Governance activities form the backbone of the network, supporting community activities that range from roadmap design to Request for Challenges, from monthly SPARTA Workshops to bi-yearly SPARTA Days. Research programs are continuously spun from strands of the roadmap, led by experts of their fields, and aim at generating concrete and transformative results.
News & Events
pz → Python instead of Bash
7th May 2021author: Edvard Rejthar
translation: Petra Raszková
I would like to present you the pz utility as pythonize, intended for a command line user with knowledge of Python. Current Linux distributions have many efficient tools for input processing at their disposal. But have you ever wished that you could use Python syntax instead?
Do you often browse through the manual, and trying to find out how do those switches for formatting behave? Do you find the Bash source code difficult to read? Then, this article is meant for you.
You will learn how to write a simple program and how the program is evaluated, which variables are available. You will find out a few words about auto-import, switches and also some examples of use.
The command line is an outstanding user interface which is characterized by stunning global (if not) enthusiasm, then range. It is possible to connect to the terminal almost on the last washing machine. Some users are afraid of using of the command line, however so...
A First Look at Android Applications in Google Play related to Covid-19
29th Apr 2021The APKcovid work aims at evaluating the security and efficiency of covid tracing applications, to ensure that these applications limit themselves to the purpose of contact tracing and do not intrude into user privacy by accessing unnecessary information available in the smartphone.
Paper available at: https://arxiv.org/abs/2006.11002
To appear in Springer Empirical Software Engineering, 2021
VACSINE - Security remediation at the Edge
25th Apr 2021Vacsine provides a lightweight security orchestration, automation and response tool to deploy on the fly security policies to respond to changing operating conditions and active threats.
APProver tool: providing a security evaluation of apps
22nd Apr 2021The APProver tool aims at providing a security evaluation of apps embedded in smartphones, to verify compliance with security policies and do not include malware.
SPARTA CAPE tool: detecting and mitigating side-channel vulnerabilities
18th Apr 2021This SPARTA tool, developed within CAPE program, aims at detecting and mitigating side-channel vulnerabilities, attacks that have significantly risen with the publication of SPECTRE or MELTDOWN, and are particularly difficult to handle.
Evaluating the security of the open-source software supply chain
12th Apr 2021This flyer presents a series of tools aiming at evaluating the security of the open-source software supply chain. More specifically, we provide tools to evaluate the consequences of vulnerabilities in open source libraries on the applications that use them
Curricula Designer: a tool that connects education providers with cybersecurity job market
7th Apr 2021The SPARTA Cybersecurity Training and Awareness team launched the Curricula Designer, a tool that connects education providers with cybersecurity job market.
What it does?
The Curricula Designer is a simple free web-based application that helps education and training providers to design cybersecurity curricula that reflect needs of current job market. By the ability to precisely select the content of courses and see the impact of training components on gained competence, curricula administrators may tailor the study programs according to specific strengths of particular training providers and target specific graduate profiles. The tool may be used to either design new curricula or analyze existing curricula and thus evaluate how the study programs meet the requirements of particular cybersecurity work role profiles.
How it works?
After the specification of courses in the left section and their composition into curricula in the middle section, the users may see an analysis of the...
Securing the connected vehicle: attacks and defenses against platooning vehicles
5th Apr 2021This demonstration showcases how SPARTA can certify blocking classes of attacks in connected cars.
Hunting for a malicious code among add-ons (article)
31st Mar 2021Author: Edvard Rejthar
Translation: Petra Raszková
Original (CZ) version available at: https://blog.nic.cz/2020/11/19/hledani-skodliveho-kodu-mezi-doplnky/
How to catch a malicious add-on with “its” trousers down?
I identified the computer´s non-standard behavior, so I looked at add-ons to find out its source, and I came across the innocent-looking source code which lines are responsible for this behaviour. Here is a jotting from a malware hunt. A few days ago, I noticed that a certain site had joined my domain huffily.mydiaconal.com. Odd-looking name. What´s all this about?
Well, I know that malware authors use generator to originate randomly domain names in order to resemble already existing words. I tried to connect to the domain, with no response. Either I would almost say the domain is defuct or just a mistake made by some developer, but it could also be a covered manoeuvre. Regardless the domain was not responding, it was certainly receiving information. I checked the si...