|
|
Secure communication within the PX4 platform
Ligocki, Roman ; Martinásek, Zdeněk (referee) ; Číka, Petr (advisor)
PX4 platforma je jedna z nepoužívanějších softwarových balíčků pro řízení bezpilotníhosystému. Používá MAVLink protokol pro komunikaci mezi autopilotem, pozemní stanicía dalšími zařízeními v MAVLink síti. Je speciálně navržen pro bezpilotní systémy použí-vající rádia s nízkou datovou propustností. S rostoucím počtem těchto zařízení docházírovněž k růstu počtu útoků na tyto systémy. Tato diplomová práce obsahuje analízua popis bezpečnostních nedostatků v telemetrické komunikaci platformy PX4 běžící naprotokolu MAVLink. Na základě těchto nedostatků byla dále navržená a implementovánabezpečnostní řešení. Tato implementace zahrnuje šifrování, řízení přístupu, autentizacia systém pro výměnu klíčů. Bezpečnostní implementace je postavená na knihovně Mo-noCypher. Všechny části práce jsou naprogramováno v jazyce C. Cílem autora je sdíletvýsledky, kterých dosáhl s komunitou kolem paltformy PX4. Proto během finální částipráce vznikl pull request do veřejného repozitáře.
|
|
|
Integration of SELinux Audit Logs into ABRT Tool
Vrabec, Lukáš ; Kačic, Matej (referee) ; Barabas, Maroš (advisor)
The main aim of the thesis is to introduce the security of Linux operating systems and the access control list mechanism. The thesis focuses on processing security messages produced by the security mechanism into logging services and on displaying those messages. In addition, the thesis includes a concept solution and its implementation, which integrates security messages into a centralized system, keeps them and reports bugs in the Linux community distribution Fedora and in the Linux commercial distribution Red Hat Enterprise Linux.
|
|
|
Cloud-Based Data Access Control
Chovanec, Erik ; Malina, Lukáš (referee) ; Hajný, Jan (advisor)
This thesis is dealing with problematic of cloud storage. The goal of this thesis is the implementation of cloud storage, that will be able to provide the required functionality. These functionalities are access control of multiple users, group rights, long-term file archiving, secure data transmission to cloud storage, protection of data integrity and confidentiality during transmission and storage. For achieving this goal, there is an evaluation of suitability using public cloud providers. Based on this evaluation, there was a conclusion, that these services are not suitable for storing highly sensitive data. Next is an evaluation of advantages associated with using software that is licensed under a free or open-source software license. Even though there are high start-up costs on infrastructure and there is a necessity to make a huge effort to run custom infrastructure with cloud storage, it is a much better option. Especially if it will be used for storing sensitive data. The following chapter describes an extensive analysis of existing open-source and free-software solutions. In the final part of this chapter, the application Nextcloud has been selected since it provides the most of required functionalities. The thesis also contains an installation of Nextcloud and shows its main functions. There are basic load tests, which are telling us about the efficiency of successfully dealing with parallel requests. In the last section of this thesis, we are dealing with the implementation of missing functionality in Nextcloud. This functionality is necessary to achieve our goal, which is long term archiving of files. This term means functionality that will enable the possibility to archive files with evidence about preservation integrity and confidentiality of archived files during a long period of their existence. This part of the thesis contains a theoretical design that aims to accomplish this goal. Description of the implementation follows after theoretical design. This functionality is implemented in form of a dedicated system. Archiving of files is triggered by a modified application, used in the Nextcloud server. This process will create a copy of the file to be archived on a separate hard drive. It will obtain evidence about integrity when storing the file and it will strengthen this evidence by obtaining a new one in regular periods. This happens on yearly basis. The quality of cryptographic protocols can degrade after a long period. This concept is trying to prevent this phenomenon.
|
|
|
Implementation of the ACP protocol into L4 operating system
Kolarík, Tomáš ; Strašil, Ivo (referee) ; Burda, Karel (advisor)
This thesis deals with the implementation of ACP protocol which serves to manage the access for operation system based on L4 microkernel. The theoretical part of the thesis deals with methods of access management in computer networks. It focuses primarily on AAA systems which make access management possible. Furthermore it describes in detail the ACP protocol, the types of messages and their feedback. The next theoretical part is dedicated to operation systems and in particular to their architecture and services. Then we get a closer look at L4 microkernel family, their philosophy and properties. We continue with a detailed description of the L4 application interface and its ways of expansion. The practical section deals with the implemented concept of system for ACP protocol support in computers. General concept is then applied in real implementation of ACP protocol into the L4 operation system environment based on the L4 platform. To assist, I also included a detailed tutorial explaining the modeling and compilation of software for this platform. At this point we describe the methods used at the implementation and the description of particular modules and features. The end of the thesis concludes the information about the ways of testing and the implementation properties.
|
|
| |
|
|
Safety risks of current routers
Bubelíny, Peter ; Vymazal, Michal (referee) ; Vychodil, Petr (advisor)
The thesis aims to study and document the problem router security. It present the characteristic information about a router, functions, types and locations in a computer network. Because router is integrated part of network, next are described the most commonly types of attacks and generally available security technologies. The thesis also offers insight into the router as a safety device in the role of the throat network, part of the deeper security infrastructure or access point in wireless networks. Next are described the selected security technologies against some of already mentioned attacks and also are offered opportunities to improve safety router. The next are demonstrated DoS and brute-force attacks on router in ethernet network and attacks based on sniffing packets on router in wireless network. Finally, the results are presented.
|
|
|
Web Pages In-Browser Encryption
Pekař, Tomáš ; Burget, Radek (referee) ; Rychlý, Marek (advisor)
The aim of this work is to describe current opportunities of in-browser encryption and focus on usage of new emerging standard Web Cryptography API. By using these new technologies we going to design and implements software library enabling authorized access to web pages or their part by cryptography.
|
|
|
FreeIPA - URI Based Access Management
Hellebrandt, Lukáš ; Michal, Bohumil (referee) ; Kašpárek, Tomáš (advisor)
Cílem práce je navržení a implementace řízení přístupu na základě URI požadovaného zdroje. Pro implementaci bylo jako základ použito rozšíření Host Based Access Control v nástroji pro správu identit FreeIPA. Zároveň bylo třeba rozšířit související infrastrukturu, především program SSSD. Jako příklad aplikace využívající HBAC na základě URI byl implementován autorizační modul pro Apache HTTP Server. Zásadním řešeným problémem byl návrh infrastruktury pro komunikaci nezbytných parametrů a návrh strategie vyhodnocení HBAC pravidel definujících přístupová práva. Kompletní řešení bylo předvedeno na příkladu zabezpečení instance webové aplikace Wordpress.
|
|
|
Lab of public key infrastructure
Slavík, Petr ; Lambertová, Petra (referee) ; Burda, Karel (advisor)
The aim of this thesis is to study and describe the theme of Public Key Infrastructure (PKI). Within the scope of minute PKI characterization there is a gradual depiction of particular structural elements, which are above all represented by cryptographic operations (asymetric and symetric cryptography, hash function and digital signature); then, there are also individual PKI subjects that are dealt with, like eg. certification authority, certificates, security protocols, secure heap etc. Last but not least there are a few complete Public Key Infrastructure implementation solutions described (OpenSSL, Microsft CA). The practical part of the thesis, a lab exercise, gives potential students the knowledge of installing OpenSSL system based certification authority. The next task educate students how to secure web server with certificate signed with own CA and also how to secure web server users‘ access control through certificates signed by the previously installed CA.
|
|
|
Mutli-Dimensional Access Control in Web Applications
Grešša, Pavol ; Burget, Radek (referee) ; Kolář, Dušan (advisor)
This master's thesis deals with the analysis, design and implementation of authentication and authorization subsystem into the environment of distributed web application. It unifies the well-known security models into the one universal security model that can be used for the development of authorization device enabling the user to secure the applications with various security models. Furthermore, it applies this integration of models into the Takeplace system.
|
guest ::
