT nástroje
Vrabec, Lukáš ; Kačic, Matej (oponent) ; Barabas, Maroš (vedoucí práce)
Cílem práce je seznámit čtenáře s problematikou bezpečnosti operačních systémů Linux a bezpečnostním mechanismem řízení přístupu. Dále se práce zabývá zpracováním bezpečnostních zpráv, které jsou produkovány bezpečnostními mechanismy, do záznamových služeb a jejich zobrazením. V práci je obsažen návrh a implementace řešení, které integruje bezpečnostní zprávy do centralizovaného systému, uchovává je a nahlašuje chyby v komunitní linuxové distribuci Fedora a komerční distribuci Red Hat Enterprise Linux.
|
|
|
Cloud-Based Data Access Control
Chovanec, Erik ; Malina, Lukáš (oponent) ; Hajný, Jan (vedoucí práce)
This thesis is dealing with problematic of cloud storage. The goal of this thesis is the implementation of cloud storage, that will be able to provide the required functionality. These functionalities are access control of multiple users, group rights, long-term file archiving, secure data transmission to cloud storage, protection of data integrity and confidentiality during transmission and storage. For achieving this goal, there is an evaluation of suitability using public cloud providers. Based on this evaluation, there was a conclusion, that these services are not suitable for storing highly sensitive data. Next is an evaluation of advantages associated with using software that is licensed under a free or open-source software license. Even though there are high start-up costs on infrastructure and there is a necessity to make a huge effort to run custom infrastructure with cloud storage, it is a much better option. Especially if it will be used for storing sensitive data. The following chapter describes an extensive analysis of existing open-source and free-software solutions. In the final part of this chapter, the application Nextcloud has been selected since it provides the most of required functionalities. The thesis also contains an installation of Nextcloud and shows its main functions. There are basic load tests, which are telling us about the efficiency of successfully dealing with parallel requests. In the last section of this thesis, we are dealing with the implementation of missing functionality in Nextcloud. This functionality is necessary to achieve our goal, which is long term archiving of files. This term means functionality that will enable the possibility to archive files with evidence about preservation integrity and confidentiality of archived files during a long period of their existence. This part of the thesis contains a theoretical design that aims to accomplish this goal. Description of the implementation follows after theoretical design. This functionality is implemented in form of a dedicated system. Archiving of files is triggered by a modified application, used in the Nextcloud server. This process will create a copy of the file to be archived on a separate hard drive. It will obtain evidence about integrity when storing the file and it will strengthen this evidence by obtaining a new one in regular periods. This happens on yearly basis. The quality of cryptographic protocols can degrade after a long period. This concept is trying to prevent this phenomenon.
|
|
|
Implementation of the ACP protocol into L4 operating system
Kolarík, Tomáš ; Strašil, Ivo (oponent) ; Burda, Karel (vedoucí práce)
This thesis deals with the implementation of ACP protocol which serves to manage the access for operation system based on L4 microkernel. The theoretical part of the thesis deals with methods of access management in computer networks. It focuses primarily on AAA systems which make access management possible. Furthermore it describes in detail the ACP protocol, the types of messages and their feedback. The next theoretical part is dedicated to operation systems and in particular to their architecture and services. Then we get a closer look at L4 microkernel family, their philosophy and properties. We continue with a detailed description of the L4 application interface and its ways of expansion. The practical section deals with the implemented concept of system for ACP protocol support in computers. General concept is then applied in real implementation of ACP protocol into the L4 operation system environment based on the L4 platform. To assist, I also included a detailed tutorial explaining the modeling and compilation of software for this platform. At this point we describe the methods used at the implementation and the description of particular modules and features. The end of the thesis concludes the information about the ways of testing and the implementation properties.
|
|
| |
|
|
Safety risks of current routers
Bubelíny, Peter ; Vymazal, Michal (oponent) ; Vychodil, Petr (vedoucí práce)
The thesis aims to study and document the problem router security. It present the characteristic information about a router, functions, types and locations in a computer network. Because router is integrated part of network, next are described the most commonly types of attacks and generally available security technologies. The thesis also offers insight into the router as a safety device in the role of the throat network, part of the deeper security infrastructure or access point in wireless networks. Next are described the selected security technologies against some of already mentioned attacks and also are offered opportunities to improve safety router. The next are demonstrated DoS and brute-force attacks on router in ethernet network and attacks based on sniffing packets on router in wireless network. Finally, the results are presented.
|
|
|
Šifrování webových stránek na straně prohlížeče
Pekař, Tomáš ; Burget, Radek (oponent) ; Rychlý, Marek (vedoucí práce)
Cílem této práce je popsat současné možnosti kryptografie na straně prohlížeče a zaměřit se na využití nově vznikajícího standardu Web Cryptography API. S využitím těchto technologií pak navrhnout a implementovat knihovnu umožňující autorizovaný přístup k webovým stránkám nebo jejich částem za použití kryptografie.
|
|
|
FreeIPA - URI Based Access Management
Hellebrandt, Lukáš ; Michal, Bohumil (oponent) ; Kašpárek, Tomáš (vedoucí práce)
The goal of this thesis is designing and implementing access management based on URI of the requested resource. Host Based Access Control in the identity management tool FreeIPA was used as a basis for implementation. Furthermore, it was necessary to enhance the related infrastructure, namely the SSSD tool. The authorization module for Apache HTTP Server was used as an example of the application using URI-based HBAC. The main solved problem was design of the infrastructure for communication of the necessary parameters and strategy proposal for evaluating HBAC rules which define the access rights. The complete solution was demonstrated on the example of securing an instance of the web application Wordpress.
|
|
|
Laboratorní úloha infrastruktury veřejných klíčů
Slavík, Petr ; Lambertová, Petra (oponent) ; Burda, Karel (vedoucí práce)
Cílem této práce je seznámit čtenáře se systémem PKI od jednotlivých dílčích stavebních prvků, kterými jsou především kryptografické operace (asymetrické a symetrické šifrování, hashovací funkce, digitální podpis), přes podrobný popis jednotlivých dílčích subjektů systému PKI (certifikační autority, certifikáty, bezpečnostní protokoly, bezpečná úložiště) až po popis kompletních řešení infrastruktury veřejných klíčů (OpenSSL, Microsft CA). Praktická část práce, tedy laboratorní úloha, studenty prakticky seznámí s metodou instalace certifikační autority postavené na systému OpenSSL, dále se zabezpečením webového serveru certifikátem vydaným vlastní CA a na závěr s možnostmi řízení přístupu uživatelů k webovému serveru prostředřednictvím certifikátů jim vydaným dříve nainstalovanou CA.
|
|
|
Vícedimenzionální přístup k WWW aplikacím
Grešša, Pavol ; Burget, Radek (oponent) ; Kolář, Dušan (vedoucí práce)
Diplomová práce se zabývá analýzou, návrhem a implementací autentizačního a autorizačního subsystému do prostředí webové distribuované aplikace. Unifikuje známe bezpečnostní modely k vytvoření univerzálního bezpečnostního modelu, který slouží k vytvoření autorizačního aparátu schopného zabezpečit aplikace libovolným bezpečnostním modelem. Tuto integraci modelu navíc aplikuje do prostředí systému Takeplace.
|
host ::
RSS.