Usable Security for Developers

A Masaryk University project

This project focuses on the cryptographic APIs with respect to their developer usability. Such APIs are notoriously complex and prone to usage errors – our goal is to analyze their (in)correct usage and propose precautions and guidelines to achieve better usability and security.

Masaryk University

The cooperation between Masaryk University and Red Hat Czech was established in 2007, just one year after the Red Hat Czech subsidiary was formed. Long-term cooperation with Red Hat happens on multiple levels and includes supervising bachelor‘s and master‘s theses focused on real projects, sponsoring PhD students and their open research projects, and teaching accredited courses led by experienced Red Hat associates.

Red Hat offers students the opportunity to pursue research activities and projects directly in their own open-source lab, which serves as the place to support common activities between Red Hat and the faculty.
UML

News

Three researchers from the Faculty of Informatics involved in Red Hat Research were awarded with the 2021 “MUNI Innovation Award”

Three researchers from the Faculty of Informatics involved in Red Hat Research were awarded with the 2021 “MUNI Innovation Award”

Masaryk University awarded the 2021 “MUNI Innovation Award” at its Business Research Forum on November 11, 2021. These new awards aim at individual students and employees whose outputs have been successfully implemented in practice, have helped improve products or services or have otherwise contributed to increasing the social relevance of Masaryk University’s research activities.

Related Projects

TitleSummaryResearch Area
CHESS: Cyber-security Excellence Hub in Estonia and South MoraviaThe Cyber-security Excellence Hub in Estonia and South Moravia (CHESS) brings together leading R&I institutions in both regions to build …
Side-channel attacks on embedded devices and smartcardsThis project focuses on several aspects of side-channel attacks on embedded devices and smartcards, utilizing timing, power-analysis and other side-channels. …
SecCerts: Mining issued Common Criteria and FIPS140-2 certificatesThe security certification reports might be long but is also a trove of publicly available data about otherwise proprietary devices …
Verifying constant-time cryptographic algorithm implementationsThe aim of this project is to verify the timing side-channel resistance of cryptographic implementations. The project focuses on the constant time (and constant memory access) generic cryptographic implementations of selected cryptographic algorithms. T
Trusted Computing EcosystemThe project aims to study the TPM ecosystem as currently exists in deployed devices and software applications using it, establish the types of chips and their properties one can encounter, investigate the state of patching of known vulnerabilities like ROCA against Infineon’s TPM (CVE-2017-15361) or TPMFail against Intel’s fTPM (CVE-2019-11090) and STM’s TPM (CVE-2019-16863) and analyze a reliability of stored integrity measurements (PCRs) for remote attestation and disk encryption uses.
Authentication in public open-source repositoriesThis project focuses on user authentication in public repositories containing open-source projects, which are then used by commercial companies (e.g. Red Hat) as a source for their internally maintained repositories.
Vega ProjectThe Vega Project team at Red Hat came up with an idea to harness the power of Kubernetes to provide the next-generation open-source tool for high-performance computing. The project is way past the design phase, and the team is already working on the proof-of-concept implementation using Red Hat OpenShift Container Platform.