Research VRP problems and do benchmarking on public data-sets for quick comparison between chosen open source engines.
November 2, 2018
Jenkins has a queuing mechanism to checkout jobs and a mechanism for cancelling builds in queue. Sometimes there is a need to move a job in a queue up or down. Jenkins already has many mechanisms for prioritizing jobs, but not individual builds. Also, all currently existing solutions, however very flexible and sophisticated, are more heavy-weight than necessary. The student should research and hack how Jenkins queue is working, and enable two simple arrows UP+DOWN (for moving in queue) to currently existing X (remove from queue). The result should be a working Jenkins plugin, ensuring that short jobs can overtake frozen queue during […]
October 3, 2018
Most cryptographic libraries support running in Federal Information Processing Standard (FIPS) 140-2 mode. For cryptographic operations to be FIPS 140 compliant, only certain algorithms and key sizes can be used. For example, use of RSA keys 1536 bit long is not allowed. Some libraries require the application using it to know about those limitations and not initiate them in FIPS mode while others will refuse to perform operations with FIPS 140-non-compliant cryptographic primitives. The goal of the work is to learn the NIST FIPS140-2 requirements for applications, and check and compare the behavior of different libraries when operating under FIPS […]
The new Transport Layer Security (TLS) version, 1.3, changed the way old features should be handled and added new features to the ones that can be implemented by libraries. The goal of the work is to study cryptographic features used in the real world and to implement some selected features in the GnuTLS library.
Google is providing infrastructure for continuously running fuzzing tests against open source libraries called OSS-Fuzz. The goal is to design and implement a test harness for testing the Datagram Transport Layer Security (DTLS) server and client from GnuTLS so that it can be tested using OSS-Fuzz.
Current libraries that implement Transport Layer Security (TLS) need to implement multiple versions of the protocol, many separate features (sometimes dozens) and support multiple configurations. This complexity means that it is very hard to manually create tests that provide high degree of test coverage (especially if the interactions between features are unexpected). The tlsfuzzer project addresses this problem, by testing several features, corner cases and lesser used features of TLS implementations. There are however, some features missing.
There are various application libraries implementing the Transport Layer Security (TLS) protocol. Implementations like GnuTLS, NSS, OpenSSL, Go and Java perform only limited amount of interoperability testing, usually with just one or two other libraries. The goal of the thesis is to create the necessary test harnesses for the Go and Java implementations, designing a test suite between them and the other three implementations, and making it possible to run those tests automatically (in Continuous Integration environment).
September 20, 2018
Transport Layer Security (TLS) version 1.3 brought support for Rivest–Shamir–Adleman Signature Scheme with Appendix – Probabilistic Signature Scheme (RSASSA-PSS) algorithm. Support for this algorithm requires support for new key type and new signature type (in X.509 certificates). Specification of the signatures and limitations of the keys themselves is much more complex than any other algorithm (like the RSA signatures specified in the Public-Key Cryptography Standard (PKCS) #1 version 1.5 or the Elliptic Curve Digital Signatures (ECDSA)), with every signature including 4 variables and the public key that made the signature can have additional 4 variables specifying the key limitations.
Many of the features and ciphersuites in Secure Sockets Layer (SSL) and Transport Layer Security (TLS) servers are not considered secure and safe to enable. To verify that they are not supported by a server, it is necessary to be able to advertise them in the first message send by the client in the TLS handshake – the Client Hello. The cipherscan tool, does just that in order to discover the supported ciphersuites in a server. As a back-end it uses the openssl application. Unfortunately, as OpenSSL project is deprecating insecure old features it is also adding new features, causing […]
The topic of this thesis is exploring the ways of documenting domain specific languages (DSLs) in the Ruby programming language, and enhance the existing tooling or implement a new one, to better support particular use-cases.
September 18, 2018
Currently, there is no efficient way how to get notified about customer cases in Quality Engineering department. Quality Engineers would be interested in how the product is used in real life, to be able to adjust testing scenarios accordingly and provide better services for end customers. Employees have to go manually through the list of reported cases and find what they need. In order to make their work easier, it would be useful to implement a web-based application that would send reports with information about cases to subscribed users according to certain criteria. This way, they would get fresh information […]
September 6, 2018
The goal of this thesis is to design and implement a tool for creating LSP clients for different IDEs (Eclipse, Eclipse Che, VS Code, …). On the input will be an LSP server. The output will be LSP clients for this server with instructions on how to install them into particular IDEs. The tool should be able to generate clients for the Apache Camel LSP server first. Although, it should be able to produce clients for an arbitrary LSP server. The implemented tool should be easy to use and build on top of modern technologies and approaches.
September 5, 2018
Jenkins has a queuing mechanism to checkout jobs before execution and shutdown mode when queue is frozen and system just waits for all jobs to be finished. When the queue is full of short jobs and the last running job is very long job, this becomes very inefficient. The student should research and hack how Jenkins is estimating time of individual jobs, how the queue is organized, how the shutdown mode works. The result should be a working Jenkins plugin, ensuring that short jobs can overtake frozen queue during the shutdown time of long running tasks, and deployed on https://plugins.jenkins.io/ If done together with https://research.redhat.com/diplomas/jenkins-queue-overrunning/ […]
The side-effects of virtualization to benchmarks are long time known. However virtualization technologies are advancing, and their footprint is smaller and smaller. In this thesis, student should investigate how individual virtualization technologies: full (kvm, vbox, oVirt) or shared kernel (Docker, chroot, mock) or nested and mixed, are affecting performance and stability of various Java benchmark types – CPU, time, network, bytecode, IO. Support for virtualization is seen also in JDK itself, so more then one Java can come to play. We will provide Student with banchmarks, pros and cons of thirs setup, VMs and images and other virtualization know-how, hardware, and […]
ManageIQ is an open-source management platform that delivers insight, control, and automation functionality allowing enterprises to manage hybrid IT environments. The ManageIQ application collects information about various entities such as Virtual Machines, Hosts, Containers, etc., with numerous attributes and relationships.
May 2, 2018
The aim of the thesis is to create a mobile application for platforms Google Android and Apple iOS, using which the user will be able to perform some processes on the EvMan event management system. The first milestone is to analyze the EvMan information system and build a list of requirements for the mobile application. The second milestone is to design and build API that will be used for communication between the mobile application and the EvMan information system. The third milestone analyze available tools for building cross-platform mobile applications and choose the one that will be used. The fourth […]
April 20, 2018
Machine learning and artificial intelligence gain a lot of popularity lately. Fedora distribution wants to become a distribution of choice for developers who develop applications in this field, and the focus is on Python language. This project is mostly a research and the goal is to identify pain points in Fedora distribution in this new, progressively developed field, and prepare content on the Fedora Developer Portal to help new-comers to begin in this field. Except the research, there are some coding part: one is to prepare an example application from the machine learning field, and others are bringing the missing […]
April 10, 2018
(draft to be updated after meeting with student) Design a configurable GUI application for the GNU Debugger The aim is not to replace IDE functionality, but to allow users use the GUI for specific things, like tracing, use watchpoint connected to configurable graphs etc.
The student will implement support for status_request (RFC 6066) extension in TLS client and server, OCSP request generation and response validation (RFC 6960) and support for the TLS Feature extensions to X.509 – also known as Must Staple – (RFC 7633). Finally, test cases will be created for other libraries (e.g. Mozilla NSS) to verify their behaviour. Those enhancements will be provided as patches to the tlslite-ng and tlsfuzzer projects.
August 14, 2017
Based on ability of JVM to restructure already loaded classes and by using existing decompilers decompile in memory transformed fragments of java classes close to human-readable form. Student must investigate existing mechanisms in JVM allowing restoration of bytecode class representation. By modifications in existing decompilers the machine code can be decompiled to one or more JVM languages (java, clojure…) also with theirs various intermediate forms. As bonus the view can contain full syntax highlight or be able to compile the class back to JVM. Recommended environment is implementation as thermostat plugin as it allows easy access to running JVM
February 10, 2017
Study design and implementations of SSL/TLS protocol and existing attacks on its design and implementation , testing approaches and tlsfuzzer project . Get familiar with existing attacks against SSL/TLS. Identify existing attacks that are suitable for reproduction in tlsfuzzer framework. Design a test suite for them. Implement the tests and necessary improvements to tlsfuzzer and tlslite-ng . Run the tests against existing SSL/TLS implementations and evaluate the results. Points that should be done during the first semester: 1. and 2.  https://www.feistyduck.com/books/bulletproof-ssl-and-tls/  https://github.com/tomato42/tlsfuzzer  https://github.com/tomato42/tlslite-ng
September 30, 2016
Study design and implementations of SSL/TLS protocol (focus on OpenSSL, NSS and GNUTLS) and current state of the art of its interoperability and integration testing. Get familiar with existing tools and solutions for implementing public projects with continuous integration features. Design a system for publicly sharing integration and interoperability SSL/TLS tests that is able to execute the test suite and expose testing results to public before incorporating particular commit and pull request in both the test suite and upstream implementation of SSL/TLS library. This system should support tests written in BeakerLib . Design a test suite for testing interoperability and […]
September 29, 2016