Stjepan Groš

A method for identifying Web applications

Web applications are ubiquitous in today’s businesses. The security of these applications is of utmost importance since security breaches might negatively impact good reputation, and even result in bankruptcy. There are different methods of assessing security of Web applications, mainly based on some automated method of scanning. One type of scan method feeds random data to the application and monitors its behavior. The other type uses a database with predefined vulnerabilities that are checked one by one until either a vulnerability is found, or it can be claimed that the application does not have any known vulnerabilities. The important step in latter type of scan process is the identification of the application since in this case we are narrowing number of checks and, as a consequence, the scan process is faster. This paper describes a method for Web application identification based on a black box principle. Our method is based on the invariance of certain characteristics of Web applications. We experimentally tested and confirmed the usefulness of this approach.

Load balancing MPI algorithm for high throughput applications

MPI (message passing interface) is a standard API (application programming interface) used to create distributed applications. Development of distributed MPI software is a challenging task in which many difficulties may arise. Common problems include load balancing, deadlocks and livelocks. In order to tackle complexity of parallel programming various methods are developed. In this paper we present a load balancing algorithm (LBA) that can be used instead of developing custom parallel application. The algorithm uses MPI transport mechanism for internal signaling and synchronization. The LBA is most suitable for the tasks that involve high and continuous data throughput. It performance will significantly degrade if used in complex computation topologies.

Implementation of Certificate Based Authentication in IKEv2 Protocol

IPsec is a security architecture for Internet, which is directly positioned on the top of the IP layer. The major part of IPsec consists of the Internet Key Exchange protocol, now in its version 2. IKEv2 offers authentication, authorization and key agreement services. One of the possible authentication mechanisms in this protocol is based on X509 certificates and the PKI infrastructure. As we are in the process of the IKEv2 protocol implementation, in this paper we describe experiences and design decisions taken during the implementation of the X509 certificate based authentication in the IKEv2 daemon.

An experiment in using IMUNES and Conpot to emulate honeypot control networks

Honeypots are used as a security measure both to divert the attention of a potential attackers intentions and to reveal the attacker since the only reason someone would interact with honeypots is if they are looking for a vulnerable target. Honeypots emulate only a part of the machine they are supposed to represent and contain no valuable data. ICS (Industrial Control System) is a term that is used for a system that monitors industrial plants, distributed control systems or other systems that mostly contain PLCs (Programmable Logic Controllers). Conpot is an open source honeypot that emulates PLC devices so it can be used in ICSs. However, Conpot can not emulate complex honeypot networks. The aim of this project is to make a tool that can be used to design a honeypot network which emulates an ICS. A network designed with that tool will be simulated as a part of this project and the data collected during the simulation will be analyzed.

Android-powered web server for volunteer-based environment sensing

Many people today are using smartphones and similar forms of mobile computers in every aspect of their lives as a standard and undetachable personal outfit. Besides the significant amount of computing power, storage capacity, and communication capabilities, these devices are equipped with a set of embedded sensors. This makes them not only sufficient for being a reliable on-site assistants, but also powerful enough to deliver sensory information collected from the environment to the remote users through the Internet. Having an open community of smartphone users involved as data sources into the environment sensing program reduces the need for a dedicated sensory infrastructure preinstalled throughout the environment, yet providing a satisfactory level of territory coverage. The necessary prerequisite is, however, that users can contribute effortlessly, with minimum or no overhead compared to a normal smartphone usage. In this paper, we present a prototype implementation of an Android-powered web server for autonomous capture and delivery of sensory information from a mobile device to the remote users. A modular software framework is described for seamless extension of the server with support for new types of sensors as new models of devices appear on the market, while still providing basic level of interoperability with these sensors until the server gets upgraded.

Benu: Operating system increments for embedded systems engineer's education

Most of todays computer systems, including rapidly emerging embedded ones, rely on an operating system. Consequently, the development of embedded systems and related software often requires a deeper understanding of operating systems. This paper presents a new incrementally built operating system and a learning course formed around it. Each increment builds on the previous one and introduces new system elements, new concepts and solutions, and a new set of assignments for improving or extending operations or simply demonstrating its use. Increments and assignments are designed to extend theoretical and practical knowledge in the operating system domain, give experience with non-trivial software systems and their development tools, familiarize the learner with basic computer hardware components and demonstrate device driver construction. The audience targeted by this operating system and course materials includes advanced students with (basic) knowledge of computer architecture, programming and operating systems. In addition, materials may be used individually as part of a lifelong learning process.

Testing Task Schedulers on Linux System

Testing task schedulers on Linux operating system proves to be a challenging task. There are two main problems. The first one is to identify which properties of the scheduler to test. The second problem is how to perform it, e.g., which API to use that is sufficiently precise and in the same time supported on most platforms. This paper discusses the problems in realizing test framework for testing task schedulers and presents one potential solution. Observed behavior of the scheduler is the one used for “normal” task scheduling (SCHED_OTHER), unlike one used for real-time tasks (SCHED_FIFO, SCHED_RR).