| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
| public:research:main_archived [2016-12-01 13:28] – external edit 127.0.0.1 | public:research:main_archived [2021-01-20 07:36] – xsvenda |
|---|
| |
| ---- | ---- |
| | |
| | ===== Software Security and Secure Programming ===== |
| | |
| | This project focuses on usage, evaluation and extension of various tools related to secure programming, application vulnerabilities, security testing and code review. We are interested in static and dynamic analysis of applications with a special focus on security bugs, fuzzy testing, taint analysis and semi-automated review procedures and its incorporation into application development lifecycle. This project is coordinated with [[ http://www.ysoft.com/ | Y Soft Corporation, a.s.]], and for students participating in this project, there is a possibility to get a financial support from this company. More general information about Y Soft cooperation with students can be found [[https://www.ysoft.com/en/company/university-relations|here]]. |
| | |
| | <button collapse="swsecurity">Find out more</button> |
| | |
| | <collapse id="swsecurity" collapsed="true"> |
| | |
| | **Last update: 19.09.2018** |
| | |
| | **Contact:** Andriy Stetsko <xstetsko@fi.muni.cz> or <andriy.stetsko@ysoft.com> |
| | |
| | ** Financial support:** |
| | Y Soft Corporation, a.s. will provide financial support (in a form of stipend at the faculty or a part-time job in the company) to students with promising results. |
| | |
| | ** Possible topics for cooperation with bachelor students:** |
| | * [[https://is.muni.cz/auth/rozpis/tema?balik=1275;tema=336359|OWASP Dependency Check: add support for Go]] |
| | * [[https://is.muni.cz/auth/rozpis/tema?balik=1275;tema=336361|OWASP Dependency Check: add support for C]] |
| | * [[https://is.muni.cz/auth/rozpis/tema?balik=1275;tema=336378|OWASP Dependency Check: enhance support for JavaScript]] |
| | * [[https://is.muni.cz/auth/rozpis/tema?balik=1275;tema=336379|Unused code detection]] |
| | * [[https://is.muni.cz/auth/rozpis/tema?balik=1275;tema=336397|Automatic API extraction from traffic analysis]] |
| | |
| | ** Possible topics for cooperation with master students:** |
| | * [[https://is.muni.cz/auth/rozpis/tema?balik=58;tema=336354;|OWASP Dependency Check: add support for C and Go]] |
| | * [[https://is.muni.cz/auth/rozpis/tema?balik=58;tema=336381|Unused code detection]] |
| | * [[https://is.muni.cz/auth/rozpis/tema?balik=58;tema=336384|Dynamic security analysis of web application]] |
| | * [[https://is.muni.cz/auth/rozpis/tema?balik=58;tema=336385|Automatic API extraction from traffic analysis]] |
| | * [[https://is.muni.cz/auth/rozpis/tema?balik=58;tema=276842;uplne_info=1|Analysis of export and import laws for systems that involve cryptography]] |
| | |
| | **Involved people:** |
| | {{:public:crocs:stetsko.jpg?50|}} |
| | * [[https://is.muni.cz/auth/osoba/184905|Andriy Stetsko]] 2012-now (Project coordinator, thesis supervisor, Y Soft Corporation, a.s.) |
| | |
| | **Previous research topics:** |
| | * 2013-2017: **Tools for dynamic security analysis of web applications**, financial support from Y Soft Corporation |
| | * 2015-2016: **Analysis and application of OWASP testing guide**, financial support from Y Soft Corporation |
| | * 2015-2016: **Metasploit**, financial support from Y Soft Corporation |
| | * 2014-2016: **Secure software development processes**, financial support from Y Soft Corporation |
| | * 2012-2016: **Tools for static and dynamic code analysis**, financial support from Y Soft Corporation |
| | * 2014-2015: **Security mechanisms of PDF files** |
| | * 2014-2015: **Security aspects of Xamarin/Android Platform** |
| | * [[http://sourceforge.net/projects/cesta/ | Cesta project]] - security-related transformations of JavaCard source code, financial support from Y Soft Corporation |
| | |
| | </collapse> |
| | |
| | ===== Faster randomness testing ===== |
| | |
| | This project is focused on improving the implementation of standard empirical test of randomness since some complete tests (Linear Complexity, Spectral, Overlapping template matching) can take hours on standard computer for usual amount of data. Tests are usually grouped into test batteries (NIST STS, Diehard,TestU01) to provide more complex randomness analysis. Currently we are focusing on optimization of NIST STS battery. Visit our [[https://randomness-tests.fi.muni.cz|online testing service]]. |
| | |
| | **Last update: 27.09.2016** |
| | |
| | **Application** [[https://github.com/sysox/NIST-STS-optimised | Project Github repository]] |
| | |
| | ** Involved people: ** |
| | {{:public:crocs:zriha.jpg?50|}} {{:public:crocs:sys.jpg?50|}} |
| | * [[https://is.muni.cz/auth/osoba/2514|Zdenek Říha]] 2013-now (Performance testing) <zriha@fi.muni.cz>; |
| | * [[https://is.muni.cz/auth/osoba/232886|Marek Sýs]] 2013-now (Algorithm analysis) <syso@mail.muni.cz> |
| | |
| | **Publications** |
| | * [2015] [[http://www.imt.ro/romjist/Volum18/Number18_1/pdf/02-MSys.pdf| Sýs, M.; Z. Říha, V. Matyáš, K.Márton, A. Suciu: On the Interpretation of Results from the NIST Statistical Test Suite]], ROMJIST Journal, 2015. |
| | * [2014] {{:public:crocs:sys_space_2014.pdf| Sýs, M.; Z. Říha: Faster randomness testing with NIST STS}},SPACE 2014, Fourth International Conference on Security, Privacy, and Applied Cryptography Engineering, 2014. |
| |
| ===== Attacker strategy evolution (GANet) ===== | ===== Attacker strategy evolution (GANet) ===== |