The Brno Red Hat engineering site collaborates with several universities not only in the Czech Republic and Slovakia but also in Europe. Our long-term partner universities are Masaryk University, Faculty of Informatics and Brno University of Technology, Faculty of Information Technology, but we also cooperate with several other universities, including Czech Technical University in Prague or Graz University of Technology, Austria.
Our engineers lead bachelor and master theses, we cooperate with university laboratories and researchers on projects and grants or sponsor Ph.D. students. We also deliver guest lectures, workshops or even whole courses at universities.
We also support high-school students and teachers, and also organize events for primary schools (for example, on teaching computer science to children).
Date: December 8, 2022
EduLint: A Python linter for novice programmers by Anna Řechtáčková
Code quality matters. Following best practices and avoiding antipatterns helps to make the code more readable, maintainable, or easier to debug. Novice programmers usually do not know these practices and often need to be made aware of them through a code review by a more experienced programmer. This creates significant time and personnel requirements (e.g., in the introductory programming course at the Faculty of Informatics, Masaryk University, creating the feedback takes over 2000 person-hours every semester). While some problems are challenging to discover automatically (misleading variable names, ill-suited decomposition), some problems (usually those related to overly complicated code structure) can be detected by static analysis. Providing automatic feedback about these easily detectable problems (leaving only the challenging ones to the TAs) is the goal of the newly-developed linter EduLint, which will be presented in this talk.
Anna Řechtáčková is a student of Theoretical Informatics, specializing in Principles of Programming Languages at the Faculty of Informatics, Masaryk University. She did her bachelor’s thesis on static analysis of C programs for the verification tool Symbiotic. For her master’s thesis, she is developing EduLint, a linter for novice programmers. For the past three years, Anna has been a teaching assistant at FI MU, leading seminars and reviewing students’ code.
Join the RIG meeting with Google meet: https://meet.google.com/arv-uggu-xmr
Date: November 10, 2022
DDoS Attack on Cloud Auto-scaling Mechanisms by Anat Bremler-Barr
Auto-scaling mechanisms are an important line of defense against Distributed Denial of Service (DDoS) in the cloud. Using auto-scaling, machines can be added and removed in an online manner to respond to fluctuating load. It is commonly believed that the auto-scaling mechanism casts DDoS attacks into Economic Denial of Sustainability (EDoS) attacks. Rather than suffering from performance degradation up to a total denial of service, the victim suffers from the economic damage incurred by paying for the extra resources required to process the bogus traffic of the attack. Contrary to this belief, we present and analyze the Yo-Yo attack, a new attack against the auto-scaling mechanism, that can cause significant performance degradation in addition to economic damage. We demonstrate the attack on Amazon EC2, on Kubernetes, and on serverless architecture.
Anat Bremler-Barr is a Professor at Reichman University. Anat is currently on a sabbatical at Red Hat. In 2001, she co-founded Riverhead Networks Inc., a company that provides systems to protect from Denial of Service attacks. The company was acquired by Cisco Systems in 2004. She then joined the Efi Arazi School of Computer Science at Reichman University. She is the founder and director of the Deepness Lab, which focuses on designing reliable and efficient networks and network devices. Her research interests are in computer networks and network security. Her recent research works are focused on DNS security, Cloud security, IoT security, DDoS mitigation, and CVEs analysis.
Join the RIG meeting with Google meet: https://meet.google.com/arv-uggu-xmr
Europe RIG Meetings Archive
Held on November 3, DevConf.CZ Mini featured talks themed around Cloud and Hyperscale, Edge Computing, and Future Tech and Open Research, including two research collaborations with Brno University of Technology and Czech Technical University in Prague supported by Red...
The PHYSICS (oPtimized HYbrid Space-time servIce Continuum in faaS) project midterm review was completed on September 20, 2022, at a hybrid meeting in Brussels. During PHYSICS's project midterm review meeting, the project's consortium discussed the project's progress...
Czech Technical University in Prague
Graz University of Technology
University of Žilina
Title Summary Research Area Universities hf:tax:research_area ICOS: IoT2cloud Operating SystemICOS The ICOS project aims at covering the set of challenges coming up when addressing this continuum paradigm, proposing an approach embedding a well-defined set of functionalities, ending up in the definition of an IoT2cloud Operating System (ICOS). AI-ML, Cloud-DS, Security, Privacy, Cryptography National and Kapodistrian University of Athens, Technische Universitãt Braunschweig, Universitat Politécnica de Catalunya (UPC) ai-ml cloud-ds security-privacy-cryptography StrIoT: functional stream processing StrIoT is a functional stream-processing system written in the Haskell programming language. The StrIoT library provides a set of stream-processing … Cloud-DS Newcastle University cloud-ds Securing satellite communications with in-network computing This project aims to design, implement and evaluate a system to enhance the security and privacy of emerging satellite communications infrastructure using in-network computing and software-defined networking. Security, Privacy, Cryptography University of Oxford security-privacy-cryptography Characterizing and optimizing reactive systems, a continuum language-runtime This research project was kicked off by a paper we published in REBLS 2021. This paper aimed at comparing the costs and benefits of three different reactive streams libraries for Java: do mature and complex libraries implementing involved optimizations perform better than newer libraries sacrificing such optimizations for a simpler codebase? Cloud-DS, Testing and Ops cloud-ds testing-and-ops PHYSICS: oPtimized HYbrid Space-time servIce Continuum in faaS Join Red Hat Research for the next Research Days event, “PHYSICS EU Project: Advancing FaaS applications in the cloud continuum,” on November 16, 2022, … AI-ML, Cloud-DS ai-ml cloud-ds Side-channel attacks on embedded devices and smartcards This project focuses on several aspects of side-channel attacks on embedded devices and smartcards, utilizing timing, power-analysis and other side-channels. … Security, Privacy, Cryptography Masaryk University security-privacy-cryptography Mining issued Common Criteria and FIPS140-2 certificates The security certification reports might be long but is also a trove of publicly available data about otherwise proprietary devices … Security, Privacy, Cryptography Masaryk University security-privacy-cryptography Verifying constant-time cryptographic algorithm implementations The aim of this project is to verify the timing side-channel resistance of cryptographic implementations. The project focuses on the constant time (and constant memory access) generic cryptographic implementations of selected cryptographic algorithms. T Security, Privacy, Cryptography Masaryk University security-privacy-cryptography Trusted Computing Ecosystem The project aims to study the TPM ecosystem as currently exists in deployed devices and software applications using it, establish the types of chips and their properties one can encounter, investigate the state of patching of known vulnerabilities like ROCA against Infineon’s TPM (CVE-2017-15361) or TPMFail against Intel’s fTPM (CVE-2019-11090) and STM’s TPM (CVE-2019-16863) and analyze a reliability of stored integrity measurements (PCRs) for remote attestation and disk encryption uses. Security, Privacy, Cryptography Masaryk University security-privacy-cryptography Improving Full Disk Encryption The primary focus of this project is also data integrity protection, either in combination with encryption (authentication encryption) or standalone using dm-integrity and dm-verity kernel driver. Security, Privacy, Cryptography Masaryk University security-privacy-cryptography Accelerating Microarchitectural Security Research We are working on processes and tooling to lower the barrier to entry into the field and accelerate attack research and mitigation across academia and industry. Security, Privacy, Cryptography Graz University of Technology security-privacy-cryptography Authentication in public open-source repositories This project focuses on user authentication in public repositories containing open-source projects, which are then used by commercial companies (e.g. Red Hat) as a source for their internally maintained repositories. Security, Privacy, Cryptography Masaryk University security-privacy-cryptography LART – LLVM Abstraction and Refinement Tool The goal of this tool is to provide LLVM-to-LLVM transformations that implement various program abstractions. Testing and Ops Masaryk University testing-and-ops Adaptive Learning of Programming The mission of Adaptive Learning of Programming is to make learning more efficient and engaging by personalizing educational systems using artificial intelligence techniques. AI-ML Masaryk University ai-ml Innovation Scorecard: Controlling framework for innovation projects in IT Innovation Scorecard is a conceptual performance measurement and management control framework specifically designed for work activities that relate to innovation. Its origin lies in the outcomes of a primary research project that was supported by the Czech Scientific Foundation during 2013-2015. This project’s objective was to ascertain whether organizations in the Czech Republic measure the efficiency of their innovations and what metrics they applied to measure these. Results confirmed that organizations that constantly managed innovation were engaged in identifying performance measurements to determine the level of value and benefits associated with innovation. Brno University of Technology Perun: Lightweight Performance Version System Perun is an open source light-weight Performance Version System, which works as a wrapper over existing Version Control Systems and in parallel manages performance profiles corresponding to different versions of projects. Moreover, it offers a tool suite suitable for automation of the performance regression test runs, postprocessing of existing profiles or effective interpretation of the results. Brno University of Technology DiffKemp: Automatic analysis of semantic differences in kernel options The project aims at creating a tool for automatic analysis of differences in the code between versions of the Linux kernel. The goal is to determine whether the semantics (the effect) of some kernel option, function, or parameter, changed between two kernel versions Brno University of Technology Symbiotic Symbiotic is an open-source framework for program analysis integrating instrumentation, static program slicing and various program analysis tools. Testing and Ops Masaryk University testing-and-ops Vega Project The Vega Project team at Red Hat came up with an idea to harness the power of Kubernetes to provide the next-generation open-source tool for high-performance computing. The project is way past the design phase, and the team is already working on the proof-of-concept implementation using Red Hat OpenShift Container Platform. Masaryk University Quality Assurance System for Internet of Things Technology The main goal is to design, implement and verify a framework for quality assurance of products based on the Internet of Things concept. The aim of the framework is to help individual IoT projects to establish an efficient testing and verification strategy of the infrastructure. The proposed framework is based on a model of the IoT infrastructure, composed of methodological part, driven by university team, and a technical part, mainly worked on by Red Hat engineers. Testing and Ops Czech Technical University testing-and-ops AUFOVER – The Automation of Formal Verification The goal of the Automation of Formal Verification (AUFOVER) project is to develop automated formal verification tools and integrate them for industrial use. The tools to be developed or improved within the projects are Verification Server, Verification Server Client Application, csmock plug-ins, DIVINE, Symbiotic and Testos. The purpose of the grant is to finish the development of university tools based on formal mathematical methods and their transfer to a commercial environment, including integration with industrial partners’ tools and incorporation of these tools into the commercial processes for software verification. Testing and Ops Brno University of Technology, Masaryk University testing-and-ops Usable Security for Developers This project focuses on the cryptographic APIs with respect to their developer usability. Such APIs are notoriously complex and prone to usage errors – our goal is to analyze their (in)correct usage and propose precautions and guidelines to achieve better usability and security. Security, Privacy, Cryptography Masaryk University security-privacy-cryptography Avocado Project The goal of the Avocado project, as a generic test automation framework, is to provide a solid foundation for software projects to build their testing needs on. With Avocado, common testing problems are solved at the framework level, and developers can spend more of their time writing tests that, by default, will adhere to best practices. Testing and Ops Czech Technical University, Karlstad University testing-and-ops