Decompilation of restored in-memory class fragments in running JVM
Based on ability of JVM to restructure already loaded classes and by using existing decompilers decompile in memory transformed fragments of java classes close to human-readable form. Student must investigate existing mechanisms in JVM allowing restoration of bytecode class representation. By modifications in existing decompilers the machine code can be decompiled to one or more JVM languages (java, clojure…) also with theirs various intermediate forms. As bonus the view can contain full syntax highlight or be able to compile the class back to JVM. Recommended environment is implementation as thermostat plugin as it allows easy access to running JVM
ManageIQ Expression Editor
ManageIQ is an open-source management platform that delivers insight, control, and automation functionality allowing enterprises to manage hybrid IT environments. The ManageIQ application collects information about various entities such as Virtual Machines, Hosts, Containers, etc., with numerous attributes and relationships.
Mobile applications for EvMan
The aim of the thesis is to create a mobile application for platforms Google Android and Apple iOS, using which the user will be able to perform some processes on the EvMan event management system. The first milestone is to analyze the EvMan information system and build a list of requirements for the mobile application. The second milestone is to design and build API that will be used for communication between the mobile application and the EvMan information system. The third milestone analyze available tools for building cross-platform mobile applications and choose the one that will be used. The fourth […]
Research of Fedora Status for Machine Learning
Machine learning and artificial intelligence gain a lot of popularity lately. Fedora distribution wants to become a distribution of choice for developers who develop applications in this field, and the focus is on Python language. This project is mostly a research and the goal is to identify pain points in Fedora distribution in this new, progressively developed field, and prepare content on the Fedora Developer Portal to help new-comers to begin in this field. Except the research, there are some coding part: one is to prepare an example application from the machine learning field, and others are bringing the missing […]
High-availability for PostgreSQL in OpenShift
PostgreSQL database system by default offers replication with one master server and several read-only replicas. That design also allows to implement high-availability (HA), but only with several other tools and further configuration done by administrator. In OpenShift PaaS, implementing such HA is even more challenging, but it’s very important in fully automatic cloud environment. The goal of the project is to investigate how existing solutions work and implement one or more container images based on Fedora packages, which would deliver HA with automatic fail-over in OpenShift environment.
Timing side-channel detection in TLS implementations
Because cryptography used in TLS (and the old SSL) is used in online manner – the results of computations are sent over the network as soon as they are available – it makes it possible to attack the implementation by measuring the time it takes the server to respond or reject messages sent by attacker. The goal of this thesis is to extend an existing TLS test suite and test framework to be able to check if an implementation under test does leak information about keys or encrypted data through timing of responses. Complete project would extend the tlsfuzzer test […]
Using DNS for verifying integrity of software packages
Currently it is common that software packages are cryptographically signed using methods of public-key cryptography. Software vendor signs package using his private key and signed software package is then distributed along with vendor’s public key. This vendor’s public key can later be used in automatic software update verification process.
Client side DNSSEC deployment
DNSSEC is already a well-established technology, which extends the DNS protocol to provide integrity and authenticity.
“Broken” DNS proxy – for simulating DNS issues
Some DNS software solutions like Unbound, ISC BIND, FreeIPA, rely on the DNSSEC support of remote DNS resolver, when using it as forwarder. Some tools are intended to detect and assess the level of DNSSEC support of such remote DNS resolver. There are many issues that can arise. Some of them are specified in the IETF draft (http://www.ietf.org/id/draft-ietf-dnsop-dnssec-roadblock-avoidance-00.txt), some are based on real life issues and errors in specific implementations of DNS resolvers (e.g. wildcard NSEC issue in old versions of BIND).
Approval System for Keycloak
Keycloak is a highly configurable open-source single sign-on server. In complex deployment environ- ments, Keycloak can be managed by a team of administrators with hierarchical organizational structure and different access levels. Each of them then can be responsible for different parts of the server’s configuration. E.g. one can be responsible for creating new users (like employees), other for managing user roles and groups and assigning access rights to them and the third could be a master supervising admin which can do all of it. Some of the changes to the server’s configuration could be even done by the end-users., e.g. […]
rcm-pdc opensource and test coverage
Open sourcing and test coverage for RCM Internal library “rcm-pdc” which used to generate “transport layer” for internal release train. “Transport layer” is really a transformation of data in product build to match the format of the internal tool used to push product to Satellite 5 or Satellite 6 (an internal equivalent of opensource project spacewalk).
Deep Neural Networks Used for Customer Support Cases Analysis
There is a big number of resolved Support Cases by Red Hat, therefore an idea was proposed to use these data for data mining and information retrieval in order to ease a resolution process of the Support Case. This work will tries to create Deep Neural Network models for prediction of features which could help during the resolution process.
Configurable GUI for the GNU Debugger
(draft to be updated after meeting with student) Design a configurable GUI application for the GNU Debugger The aim is not to replace IDE functionality, but to allow users use the GUI for specific things, like tracing, use watchpoint connected to configurable graphs etc.
Extracting a configuration parser from the application source code.
Get acquainted with means of compilation of C programs using LLVM compiler infrastructure – clang, LLVM Internal Representation, AST, LLVM optimisations. Propose a solution to statically transplant a subset of a C program that is dedicated to parse configuration files of an application. This subset should be extracted from the original program and synthesised as an independent binary. Design and implement the proposed solution in a tool having an appropriate form (standalone application or LLVM plugin). Test the implemented tool on standard linux server daemons used in Red Hat Enterprise Linux distributions.
Identity information for Web applications on Windows platform
In the Web application authentication setup described at http://www.freeipa.org/page/Web_App_Authentication, the authentication and retrieval of additional user attributes including group membership is done via Apache modules that provide the information about the authenticated user to the application via environment variables or similar mechanism. Specifically, mod_lookup_identity which currently uses D-Bus interface to sssd is able to populate fields like REMOTE_USER_EMAIL or REMOTE_USER_GROUPS. We are looking for similar solution on the Windows platform.
Nginx authentication with dynamically loaded modules
The Nginx project has added support for dynamic modules. It can be useful to add new functionality without recompiling the whole server. There have been numerous authentication modules for Nginx written, including Kerberos, GSSAPI, or PAM authentication. The goal of this thesis is to investigate the state of the dynamic modules support and the configuration options, and port at least on of the modules to the dynamically-loaded style, as an example for others.
Multi-factor authentication in web applications using PAM
Study Pluggable Authentication Modules, focus on multi-factor authentication setups, configure multi-factor authentication for some common service (sshd). Study HTTP, focus on its state-less nature. Investigate the possibility of using full PAM stack in web applications, including multi-step conversations. Develop a solution which would allow the use of the PAM conversation over the web. Create prototype web application/setup to demonstrate the use of the solution using FreeOTP.
Implement external authentication modules for nginx
Study the central identity management and its role in enterprise IT deployments. Study open-source identity and authentication provider FreeIPA. Study web application authentication setup described at http://www.freeipa.org/page/Web_App_Authentication which uses Apache httpd modules mod_intercept_form_submit and mod_lookup_identity. Study HTTP server nginx and its internals and module system. Implement modules to achieve the same authentication setup on nginx like the one described above. Work with nginx upstream to get the code changes to the upstream project. Document the changes and the result.
Dependent identity lifecycle management
When external authentication and identity providers are used, applications store the provisioned user identity upon the first successful authentication of the user. Applications can update the user identity attributes upon every logon of the user. However, when users do not log in often, attributes of said user identity or indeed its whole validity and existence can grow stale over the time. The goal of the work is to devise approach of keeping the cached identities in sync with the master and implement it for typical scenarios.
Add support for external authentication to web project
Study the central identity management and its role in enterprise IT deployments. Study open-source identity and authentication provider FreeIPA and its client-side counterpart SSSD. Study web application authentication setup described at http://www.freeipa.org/page/Web_App_Authentication which uses Apache httpd modules mod_auth_kerb, mod_authnz_pam, mod_intercept_form_submit, and mod_lookup_identity. Study the existing authentication options of web project X [to be replaced by the project agreed with the advisor]. Implement support for consuming Apache module authentication results by project X. Prepare patch and documentation. Work with upstream of project X to get the code changes to the upstream project. Document the changes and the result.
Componentization of complex form
ManageIQ is an open-source Management Platform that delivers the insight, control, and automation that enterprises need to address the challenges of managing hybrid IT environments. The Report Editor is a complex form written in Ruby on Rails. It contains multiple elements that are shown or hidden based on the user’s choices. The main goal is get to know the Report Editor, suggest UX improvements, break it into components and start conversion of these components to Angular.js.
NN trainings using the Torch framework
This is a very broad topic – if you are interested in neural networks and/or the Torch framework, please contact me and we can create a better description according to your interest (computer vision, machine learning, text recognition …).
License analysis for public packages on GitHub
The goal of this project is to check licenses in (selected) public packages that are available on GitHub. Many packages already contain LICENSE, COPYRIGHT etc. files, but these are often inaccurate or does not corresponds to (c) headers in source files. Please contact author if you are interested in this topics (it will be updated to match bachelor or diploma thesis requirement).
Management module to review virtual datacenter status in oVirt
Create an application that connects to your oVirt virtualization datacenters and preview information regarding your virtual machines, hosts and other components of your environments. This should speed up and simplify the work of system administrators to have all the relevant information in single spot instead of being stored in only for specific components. The module should be able to display the component specifications in a sensible matter to get the most value for small effort.
Toolkit for compatibility testing of virtualization infrastructure.
Manual verification toolkit providing compatibility testing for the oVirt project, with the inclusion of tools and environment setup scripts to support full Quality Assurance process on different versions and components of infrastructure.
Property based testing in practice for NodeJS services
We have identified several areas in our projects that could leverage property-based testing. Aim of this thesis should be finding mature enough testing framework (or create your own if necessary) and design and implement a set of property based tests against a relevant FeedHenry project.
Special Data View for a High Productivity Information System
The types of views of data people tend to use are very useful but also limited in number. We believe that all of them could be implemented in a single system to provide users the most flexibility while keeping all their data in a single location.
Implement detection of duplicate test coverage for Java applications
With increasing number of tests, their execution time increases as well. Currently, various tools provide metrics of test code coverage. These metrics however do not help identify duplicate test coverage, that leads only to unnecessary increase of test execution time without any benefit to effective code coverage. Information about duplicate coverage and execution time of duplicate tests would be a valuable help for subsequent refactoring of test code base.
Remote API Web Reference for Java Enterprise Applications
The goal of the thesis is to develop a generic remote API web reference for Java Enterprise applications. Often these JavaEE applications provide REST and WS web services which we want to document in order to make them easily available to the developers.
Continuous Integration and Automated Code Review in Open Source Projects
Ensuring code quality and enforcing coding standards and styling are essential aspects of the developer experience in any open source project. Having automated feedback for any proposed code change helps both the developer and the maintainers produce quality code. The goal of this thesis is to analyze this workflow in the ManageIQ project, compare it with workflows used in other popular open source projects, and, based on the results, enhance the developer experience in the said project.
Automatic seccomp syscall policy generator
Develop a syscall policy generator based on inputs from an application syscall logger and with an output to seccomp based policy code.
Web Service for Generic Archive Comparison
During software development and maintenance, engineers need to include bug fixes and implement new features in programs, while not changing anything what was not planned. During new version verification, a developer needs to be able to effectively evaluate changes made to the program from consumer point of view. Goal of this project is to implement web service, which will display differences between objects of specified type (RPM packages, Docker containers, etc.) and that will allow to simplify and possibly automate verification, that is often being done manually now. Assignment – Study RPM packaging format for software distribution on operating system […]
Libvirt Admin API
Libvirt is an management API for hypervisors and virtualization hosts. Among others, it allows users to define, start and manage virtual machines. It also has a set of API to gather various statistics over set of virtual machines. It offers several ways to manipulate environment of the virtualization hosts too. However, one piece of puzzle is still missing. It has no APIs to manage itself. Currently, there is no way to get any kind of information on connected users, limits set within the libvirtd and others. The aim of the thesis is to design and implement such set of APIs, […]
Web SDR receiver
Get acquainted with SDR (Software Defined Radio) concepts, Gnuradio framework, RTL-SDR. Design Web SDR receiver that will allow receiving (at least) AM, FM, SSB (USB/LSB), CW through Gnuradio / RTL-SDR. Deal with multiuser access (i.e. one user can control the underlying HW, other monitors). Optionally try to transfer the demodulation task to the clients (HTML5/Java) which would allow hosting the Web SDR on slow embedded HW (like RPI). Implement and demonstrate functionality of your design. It’s supposed that opensource project will be created and hosted on the internet (e.g. on GitHub).
RedDeer Code Generator
Get familiar with the Eclipse IDE and its architecture . Focus on how to create plug-ins and create a basic plug-in with a simple user interface. Then, get familiar with the testing framework RedDeer  which is used for automating tests for Eclipse IDE plug-ins. Describe the principles of the testing framework RedDeer and suggest a solution how to improve writing tests by generating the code. Implement the suggested solution as an extension of the plug-in created in the first part.  VOGEL, Lars. Contributing to the Eclipse IDE Project: Principles, Plug-ins and Gerrit Code Review. Lars Vogel: vogella series, […]
Existing Attacks on SSL/TLS Protocol
Study design and implementations of SSL/TLS protocol and existing attacks on its design and implementation , testing approaches and tlsfuzzer project . Get familiar with existing attacks againts SSL/TLS. Identify existing attacks that are suitable for reproduction in tlsfuzzer framework. Design a test suite for them. Implement the tests and necessary improvements to tlsfuzzer and tlslite-ng . Run the tests against existing SSL/TLS implementations and evaluate the results. Points that should be done during the first semester: 1. and 2.  https://www.feistyduck.com/books/bulletproof-ssl-and-tls/  https://github.com/tomato42/tlsfuzzer  https://github.com/tomato42/tlslite-ng
Continuous Integration System for TLS/SSL Libraries Interoperability
Study design and implementations of SSL/TLS protocol (focus on OpenSSL, NSS and GNUTLS) and current state of the art of its interoperability and integration testing. Get familiar with existing tools and solutions for implementing public projects with continuous integration features. Design a sytem for publicly sharing integration and interoperability SSL/TLS tests that is able to execute the test suite and expose testing results to public before incorporating particular commit and pull request in both the test suite and upstream implementation of SSL/TLS library. This system should support tests written in BeakerLib . Design a test suite for testing interoperability and […]
Integration SELinux troubleshooting into ABRT Tool
Describe the current SELinux troubleshooting together with its advantages/disadvantages. Describe and design improvements for the current SELinux troubleshooting. Implement designed improvements to get better integration with the desktop. Outline possible future improvements of this implemented solution.
PerfCake scenario editor for NetBeans
Investigate and study the NetBeans plugin development. Make yourself familiar with the PerfCake performance testing framework. Design and implement user-friendly PerfCake scenario editor as a plugin into NetBeans. Design adn implement user-friendly PerfCake scenario creation wizard. The wizard would be part of the plugin. Design and implement the ability to actually execute the PerfCake scenario directly from NetBeans.
Graphical Debugger of GPIO Pins
Motivation When developing software solutions, it is beneficial to have an unified debugging tool, especially on ARM-based/embedded devices. To provide users with comprehensive development experience, Silverspoon.io needs to include user-friendly way of debugging IoT applications. Goals The main goal is to develop a library which can analyse activity on GPIO pins, and reuse it in a desktop application that might be used as a graphical debugger of GPIO Pins. Debugger needs to be able to set pin values to exact value (0,1). Requirements Develop a desktop application (e.g. Java Swing) that will graphically display activity on device gpio pins and […]
DHCP support for FreeIPA server
Work out FreeIPA server architecture. Design flexible database schema for DHCP data which could cover maximal number of use cases. Write database back-end for DHCP server ISC Kea.
Test shield for ARM-based boards
Get fimiliar with ARM-based boards (“ABB”) RaspberryPi, Cubieboard and BeagleBoneBlack. Design (schema and PCB) and build a universal test board (“TB”) that will: support GPIO (digital input, digital output, analog input, analog output), UART, I2C, SPI, have a single set of pins/connectors independent on the ABB, be connected to each ABB by an adapter (or a cable) with connector fitting ABB’s GPIO pin set on one side and with the connector fitting the TB’s pin set on the other side, be powered directly from the ABB, have short circuit / reverse polarity protection to avoid damaging the ABB. The test […]
Analyze & improve the filters in GNOME Photos
GNOME Photos is an application to access, organize and share your photos on GNOME 3. It has some common image processing features built into it so that users can quickly tweak and enhance their photographs after importing them from the camera. One such feature is the ability to apply some preset effects to an image. Unfortunately, most of the algorithms behind these filters were not scientifically developed or tested. They are merely implementations of approaches described by various people on the Internet. One exception is the Caap filter which is based on an algorithm developed by Corey Hoard. Scientifically analyzing some well-known […]
New UI for GNOME’s Online Account Settings
Settings → Online Accounts lets you configure your cloud and network accounts to GNOME’s single sign-on framework. Various applications and components use these to integrate your online content into the desktop. The user interface for this panel needs a face lift and we want to implement the latest mockups. You can break this into the following steps: The basic panel. This what you see when you first enter Settings → Online Accounts. It will show a list of existing accounts, and have controls to initiate creating a new account. Selecting an existing account should bring up the account information dialog. Account […]
Polymer elements for Business Process Management System
ELF binary file infection – possibilities and implementation
Executable and Linkable Format (ELF, formerly called Extensible Linking Format) is a common standard file format for executables, object code, shared libraries, and core dumps. Explore possibilities of binary ELF format infection. Goal is to consider possibilities of infection, document them and implement functional tool to which alllows insert payload to existing ELF binary file.
Graphical ELF binary file viewer and simple editor
Executable and Linkable Format (ELF, formerly called Extensible Linking Format) is a common standard file format for executables, object code, shared libraries, and core dumps. Goal is to create simple and easy to use viewer/editor of ELF binary file. Requrements: * Knowledge of ELF binary format * Basic knowledge of assembler (x86_64 or arm) and C/C++ language * Knowledge of libraries for creating graphical applications * Application must be portable minimally between Mac OS X and Linux * Viewer should be able to cope with some kind of ELF obfuscation techniques. Explore obfuscation techniques and implement some heuristic.
LESS-SASS style sheet converter
LESS and SASS are two dynamic style sheet languages with some minor differences. The goal of this thesis is to create a converter application between these formats. There are some converters available on the Internet, but all of them are working on the search and replace principle and can not produce 100% correct conversion. Tasks: Study the syntactical differences between LESS and SASS Implement an AST parser for both languages Study the implementational differences between LESS and SASS Implement a code generator for both languages Verify the correctness of the converter by writing automated tests References: http://lesscss.org/features/ http://sass-lang.com/documentation/file.SASS_REFERENCE.html https://github.com/brauliobo/less2sass https://github.com/jonschlinkert/grunt-refactor
Technical documentation validator
Popište specifika tvorby technické dokumentace. Popište formáty používané pro tvorbu strukturované technické dokumentace. Vysvětlete význam sémantického značkování. Popište význam průběžné integrace (CI) v kontextu tvorby technické dokumentace. Prostudujte možnosti nabízené systémem Emender, který je určený pro deklaraci a spouštění testů nad dokumenty. Navrhněte a implementujte test, který z dokumentů získá adresy odkazů, ověří dostupnost těchto odkazů a do výsledku testu zapíše seznam validních a seznam nevalidních odkazů. Podporovány by měl být formát DocBook. Test by měl taktéž sledovat, zda odkazy neodpovídají zadaným regulárním výrazům. Navrhněte a implementujte test, který získá seznam názvů balíčků a ověří, zda zadané balíčky pro zvolený […]
Business Process Wizard
Business process wizard is an attempt to create an alternative way to traditional business process modeling in BPMN2 specification. The goal is to create a tool which would easily enable business (non-technical) users to create simple but comprehensive business processes without any technical details. Get familiar with Red Hat JBoss BPM Suite, the practices in business process modeling and BPMN2 specification. Analyze the existing alternative tools for business process modeling. Business Process Wizard should offer services to use in the designed process without any technical details → study APIMan and possible integration with it. Design user interface for practical use of the wizard mainly aimed on business (non-technical) users. Study GWT, the toolkit, in which the wizard should be […]
Git reporting tool
Git reporting tool to enable project leaders to see statistics such as Git commits per person, by time period, per product, per component Size of git commit, e.g. differences in lines (added or removed) Additional characteristic (merges etc.)
Scene editor for Box2D physics simulator engine
OpenMAX performance benchmarks
Vizualizace práce CPU
Case Management Task Assignment Using OptaPlanner
Case Management is unique coordination of work (case) in specific context (e.g. health care, law, etc.) where the flow can be unknown and participants act in various roles. Assignments of tasks within cases can be tough and with increasing options we quickly get to a point where no human being is able to solve planning the assignments. Using OptaPlanner as a tool for business resource planning, tasks will be assigned based on predefined rules and priorities. Therefore, the aim of this thesis is to implement a module for automated task assignment using resource planning tool, OptaPlanner. Study Resource Management and Case Management including CMMN and BPMN notations. Get familiar with jBPM engine implementing case […]
Possibilities for data-mining from n-dimensional matrix
Students goal is to research possibilities for data mining from n-dimensional matrix, find existing open-source tools for the subject and prepare practical proof of concept. For practical part of the work, we will provide data which can be interpreted as n-dimensional matrix (results of tests running on different versions of operating system, on different architectures, on different hardware configurations, on different networks). Work can be written in English or in Czech.
Enhancement of PerfCake
Are you in search for an interesting thesis? Feel free to look around at PerfCake issues at Github. Especially those marked with “University project” label are well suitable. But you might want to look at others as well. https://github.com/PerfCake/PerfCake/labels/university%20project Once you find an issue that is interesting to you, let me know at firstname.lastname@example.org. We will then agree on a particular thesis.
Search filters on the file manager
Abstract Did you ever wanted to do a search in all your files for songs that are from a specific band? Or did you ever wanted to search on your pc for your favorite e-book and the only thing you know for sure is that its author is “James” and the title of the book contains “Fifty”? Or how about the episode 7 of season 3 of the series Games Of Thrones that you have all around in a folder with a million more series? Task The task will consist on provide the most common search filters for video, documents, […]
PerfCake support in IDE tools
The goal is to update the current PerfCake IDE plugins for Eclipse, Intellij IDEA and NetBeans to work with the current version of PerfCake, to unify workflow and user experience.
Docker image(s) for PerfRepo
The main goal of the topic is to define and create Docker image(s) for instances of a performance repository called PerfRepo. Performance result repository (PerfRepo) is a web application tool that intends to make it easy to capture and archive performance test results and simplify comparison of performance run results and detect a performance regression from one build to the next in an automated fashion. The PerfRepo repository would be deployed on the WildFly 10 application server as a web application and would use the latest PostgreSQL database for it’s dataources (v9.5.3 at the time of writing this). At least two […]
Libvirt unified job control
Libvirt is an API, daemon and tool for managing virtual machines. It also prepares host environment whenever virtual machine configuration requires so. Therefore, Libvirt has subsystems for managing storage, (virtual) network interfaces, host devices and so on. Moreover, Libvirt exposes APIs so that entities from these subsystems can be managed directly too. For instance, storage units for virtual machines can be allocated directly via an API call, host network interfaces can be managed with simple Libvirt function call, and PCI device assignment is made easy with Libvirt. Following this logic, virtual machines are then just yet another class of objects […]
Provide automated unit testing and profiling in the file manager
Have you ever modified something in your project and then realised weeks later your project is broken in some cases and don’t know where or when you or your colleagues broke it? Have you ever made some change in the past and then someone commented how slow your application is, and you don’t know where and why? Stability and reliability in a file manager is on of the most important features, so we would like to have an automated unit testing for operations and interactions in the file manager, together with automated profiling and a nice graphical output to be […]
Remote Execution Output Processing
Foreman Remote Execution is a tool for running arbitrary commands on a set of hosts. Its designed to support multiple providers (SSH, MCollective, Ansible, Salt) as well as complex network topologies. The goal of the thesis is to extend this tool, design and implement a solution for further processing of the data that is produced at the execution. It should allow to define a logic to extract meaningful data from the output in order to make it useful in other parts of the system (searching for the data, determining the status of hosts etc.) It should also provide an ability […]
Java source code analysis using the Spoon library
Using the Immutables processor in the Java programming language
Application-specific passwords / Multiple passwords for one user in FreeIPA
FreeIPA is an authentication and authorization server. At the moment, FreeIPA does not currently allow users to have more than one password. Aim of the thesis is to allow to use multiple passwords for single user. Motivation There are many possible use cases for multiple passwords for single user account: Several fall under a category that could be broadly defined as ‘application specific passwords’ (as Google refers to it), or possibly ‘partially trusted credentials’, or something. For instance: I have my mail server configured to use FreeIPA authentication via PAM. I have three computers, two phones and a tablet configured […]
Extend USBGuard to support external authorization policy sources
The USBGuard project provides user space components for implementing USB device authorization policies on Linux based systems. Currently, these authorization policies can be stored only in a local file. The aim of this thesis is to extended USBGuard to support multiple policy sources, including LDAP and SSSD. This will allow for centralized management of USB device authorization policies via LDAP and other backends. Motivation Centralized management of security and compliance policies is a basic requirement of good IT security practices. Extending USBGuard with centralized management capabilities would extend the applicability of the project from single machine deployments to company-wide computer infrastructures. Deliverables […]
Performance optimization of testing automation framework based on Beakerlib
BeakerLib is a shell-level integration testing library, providing convenience functions which simplify writing, running and analysis of integration and black box tests. Tests written with Beakerlib can be run directly from Bash command line or as a part of wider work flow using one of available harnesses. These include Beah harness usable with Beaker machine provisioner and Restraint harness usable both with and without Beaker. Goal of this work is to carry out performance analysis of Beakerlib library alone and in conjunction with either Beah or Restraint (or both) harness and propose, implement and measure performance optimizations in these use […]
Data Mining for High Productivity Information System
When dealing with large amounts of data it might be useful to either predict some trends or to figure out patterns in existing data. Investigate existing data mining algorithms – we would like to use stat-of-the-art version of really basic algorithms for classifiers, decision trees and clustering. Other options are also possible when suitable. Analyze the possibilities usage of data mining algorithms in an information system. Design a way how to bring the power of data mining algorithms available to basic users without any deep technical knowledge. The users should be able to use the algorithms to for example predict […]
Business Processes for a High Productivity Information System
Investigate existing workflow solutions and figure out which one is easiest to integrate with or most comprehensible to users. Design simplified workflow editor on top of the selected framework. The important supported tasks in the workflow should be: a human task (what someone needs to accomplish), execute data query, write to a collection, send an email or any other notification. Demonstrate the proposed design by implementing a sample application leveraging open-source platform Lumeer.
Data Explorer for a High Productivity Information System
One of the typical tasks users perform in spreadsheets (Microsoft Excel, Google Sheets, LibreOffice Calc, etc.) is that they enter some sample data and see what happens when they do some changes to them. The changes can be adding or multiplication of values in a column, counting various averages and sums based on conditions, further filtering the data, adding input parameters and tweaking the parameters and in the end creating a chart displaying the influence of the parameters on the data entered. However, it might be hard to see what logical steps lead to the result. Design and implement an […]
Automatic topology for FreeIPA deployments
FreeIPA supports multi-master replication. When setting up environment with dozens of replicas, replication agreements (edges in the topology graph) need to be created to ensure smooth operation of the setup, while not exceeding an informal limit of agreements that each server should have without negatively affecting performance. We are looking for algorithm and its implementation for creating the replication agreements automatically, without admin’s manual intervention.