Publications

Article

10.1016/j.ascom.2021.100463

Department of Computer Systems

A wide variety of approaches are available for big data cube visualization and analysis. However, few exploit the power of array databases and none preserve the scientific uncertainties in measurements when constructing lower resolutions. In machine learning applications, we often need to rapidly search data for regions of interest and then focus on these areas, but without having to retrain the model every time we change the resolution. However, the reliable verification of these areas also requires details of the accuracy of the measured values. In this study, we developed a new software infrastructure called Hierarchical Semi-Sparse Cube (HiSS-Cube) based on Hierarchical Data Format version 5. HiSS-Cube enables visualization and machine learning using combined heterogeneous data and it was designed to be scalable for big data. HiSS-Cube allows data from multiple domains (imaging, spectral, and timeseries data) to be combined and the construction of a multi-resolution semi-sparse data cube that preserves the uncertainties of scientific measurement at all resolutions. The functionality of HiSSCube was verified based on a subset of the Sloan Digital Sky Survey Stripe 82 survey. We compared the times and volumes for visualizations and machine learning data exported to HiSS-Cube and the original format (FITS). Using these data, we demonstrated that HiSS-Cube is faster by several orders of magnitude. HiSS-Cube supports export to the VOTable format and it is compatible with common Virtual Observatory tools. The source code for our prototype HiSS-Cube is available from GitHub and the data are available from Zenodo.

Article

10.1002/cpe.6236

Department of Computer Systems

Repeatedly performing sparse matrix‐vector multiplication (SpMV) followed by transposed sparse matrix‐vector multiplication (SpMᵀV) with the same matrix is a part of several algorithms, for example, the Lanczos biorthogonalization algorithm and the biconjugate gradient method. Such algorithms can benefit from combining parallel SpMV and SpMᵀV into a single operation we call ‘joint direct and transposed sparse matrix‐vector multiplication’ (SpMMᵀV). In this article, we present a parallel SpMMᵀV algorithm for shared‐memory CPUs. The algorithm uses a sparse matrix format that divides the stored matrix into sparse matrix blocks and compresses the row and column indices of the matrix. This sparse matrix format can be also used for SpMV, SpMᵀV, and similar sparse matrix‐vector operations. We expand upon existing research by suggesting new variants of the parallel SpMMᵀV algorithm and by extending the algorithm to efficiently support symmetric matrices. We compare the performance of the presented parallel SpMMᵀV algorithm with alternative approaches, which use state‐of‐the‐art sparse matrix formats and libraries, using sparse matrices from real‐world applications. The performance results indicate that the median performance of our proposed parallel SpMMᵀV algorithm is up to 45% higher than of the alternative approaches.

Article

10.1051/0004-6361/201936090

Department of Computer Systems

Context. Current archives of the LAMOST telescope contain millions of pipeline-processed spectra that have probably never been seen by human eyes. Most of the rare objects with interesting physical properties, however, can only be identified by visual analysis of their characteristic spectral features. A proper combination of interactive visualisation with modern machine learning techniques opens new ways to discover such objects. Aims. We apply active learning classification methods supported by deep convolutional neural networks to automatically identify complex emission-line shapes in multi-million spectra archives. Methods. We used the pool-based uncertainty sampling active learning method driven by a custom-designed deep convolutional neural network with 12 layers. The architecture of the network was inspired by VGGNet, AlexNet, and ZFNet, but it was adapted for operating on one-dimensional feature vectors. The unlabelled pool set is represented by 4.1 million spectra from the LAMOST data release 2 survey. The initial training of the network was performed on a labelled set of about 13 000 spectra obtained in the 400 Å wide region around Hα by the 2 m Perek telescope of the Ondˇrejov observatory, which mostly contains spectra of Be and related early-type stars. The differences between the Ondˇrejov intermediate-resolution and the LAMOST low-resolution spectrographs were compensated for by Gaussian blurring and wavelength conversion. Results. After several iterations, the network was able to successfully identify emission-line stars with an error smaller than 6.5%. Using the technology of the Virtual Observatory to visualise the results, we discovered 1 013 spectra of 948 new candidates of emission-line objects in addition to 664 spectra of 549 objects that are listed in SIMBAD and 2 644 spectra of 2 291 objects identified in an earlier paper of a Chinese group led by Wen Hou. The most interesting objects with unusual spectral properties are discussed in detail.

prof. Ing. Pavel Tvrdík, CSc.

Pierre Donat-Bouillud, Ph.D.

Department of Computer Systems

This thesis proposes a novel approach to web service fuzzing that utilizes the OpenAPI Specification. The proposed smart black-box generation-based fuzzer, named openapi-fuzzer, generates and minimizes random payloads to detect vulnerabilities in web services. It is able to minimize the bug-triggering payload to its canonical form. Thanks to this minimization, it is trivial to detect the root cause of an underlying bug. To evaluate its performance, openapi-fuzzer was tested on multiple relevant web services, including Kubernetes, Hashicorp Vault, and Gitea, where it identified several bugs. The results demonstrate that openapi-fuzzer outperforms other state-of-the-art web service fuzzers in terms of the number of bugs found and running time. Furthermore, openapi-fuzzer conducts a performance analysis to identify endpoints that are susceptible to Denial of Service attacks. By providing developers with detailed statistics, openapi-fuzzer helps them identify and fix performance issues in their web services.

Thesis on DSpace

doc. Ing. Ivan Šimeček, Ph.D.

Ing. Daniel Langr, Ph.D.

Department of Computer Systems

A new version of the parallel in-place Quicksort algorithm MPQsort for array sorting is presen- ted in this thesis, using OpenMP for parallelization. Current implementations use only one pivot for element partitioning. On the other hand, MPQsort implements parallel multi-way partitio- ning and so is the first algorithm of its kind. Sequential multi-way partitionings are discussed in the first part of the thesis, followed by parallel two-way partitioning. Based on the gathered information is designed and implemented parallel multi-way partitioning. Implementation was followed by an experimental evaluation of its efficiency and comparison with other implementati- ons. MPQsort achieves good results in experiments and among the other considered algorithms ranked second in terms of sorting randomly generated numbers. Conversely, it sometimes achieves the best results for other types of data arrangements.

Thesis on DSpace

Ing. Tomáš Kvasnička

Ing. Jan Fesl, Ph.D.

Department of Computer Systems

Nowadays, live streaming is gaining popularity and thus becoming a standard service that is integrated within social networks like Facebook, TikTok, and Twitch. However, current implementations of video transcoding services like Wowza, Flussonic, Elemental, or cloud solutions provided by eg. Amazon have either suboptimal end-to-end latency, are not optimized for scale, or are quite expensive. Moreover, most of these solutions are built on top of FFmpeg libraries, which are not easy to work with. Furthermore, they are written in C, do not provide any memory-safe guarantees, and often introduce new bugs due to new functionality added. This thesis aims to implement a parallel GPU accelerated video transcoding service, addressing some of these issues.

Thesis on DSpace

prof. Ing. Pavel Tvrdík, CSc.

doc. Ing. Daniel Novák, Ph.D.

Department of Computer Systems

This thesis aims to develop a Proof of Concept authentication system that verifies a user's identity by analyzing his/her behavior in a smartphone application. The system exploits data from a smartphone's sensors and touchscreen for behavioral authentication. The result is a fully functional behavioral authentication system with its functionality demonstrated in a simulated mobile banking application.

Thesis on DSpace

Ing. Jan Fesl, Ph.D.

Ing. Alexandru Moucha, Ph.D.

Department of Computer Systems

The main purpose of this study is to test the implementation of WPA3, the new security standard for wireless networks on MikroTik devices. It furthermore compares the effectivity of WPA3 with WPA2 standard which is more used nowadays. The thesis outlines the evolution of wireless security standards from WEP to WPA3. It contains a detailed description of the principles used by WPA3. The already known Denial of Service (DoS) attacks - Doppelganger, Muted Peer, PMK Gobbler and Memory Omnivore are discussed and examined thoroughly in this study, explaining their principles and impacts in great details. Additionaly it compares these attacks with the ones used on the current implementations of WPA3 for MikroTik devices. A new attack which uses the vulnerability in the fundamentals of the WPA3 standard is also described in the study. Both WPA2 and WPA3 standards are comparable, in terms of efficiency. However, it is shown that the tested implementations are not secure enough to be used in real-life environment. Furthemore the thesis proves that the SAE handshake as it is now, is not suitable for the use in shared networks. As a part of the study, each of attack scripts was updated and refactored to current standards. Along that a complex program allowing automatized testing of each attack on different versions of WPA3 implementations was created.

Thesis on DSpace

Ing. Josef Kokeš, Ph.D.

Ing. Jiří Dostál, Ph.D.

Department of Computer Systems

In early August 2022, a critical vulnerability identified as CVE-2022-37434 was discovered in the widely used Zlib compression library. The vulnerability is described as a heap buffer overflow. Some sources even argue that it could be exploited to execute arbitrary code. However, there is no available evidence confirming this claim. In this thesis, a detailed analysis of the vulnerability focusing on its exploitability to code execution is performed. The analysis is performed on the Ubuntu 22.04 LTS operating system with the glibc 2.35 memory manager and on Windows 10, version 22H2, with its default memory manager. The analysis results confirm that the vulnerability can indeed be exploited to code execution. In this thesis, it is described how it can be achieved. For demonstration purposes, virtual environments have been prepared.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Viktor Černý

Department of Computer Systems

This bachelor thesis deals with the security analysis of the ZigBee protocol and the IEEE 802.15.4 protocol on which the ZigBee protocol is built. It explains the basic functioning of both protocols and their security extensions and weaknesses in detail. It also discusses how to create a test network using the CC2652P coordinator, smart bulb, switch and Home Assistant application. The work results in an application that allows easy security analysis of devices and networks, which can be extended simply. The application is written in Python using the Scapy library. It uses the CC2531 coordinator to eavesdrop on communications. The proposed application is used to analyze the created test network whose security is evaluated in the work.

Thesis on DSpace

Ing. Josef Kokeš, Ph.D.

Ing. Jiří Buček, Ph.D.

Department of Computer Systems

This thesis takes a closer look at OpenSSL providers and how to implement them. The thesis goes through the process of implementing a provider that offloads certificate operations to other algorithm implementations then OpenSSL ones. The selected implementation of algorithms is the Windows Cryptography API: Next Generation. The final provider allows for TLS 1.3 connection using client certificate loaded from the system certificate store of operating system Windows.

Thesis on DSpace

Ing. Tomáš Vondra, Ph.D.

Ing. Jan Fesl, Ph.D.

Department of Computer Systems

This thesis explores the networking capabilities of Kubernetes. The aim of the thesis was to extend Kubernetes with the possibility of addressing and communicating with devices in private networks. Known solutions only provide communication using high-level protocols. The goal was to find a solution that would support communication using lower layer ISO/OSI protocols. This thesis presents the possibility of extending the kubernetes system with the mentioned functionalities of network communication. This method allows communication with devices in private networks using TCP and UDP protocols. The presented solution offers flexibility of use and does not present any limitation restricting standard use of Kubernetes. The solution is implemented using established standards for extending the system. The results of this work provide wider possibilities for the use of Kubernetes. With this extension, it is possible to make better use of Kubernetes in the areas of testing, smart cities and other areas working with devices in private networks.

Thesis on DSpace

Ing. Jiří Dostál, Ph.D.

Ing. Michal Šoch, Ph.D.

Department of Computer Systems

This bachelor's thesis deals with the design of GCSE project submissions system at the Secondary School of Electrical Engineering and Higher Vocational School Pardubice. The objective of the thesis is to implement a web application for the submission of GCSE projects considering the security and cryptographic verification of the work. Software engineering methods are used to analyze requirements and use cases. Furthermore, the design of the web application including a security model for non-repudiable submission of GCSE project files using trusted timestamping is developed. The previous analysis and design are followed by the implementation of the web application, which is resolved using a Single Page Application, written in React, on the frontend, interacting with REST API, using Laravel framework, on the backend. The result of this work is a fully working web application that allows a high school to effectively manage the GCSE projects of students.

Thesis on DSpace

Ing. Karel Hynek, Ph.D.

Ing. Jiří Dostál, Ph.D.

Department of Computer Systems

This bachelor thesis addresses cryptomining from the security perspective with an emphasis on abusive mining. It explores the possibilities of detection of cryptominers in high-speed computer networks using a flow-based monitoring approach. A setup for continuous traffic capture is proposed and used for creating datasets with real-world miners' traffic. Furthermore, a detection method is proposed, capable of operation on high-speed networks. The proposed solution was implemented as a group of NEMEA modules. Moreover, it was deployed and evaluated on the national network CESNET2 operated by CESNET.

Thesis on DSpace

Ing. Jiří Buček, Ph.D.

Ing. Filip Kodýtek, Ph.D.

Department of Computer Systems

This thesis analyzes the possibility of implementing a static random access memory (SRAM) physical unclonable function (PUF) on the ESP32 microcontroller. First, literature research on the topic of PUFs is provided with focus on SRAM PUFs. A discussion on which properties the SRAM PUFs possess is presented. Two power-control methods of SRAM memory on the ESP32 are proposed. An analysis of behavior of startup SRAM bit values depending on operating temperature and power-off time is conducted for both methods. Their suitability for the PUF implementation is discussed based on the experimental results. Then, an implementation of SRAM PUF with stable response reconstruction is presented. Two different bit preselection methods are tested and a simple repetition error correction code (ECC) is used to stabilize the responses. The presented PUF design combines the two power-control methods to achieve faster and more reliable response extraction. Reliability testing revealed that it is possible to reach 100 % success rate of response reconstruction across the temperature range of -40 to +70 °C. The responses can be used as cryptographic keys to secure the ESP32 platform. Finally, the proposed PUF design is implemented in an easy-to-use ESP32 library.

Thesis on DSpace

prof. Ing. Pavel Tvrdík, CSc.

Prof. Dr. Stefan Schmid
prof. Ing. Miroslav Vozňák, Ph.D.
doc. Ing. Zdeněk Bečvář, Ph.D.

Department of Computer Systems

Thesis on DSpace

Ing. Josef Kokeš, Ph.D.

Ing. Jakub Souček

Department of Computer Systems

VBScript is a desktop and web based scripting language that is often used by malicious software. Authors of such sofware often attempt to conceal its true functionality and prevent others from reading the source code by using obfuscations. This thesis focuses on analyzing these obfuscations, exploring ways of reverting them and implementing a tool to improve readability of obfuscated programs using both static and dynamic deobfuscation methods.

Thesis on DSpace

Mgr. Martin Jureček, Ph.D.

prof. Ing. Róbert Lórencz, CSc.

Department of Computer Systems

Machine learning methods have been quite successful in a variety of applications. Antivirus companies use them for quick and reliable malware detection, providing their users with a safer environment from ceaseless daily threats. However, machine learning methods such as deep neural networks are often considered black boxes as the reasoning behind their decisions may often be unclear. Their interpretability is important and helps understand potential errorful decisions. This thesis studies rule-learning algorithms and explores their potential to interpret the outcomes of machine learning algorithms. Two publicly available datasets with Portable Executable file attributes and tailor-made implementations of rule-learning algorithms were used throughout the work. Results showed that algorithm RIPPER is mostly successful at this task; it achieved high accuracies while maintaining compact sets of rules, making rule-learning algorithms a useful alternative to signature-based methods.

Thesis on DSpace

RNDr. Petr Olšák

Ing. Ondřej Guth, Ph.D.

Department of Computer Systems

This bachelor thesis concerns itself with the area of interactive features and multimedia in PDF files, especially in connection with TeX. Apart from the analysis and discussion of what PDF standard offers, or what is implemented by existing TeX packages, the focus was also practical--testing what really works in PDF viewers available today. It turns out, that PDF offers many interactive and multimedia possibilities. The support in PDF viewers is however strongly lacking. The exception is the de-facto reference viewer Acrobat and a viewer strongly influenced by it--Foxit. However, there are open-source viewers (Evince, Okular) whose use in some areas may be completely satisfactory. The gained knowledge was used to create a package for a new TeX format OpTeX. The package implements those interactive features and multimedia capabilities that have sense in the context of TeX and also work in practice. The package is publicly and freely available. In the area of multimedia, the resulting package offers the possibility to insert audio, video, and 3D art. In the area of interactive features, it for example complexly handles actions, trigger events, or transitions.

Thesis on DSpace

Ing. Ondřej Guth, Ph.D.

Ing. Jan Fesl, Ph.D.

Department of Computer Systems

This thesis deals with design of a trip planner in geospatial graphs, with a limitation of routes in cities. Route planner offers various means of transport. Multiple ways of transport are combined into one single trip when certain combinations are used. Route planning service is designed using principles of so called microservices. Access to the planning results is designed using REST API. Technologies Docker and Kubernetes will be used to deploy the route planner into distributed and scallable system in the second part of the thesis. While deploying the service in an distributed system an emphasis is taken on security of the whole architecture. Part of the thesis is dedicated to the application scalability. Importance is put on high availability of the application, both in usual day to day business and also while deploying route planner microservices.

Thesis on DSpace

Ing. Josef Kokeš, Ph.D.

doc. Ing. Tomáš Čejka, Ph.D.

Department of Computer Systems

The wireless network compromise presents a serious threat to traffic confidentiality, integrity, and authenticity. The globally widespread protocols already have a well established attack surface filled with various pitfalls, ranging from poor design decisions to critical programming errors. In this thesis, we focus on researching the recurring threats to provide a modern taxonomy overview and general protection guidelines. To demonstrate its functionality, we constructed a portable device capable of a fully automated Evil Twin kill chain execution along with the contemporary Wi-Fi auditing toolkit options.

Thesis on DSpace