Europe RIG

Europe RIG

The Brno Red Hat engineering site collaborates with several universities not only in the Czech Republic and Slovakia but also in Europe. Our long-term partner universities are Masaryk University, Faculty of Informatics and Brno University of Technology, Faculty of Information Technology, but we also cooperate with several other universities, including Czech Technical University in Prague or Graz University of Technology, Austria.

Our engineers lead bachelor and master theses, we cooperate with university laboratories and researchers on projects and grants or sponsor Ph.D. students. We also deliver guest lectures, workshops or even whole courses at universities.

We also support high-school students and teachers, and also organize events for primary schools (for example, on teaching computer science to children).

Europe Research Interest Group Meeting [December 2022]

Date: December 8, 2022


Meeting Agenda:

EduLint: A Python linter for novice programmers by Anna Řechtáčková

Code quality matters. Following best practices and avoiding antipatterns helps to make the code more readable, maintainable, or easier to debug. Novice programmers usually do not know these practices and often need to be made aware of them through a code review by a more experienced programmer. This creates significant time and personnel requirements (e.g., in the introductory programming course at the Faculty of Informatics, Masaryk University, creating the feedback takes over 2000 person-hours every semester). While some problems are challenging to discover automatically (misleading variable names, ill-suited decomposition), some problems (usually those related to overly complicated code structure) can be detected by static analysis. Providing automatic feedback about these easily detectable problems (leaving only the challenging ones to the TAs) is the goal of the newly-developed linter EduLint, which will be presented in this talk.

Anna Řechtáčková is a student of Theoretical Informatics, specializing in Principles of Programming Languages at the Faculty of Informatics, Masaryk University. She did her bachelor’s thesis on static analysis of C programs for the verification tool Symbiotic. For her master’s thesis, she is developing EduLint, a linter for novice programmers. For the past three years, Anna has been a teaching assistant at FI MU, leading seminars and reviewing students’ code.

Join the RIG meeting with Google meet: https://meet.google.com/arv-uggu-xmr

Europe Research Interest Group Meeting [November 2022]

Date: November 10, 2022


Meeting Agenda:

DDoS Attack on Cloud Auto-scaling Mechanisms by Anat Bremler-Barr

Auto-scaling mechanisms are an important line of defense against Distributed Denial of Service (DDoS) in the cloud. Using auto-scaling, machines can be added and removed in an online manner to respond to fluctuating load. It is commonly believed that the auto-scaling mechanism casts DDoS attacks into Economic Denial of Sustainability (EDoS) attacks. Rather than suffering from performance degradation up to a total denial of service, the victim suffers from the economic damage incurred by paying for the extra resources required to process the bogus traffic of the attack. Contrary to this belief, we present and analyze the Yo-Yo attack, a new attack against the auto-scaling mechanism, that can cause significant performance degradation in addition to economic damage. We demonstrate the attack on Amazon EC2, on Kubernetes, and on serverless architecture.

Anat Bremler-Barr is a Professor at Reichman University. Anat is currently on a sabbatical at Red Hat. In 2001, she co-founded Riverhead Networks Inc., a company that provides systems to protect from Denial of Service attacks. The company was acquired by Cisco Systems in 2004. She then joined the Efi Arazi School of Computer Science at Reichman University. She is the founder and director of the Deepness Lab, which focuses on designing reliable and efficient networks and network devices. Her research interests are in computer networks and network security. Her recent research works are focused on DNS security, Cloud security, IoT security, DDoS mitigation, and CVEs analysis.

Join the RIG meeting with Google meet: https://meet.google.com/arv-uggu-xmr

Europe RIG Meetings Archive

November 2022
October 2022
September 2022
June 2022
May 2022
April 2022
February 2022
September 2021
July 2021
June 2021
No event found!

News

People

Affiliated Universities

Faculty of Information Technology – Brno University of Technology

Faculty of Informatics – Masaryk University

Charles University

Czech Technical University in Prague

Graz University of Technology

University of Žilina

Events

No event found!

Related Projects

TitleSummaryResearch AreaUniversitieshf:tax:research_area
ICOS: IoT2cloud Operating SystemICOSThe ICOS project aims at covering the set of challenges coming up when addressing this continuum paradigm, proposing an approach embedding a well-defined set of functionalities, ending up in the definition of an IoT2cloud Operating System (ICOS)., , , , ai-ml cloud-ds security-privacy-cryptography
StrIoT: functional stream processingStrIoT is a functional stream-processing system written in the Haskell programming language. The StrIoT library provides a set of stream-processing …cloud-ds
Securing satellite communications with in-network computingThis project aims to design, implement and evaluate a system to enhance the security and privacy of emerging satellite communications infrastructure using in-network computing and software-defined networking.security-privacy-cryptography
Characterizing and optimizing reactive systems, a continuum language-runtimeThis research project was kicked off by a paper we published in REBLS 2021. This paper aimed at comparing the costs and benefits of three different reactive streams libraries for Java: do mature and complex libraries implementing involved optimizations perform better than newer libraries sacrificing such optimizations for a simpler codebase?, cloud-ds testing-and-ops
PHYSICS: oPtimized HYbrid Space-time servIce Continuum in faaSJoin Red Hat Research for the next Research Days event, “PHYSICS EU Project: Advancing FaaS applications in the cloud continuum,” on November 16, 2022, …, ai-ml cloud-ds
Side-channel attacks on embedded devices and smartcardsThis project focuses on several aspects of side-channel attacks on embedded devices and smartcards, utilizing timing, power-analysis and other side-channels. …security-privacy-cryptography
Mining issued Common Criteria and FIPS140-2 certificatesThe security certification reports might be long but is also a trove of publicly available data about otherwise proprietary devices …security-privacy-cryptography
Verifying constant-time cryptographic algorithm implementationsThe aim of this project is to verify the timing side-channel resistance of cryptographic implementations. The project focuses on the constant time (and constant memory access) generic cryptographic implementations of selected cryptographic algorithms. Tsecurity-privacy-cryptography
Trusted Computing EcosystemThe project aims to study the TPM ecosystem as currently exists in deployed devices and software applications using it, establish the types of chips and their properties one can encounter, investigate the state of patching of known vulnerabilities like ROCA against Infineon’s TPM (CVE-2017-15361) or TPMFail against Intel’s fTPM (CVE-2019-11090) and STM’s TPM (CVE-2019-16863) and analyze a reliability of stored integrity measurements (PCRs) for remote attestation and disk encryption uses.security-privacy-cryptography
Improving Full Disk EncryptionThe primary focus of this project is also data integrity protection, either in combination with encryption (authentication encryption) or standalone using dm-integrity and dm-verity kernel driver.security-privacy-cryptography
Accelerating Microarchitectural Security ResearchWe are working on processes and tooling to lower the barrier to entry into the field and accelerate attack research and mitigation across academia and industry.security-privacy-cryptography
Authentication in public open-source repositoriesThis project focuses on user authentication in public repositories containing open-source projects, which are then used by commercial companies (e.g. Red Hat) as a source for their internally maintained repositories.security-privacy-cryptography
LART – LLVM Abstraction and Refinement ToolThe goal of this tool is to provide LLVM-to-LLVM transformations that implement various program abstractions.testing-and-ops
Adaptive Learning of ProgrammingThe mission of Adaptive Learning of Programming is to make learning more efficient and engaging by personalizing educational systems using artificial intelligence techniques.ai-ml
Innovation Scorecard: Controlling framework for innovation projects in ITInnovation Scorecard is a conceptual performance measurement and management control framework specifically designed for work activities that relate to innovation. Its origin lies in the outcomes of a primary research project that was supported by the Czech Scientific Foundation during 2013-2015. This project’s objective was to ascertain whether organizations in the Czech Republic measure the efficiency of their innovations and what metrics they applied to measure these. Results confirmed that organizations that constantly managed innovation were engaged in identifying performance measurements to determine the level of value and benefits associated with innovation.
Perun: Lightweight Performance Version SystemPerun is an open source light-weight Performance Version System, which works as a wrapper over existing Version Control Systems and in parallel manages performance profiles corresponding to different versions of projects. Moreover, it offers a tool suite suitable for automation of the performance regression test runs, postprocessing of existing profiles or effective interpretation of the results.
DiffKemp: Automatic analysis of semantic differences in kernel optionsThe project aims at creating a tool for automatic analysis of differences in the code between versions of the Linux kernel. The goal is to determine whether the semantics (the effect) of some kernel option, function, or parameter, changed between two kernel versions
SymbioticSymbiotic is an open-source framework for program analysis integrating instrumentation, static program slicing and various program analysis tools.testing-and-ops
Vega ProjectThe Vega Project team at Red Hat came up with an idea to harness the power of Kubernetes to provide the next-generation open-source tool for high-performance computing. The project is way past the design phase, and the team is already working on the proof-of-concept implementation using Red Hat OpenShift Container Platform.
Quality Assurance System for Internet of Things TechnologyThe main goal is to design, implement and verify a framework for quality assurance of products based on the Internet of Things concept. The aim of the framework is to help individual IoT projects to establish an efficient testing and verification strategy of the infrastructure. The proposed framework is based on a model of the IoT infrastructure, composed of methodological part, driven by university team, and a technical part, mainly worked on by Red Hat engineers.testing-and-ops
AUFOVER – The Automation of Formal VerificationThe goal of the Automation of Formal Verification (AUFOVER) project is to develop automated formal verification tools and integrate them for industrial use. The tools to be developed or improved within the projects are Verification Server, Verification Server Client Application, csmock plug-ins, DIVINE, Symbiotic and Testos. The purpose of the grant is to finish the development of university tools based on formal mathematical methods and their transfer to a commercial environment, including integration with industrial partners’ tools and incorporation of these tools into the commercial processes for software verification., testing-and-ops
Usable Security for DevelopersThis project focuses on the cryptographic APIs with respect to their developer usability. Such APIs are notoriously complex and prone to usage errors – our goal is to analyze their (in)correct usage and propose precautions and guidelines to achieve better usability and security.security-privacy-cryptography
Avocado ProjectThe goal of the Avocado project, as a generic test automation framework, is to provide a solid foundation for software projects to build their testing needs on. With Avocado, common testing problems are solved at the framework level, and developers can spend more of their time writing tests that, by default, will adhere to best practices., testing-and-ops