Usable Security for Developers

A Masaryk University project

This project focuses on the cryptographic APIs with respect to their developer usability. Such APIs are notoriously complex and prone to usage errors – our goal is to analyze their (in)correct usage and propose precautions and guidelines to achieve better usability and security.

Masaryk University

The cooperation between Masaryk University and Red Hat Czech was established in 2007, just one year after the Red Hat Czech subsidiary was formed. Long-term cooperation with Red Hat happens on multiple levels and includes supervising bachelor‘s and master‘s theses focused on real projects, sponsoring PhD students and their open research projects, and teaching accredited courses led by experienced Red Hat associates.

Red Hat offers students the opportunity to pursue research activities and projects directly in their own open-source lab, which serves as the place to support common activities between Red Hat and the faculty.
UML

News

Three researchers from the Faculty of Informatics involved in Red Hat Research were awarded with the 2021 “MUNI Innovation Award”

Three researchers from the Faculty of Informatics involved in Red Hat Research were awarded with the 2021 “MUNI Innovation Award”

Masaryk University awarded the 2021 “MUNI Innovation Award” at its Business Research Forum on November 11, 2021. These new awards aim at individual students and employees whose outputs have been successfully implemented in practice, have helped improve products or services or have otherwise contributed to increasing the social relevance of Masaryk University’s research activities.

Related Projects

TitleSummaryResearch Area
Side-channel attacks on embedded devices and smartcardsThis project focuses on several aspects of side-channel attacks on embedded devices and smartcards, utilizing timing, power-analysis and other side-channels. …
Mining issued Common Criteria and FIPS140-2 certificatesThe security certification reports might be long but is also a trove of publicly available data about otherwise proprietary devices …
Verifying constant-time cryptographic algorithm implementationsThe aim of this project is to verify the timing side-channel resistance of cryptographic implementations. The project focuses on the constant time (and constant memory access) generic cryptographic implementations of selected cryptographic algorithms. T
Trusted Computing EcosystemThe project aims to study the TPM ecosystem as currently exists in deployed devices and software applications using it, establish the types of chips and their properties one can encounter, investigate the state of patching of known vulnerabilities like ROCA against Infineon’s TPM (CVE-2017-15361) or TPMFail against Intel’s fTPM (CVE-2019-11090) and STM’s TPM (CVE-2019-16863) and analyze a reliability of stored integrity measurements (PCRs) for remote attestation and disk encryption uses.
Improving Full Disk EncryptionThe primary focus of this project is also data integrity protection, either in combination with encryption (authentication encryption) or standalone using dm-integrity and dm-verity kernel driver.
Authentication in public open-source repositoriesThis project focuses on user authentication in public repositories containing open-source projects, which are then used by commercial companies (e.g. Red Hat) as a source for their internally maintained repositories.
LART – LLVM Abstraction and Refinement ToolThe goal of this tool is to provide LLVM-to-LLVM transformations that implement various program abstractions.
Adaptive Learning of ProgrammingThe mission of Adaptive Learning of Programming is to make learning more efficient and engaging by personalizing educational systems using artificial intelligence techniques.
SymbioticSymbiotic is an open-source framework for program analysis integrating instrumentation, static program slicing and various program analysis tools.
Vega ProjectThe Vega Project team at Red Hat came up with an idea to harness the power of Kubernetes to provide the next-generation open-source tool for high-performance computing. The project is way past the design phase, and the team is already working on the proof-of-concept implementation using Red Hat OpenShift Container Platform.
AUFOVER – The Automation of Formal VerificationThe goal of the Automation of Formal Verification (AUFOVER) project is to develop automated formal verification tools and integrate them for industrial use. The tools to be developed or improved within the projects are Verification Server, Verification Server Client Application, csmock plug-ins, DIVINE, Symbiotic and Testos. The purpose of the grant is to finish the development of university tools based on formal mathematical methods and their transfer to a commercial environment, including integration with industrial partners’ tools and incorporation of these tools into the commercial processes for software verification.
Usable Security for DevelopersThis project focuses on the cryptographic APIs with respect to their developer usability. Such APIs are notoriously complex and prone to usage errors – our goal is to analyze their (in)correct usage and propose precautions and guidelines to achieve better usability and security.