List of Theses Defences in the Year 2010

RNDr. Tomáš Ludík

Title: Workflow Reference Model for Emergency Management in Czech Republic
Supervisor: doc. Ing. Jiří Sochor, CSc., FI MU
Opponents: prof. Ing. Václav Řepa, CSc., FIS VŠE v Praze
prof. Ing. Gustav Šafr, DrSc., PřF MU
Date of the defence: 27th May 2010

Summary of the thesis:

The aim of the dissertation thesis is to apply the ideas of process management to the area of emergency management as well as to refer to the global advantages acquired by integrating these approaches. Furthermore, a workflow reference model for emergency management in the Czech Republic will be created. This idea is based on the analysis of the current situation when there is no unified process methodology applied for the emergency management but process approach is adapted individually according to the needs of different research teams. Subsequently, the components of the workflow reference model will be described in detail from the standpoint of the Build Time and Run Time. The specific properties and significance of the individual components will be shown in the context of crisis management. Building up this architecture, special focus was put on using the standards. Another important aim of the thesis is to verify if the created process methodology (Build Time) and also the process architecture (Run Time) are applicable on the emergency management in the Czech Republic. For this reason, the thesis will include a prototype that uses the process methodology to create process diagrams based on real crisis scenarios in the Czech Republic. These created process models will be deployed in the global process architecture. The components, interfaces and other building artefacts or tools used will also be described.
The thesis was defended.

Mgr. Michal Procházka

Title: Towards User Centric Identity Federations
Supervisor: prof. RNDr. Luděk Matyska, CSc., FI MU
Opponents: doc. Ing. Jaroslav Dočkal, CSc., Univerzita obrany
doc. RNDr. Václav Matyáš, M.Sc., Ph.D., FI MU
Date of the defence: 27th May 2010

Summary of the thesis:

Teze disertační práce se věnují problematice federací identit. Federace identit představují nový přístup v předávání autentizačních a autorizačních informací uživatelů ke službám. Federace se skládají z poskytovatelů služeb a poskytovatelů identit, kteří si navzájem věří. Poskytovatele služeb vyžadují identifikace uživatele, zatím co poskytovatelé identit jsou schopni své uživatele ověřit a navíc poskytnout o uživateli doplňkové údaje. Součástí procedury přihlášení uživatele k poskytovateli služeb je ověření u poskytovatele identit, proto uživatel není nucen udržovat seznam přihlašovacích údajů ke každé službě zvlášť, ale využívá existující přihlašovací údaje, které má ustaveny s informačním systémem své domácí organizace (poskytovatel identit). Poskytovatel identit k potvrzení o úspěšném ověření uživatele může přidat doplňující informace o něm, např. jméno a email, tyto údaje pak poskytovatel služeb využívá k autorizačnímu rozhodnutí. Současné implementace využívají různý přístup ke konceptu federací. V práci popisuji nejvýznamnější z nich a identifikuji jejich problémy. Mezi nejvýznamnější problémy patří minimální schopnost uživatele ovlivňovat data, která o něm poskytovatel identity vydává poskytovateli služby, dále nemožnost kombinovat data od různých poskytovatelů identit, poslední problém spočívá v omezené škálovatelnosti současných řešení. Abychom mohli tyto problémy vyřešit a zároveň zachovat původní vlastnosti konceptu federací je nutné tento koncept upravit. V tezích navrhuji model uživatelem řízené federace identit. Na základě navrženého modelu v práci popisuji systém, který řeší výše zmíněné problémy a přidává další funkcionalitu. Nezbytnou součástí navrženého systému je také síť důvěry, která poskytuje všem entitám v uživatelem řízené federaci možnost získat informace o ostatních entitách a na základě těchto informací vyhodnotit úroveň důvěry entity. Cílem práce je formálně specifikovat a verifikovat navržený model uživatelem řízené federace identit. Dále přesně specifikovat navržený systém, dle modelu a vytvořit jeho prototyp. Podcílem práce bude vytvoření prototypu sítě důvěry a návrh algoritmu pro výpočet reputace využívaný k výpočtu úrovně důvěry.
The thesis was defended.

Mgr. Jaroslav Škrabálek

Title: Integrated Approach in Management of Modern Web-based Services
Supervisor: doc. RNDr. Tomáš Pitner, Ph.D., FI MU
Opponents: doc. Ing. Branislav Lacko, CSc., FSI VUT v Brně
prof. Dr. Renate Motschnig, FCS - University of Vienna
Date of the defence: 27th May 2010

Summary of the thesis:

The Dissertation Thesis Topic summarize my research achievements in the field of modern web-based services (also known as a Web 2.0) and the management of IT related projects. Experience from the teaching transversal competencies together with managerial skills, and their impact in IT project management are reflected in this work as well. I describe differences of software product creation between classical (desktop) environment and web environment. I discuss features of successful Web 2.0 application such as efficiency, performance and often neglected business model which has to be very sophisticated especially on the Internet in a global point of view. Many prospective software applications did not succeed on market because of failure to do properly this important part of software development. Therefore in my work I want to lay out necessaries application spheres that must be considered - from classical subjects like technology, security, architecture, analysis and design, etc., also areas specific for Web 2.0 - for what segment of market I will offer the web-based service, which users will be willing to pay for using the service and why, monetization, possibly revenue streams, network effects, or Long Tail. I focus on modern educational methods and present the current research in Person-Centered Learning (PCL) result from Person-Centered Approach (PCA). My involvement in several projects both of national and European character is also mentioned.
The thesis was defended.

Mgr. Jiří Kůr

Title: Privacy preserving protocols for wireless sensor networks
Supervisor: doc. RNDr. Václav Matyáš, M.Sc., Ph.D., FI MU
Opponents: prof. Javier Lopez, University of Malaga, Spain
dr. Joss Wright, University of Oxford, UK
Date of the defence: 25th May 2010

Summary of the thesis:

A wireless sensor network (WSN) is a heterogenous network composed of a large number of tiny low-cost devices, denoted as nodes, and one or few general-purpose computing devices referred to as base stations. Nodes are equipped with a communication unit, processing unit, battery and sensor(s). Nodes are constrained in processing power and energy, whereas the base stations have laptop capabilities and not severely energy resources. WSNs are becoming one of the building blocks of pervasive computing. They provide a simple, and in the near future also quite likely cheap, mechanism for area and entity monitoring.
One of the dark sides of the WSN technology is that an inappropriate use can significantly violate privacy of humans. WSNs are frequently deployed to collect sensitive information. Typical example is a WSN monitoring movements in a building or traffic in a city. Such a network can be used to determine location of people or vehicles. If this information is available on a wide basis it can easily lead to blackmailing or stalking. It can be also exploited by terrorists as a targeting tool to impact specific people or buildings. We feel that lot of effort has been put into ensuring traditional network security properties for WSNs, namely availability and confidentiality, and less attention was paid to privacy measures. Therefore in our future research we aim to propose novel privacy preserving protocols for wireless sensor networks.
Since this area is broad, we have proposed four scenarios for WSN applications to set our future work in a rather concrete context for our planned evaluations of proposed protocols (and their settings). These are all scenarios where privacy is of a primary concern. In these scenarios, network behavior changes based on a triggering event or observation of such event. The examples of such trigger range from a detection of an adversary within the network, through a pre-set time, up to a decision made by the network operator. Thus the networks in these scenarios utilize two or more modes of operation. Each mode is intended for a different purpose and at least one of these modes is a privacy-preserving one. Hence the problem is that an adversary can exploit information inferred from a network in one mode to attack the same network in the privacy-preserving mode. Our objective is to examine existing and most likely to propose novel privacy preserving protocols suitable for proposed scenarios and supporting secure and efficient ways to enter and leave the privacy-preserving mode.
The thesis was defended.

Mgr. Jan Vykopal

Title: Flow-based Intrusion Detection in Large and High-Speed Networks
Supervisor: doc. RNDr. Václav Račanský, CSc., FI MU
Opponents: doc. RNDr. Václav Matyáš, M.Sc., Ph.D., FI MU
pplk. Ing. Josef Kaderka, Ph.D., Univerzita obrany
Date of the defence: 25th May 2010

Summary of the thesis:

Traditional network intrusion detection systems (NIDS) inspect packet payload for known signatures of attacks. This approach suffers from the following limitations: (i) it is not feasible in high-speed (multigigabit) networks, (ii) a high rate of false positives that overwhelm security operators and (iii) an inability to process encrypted traffic. In contrast, flow-based intrusion detection (network behaviour analysis) relies on information and statistics of network flows (NetFlow data). Network flows provides an aggregated view of network traffic, which significantly reduces the amount of data that need to be processed by detection methods.
A flow acquisition and storage, two essential parts of flow-based intrusion detection, are satisfactorily addressed by various researches. But a flow data analysis is still in the early phase. Hence, the thesis will be focused on design and prototyping new methods of flow-based intrusion detection, especially on a dictionary attack detection in large and high-speed networks. Dictionary attacks against weak passwords is a serious security threat that is often omitted by vendors and developers of many existing applications. At present, a typical detection and prevention of this kind of attack is done in the login process of the given application, if at all. Although network-based detection is capable to capture even distributed attacks, we are not aware of any network-based detection mechanism that addresses this type of attack. Next, we will adapt some existing algorithms of NIDS that process whole packets to the flow-based approach. As a result, these methods will be able to process traffic in high-speed networks without any loss. We will also study correlation with other detection methods and data sources about ongoing attacks. It appears as a promising way to lower false positives of various detection methods.
The thesis was defended.

Mgr. Petra Budíková

Title: Improving Quality of Content-Based Image Retrieval
Supervisor: prof. Ing. Pavel Zezula, CSc., FI MU
Opponents: Dr. Giuseppe Amato, ISTI CNR Pisa, Italy
doc. RNDr. Tomáš Skopal, Ph.D., MFF UK v Praze
Date of the defence: 24th May 2010

Summary of the thesis:

The content-based information retrieval (CBIR) is a novel and rapidly developing method of searching in complex data, such as images, sounds or video. The image search is the most popular application of this approach. The images are described by their visual properties, such as color, shape, etc. The similarity of two images then can be evaluated using these features. The aim of the content-based retrieval is to find objects most similar to an example provided by user.
The generally recognized weakness of the CBIR systems is the inconsistence between the low-level features that are extracted from an image and the human understanding of similarity, which takes into account the semantics of the image. A number of techniques have been proposed to overcome this problem. However, many of them are based on machine learning and categorization and can only be used for small specific application domains, such as medical images. In the thesis, we study the approaches that can be used in large-scale searching over general image collections, such as photos from a web gallery. These strategies are based on interactive communication with user and iterative result refinement. To allow more precise specification of users’ information need, it is necessary to extend the basic query-by-example paradigm.
Based on the study of the current state, we recognize the need for efficient algorithms that would allow fast evaluation of the advanced search options, such as the multi-object queries, user-defined similarity measures, postprocessing options, etc. To ensure scalability, we propose algorithms that exploit parallel query processing in distributed environment. We also provide strategies for approximate query evaluation. In order to make it easier for users to use the extended search functionality, we are working on a similarity query language.
The thesis was defended.

Mgr. Daniel Kouřil

Title: On PKI Usability in Grids
Supervisor: prof. RNDr. Luděk Matyska, CSc., FI MU
Opponents: doc. Ing. Petr Hanáček, Dr., FIT VUT v Brně
doc. RNDr. Václav Matyáš, M.Sc., Ph.D., FI MU
Date of the defence: 24th May 2010

Summary of the thesis:

Lidé zpravidla dosáhnou svých cílů rychleji, pokud navzájem spolupracují s ostatními. Klíčovým problémem takové spolupráce je vytvoření virtuální skupiny spolupracovníků a jejich následná komunikace. Součásný výzkum také často vyžaduje přístup ke komplexním zařízením a je náročný na výpočetní, či úločnou kapacitu. Poskytovatelé těchto prostředků nechtějí poskytovat přístup libovolnému uživateli, ale vyžadují kontrolu nad poskytnutými účty. Projekty a skupiny uživatelů také často vyžadují zabezpečení své vnitřní komunikace tak, aby nedocházelo k úniku citlivých dat nebo jejich poškození.
Dosažení požadované úrovně zabezpečení je relativně snadné v uzavřeném prostředí, které spojuje pouze několik málo uživatelů, kteří se už navíc navzájem znají. Nicméně pokud se zaměříme na vyšší úrovně, je zřejmé, že zajištění bezpečnostních požadavků je obtížnější v prostředí, do kterého jsou zapojeny stovky či tisíce uživatelů pocházejích z rozdílných institucí i států.
Řešení autentizace v takto rozsáhlém prostředí může nabídnout infrastrukura veřejných klíčů (PKI). Nicméně PKI není obecně dobře akceptována uživateli a je obtížně ji provozovat opravdu bezpečným způsobem. Ve svých tezích uvádím několik příkladů o nasazení PKI i tom, kde selhala. Na základě svých předchozích výsledků shrnuji problémy současné PKI a přístupy, které vedou k řešení těchto problémů. Cílem mé práce je přispět k zvýšení bezpečnosti systémů založených na PKI.
The thesis was defended.

Mgr. Jiří Slabý

Title: Automatic Bug-finding Techniques for Linux Kernel
Supervisor: prof. RNDr. Antonín Kučera, Ph.D., FI MU
Opponents: RNDr.Vojtěch Řehák, Ph.D., FI MU
RNDr. Jan Strejček, Ph.D., FI MU
Date of the defence: 24th May 2010

Summary of the thesis:

The aim of the thesis is to investigate possibilities of static analysis run on the Linux Kernel to find errors. As the thesis will be done in the Computer Systems and Technologies programme, its output will be a complete and automatic tool implementing code processing, pattern matching, algorithms for static analysis, error reporting and false positives pruning techniques. Primarily, it will take into account Symbolic Execution as an instrument for more exact analysis. This and other techniques like comparing two consequent results of checking (from different versions) will be used to lower false positives rate as much as possible. In the end, the result must be usable by ordinary (not only kernel) programmers to check their code in a fully automated manner and hopefully before their product is released.
The tool will be complete, apart the tool itself, in a sense of having predefined configurations to demonstrate its power and a list of already found bugs in production systems.
It will be developed in cooperation with other students because of its wide area nature. Explicitly, Marek Trtík studies possibilities of faster Symbolic Execution algorithms. Other bachelor/master's student may participate to the tool as well to investigate e.g. machine learning of false positive patterns. Collaboration with Linux kernel programmers will be helpful in improving the tool, especially if some enterprise kernel vendors decide to use the tool internally.
The thesis was defended.

Mgr. Marek Trtík

Title: Fighting Path Explosion for Effective Bug-finding
Supervisor: prof. RNDr. Antonín Kučera, Ph.D., FI MU
Opponents: RNDr. Jiří Barnat, Ph.D., FI MU
Ing. RNDr. Barbora Bühnová, Ph.D., FI MU
Date of the defence: 24th May 2010

Summary of the thesis:

The thesis is aimed to a field of an automated bug-finding of sequential programs. Primarily path explosion problem will be investigated. The problem will be investigated from perspective, how to find feasible paths in program's model going through a given program location (like assertion). This approach investigates program's behaviour relative to a given program location, while remainder of the program is excluded. There are several challenges in this approach. (a) Pruning those paths (feasible and infeasible) of program's model, which do not go through given location. (b) Eliminating as many infeasible paths from remainder (e.g. from paths going through the given location) as possible. Especially loops and recursive calls are difficult sources of infeasible paths. (c) Preferring as short feasible computation going through given location as possible. The investigation should lead to concrete algorithms, which will be further implemented and examined in practice on benchmark programs and on selected parts of programs used in nowadays practice. The experimental results will be another outcome from the thesis. We will also investigate practical issues of symbolic execution. Especially problems, like symbolic storage referencing, the environment problem, and circumvent of SMT solvers' limitations, will be investigated. Concrete algorithms and their experimental results will be another outcome from the thesis.
The thesis was defended.

Mgr. Jana Tůmová

Title: Quantitative Linear-Time Model Checking
Supervisor: prof. RNDr. Ivana Černá, CSc., FI MU
Opponents: prof. RNDr. Luboš Brim, CSc., FI MU
Assoc. Prof. Calin A. Belta, Ph.D., Boston University
Date of the defence: 24th May 2010

Summary of the thesis:

Model checking is an advanced technique that help us to guarantee that a system meets given requirements. In general, it includes three steps: building a model of the system, formalizing the requirements, and finally examining all possible behaviors of the model to verify whether the model satisfies the requirements. In many cases, quantitative properties are an inseparable part of the system specification. The proposed PhD thesis will aim at quantitative model checking of systems with degradation, i.e. with an inherent quality that degrades in time. Currently, to our best knowledge, no appropriate formalisms to model such systems and specify their properties have been developed. Our goal is to design those, develop model checking algorithms and implement the whole solution in a publicly available prototype tool. A part of the work is also to investigate on usability of the designed techniques in probabilistic settings. To extend the usability of the techniques and the tool in system design process, we will study also problem of synthesis of a control strategy. Such strategy affects a given model of a system with degradation to satisfy a desired quantitative property.
The thesis was defended.

Mgr. Jan Kasprzak

Title: Systems for Discovering Similar Documents
Supervisor: doc. Ing. Michal Brandejs, CSc., FI MU
Opponents: doc. Ing. Karel Ježek, CSc., KIV ZČU v Plzni
doc. PhDr. Karel Pala, CSc., FI MU
Date of the defence: 15th January 2010

Summary of the thesis:

With the wider availability of the electronic texts in the recent years, it has also became easier to use work of other people without the appropriate citation. Fortunately, recent developments in the area of detecting document overlap (and in general, discovery of similar documents), can also make it easier to discover the plagiarized work. The algorithms for discovering similar documents have also other uses, especially in the area of full-text search engines: either for removing duplicate documents altogether, or for preventing a subset of important but similar documents to occupy the whole first page of the search results. This proposed Ph.D. thesis will evaluate the approaches for the discovery of similar documents, especially by detecting document overlap, and verify which of them are suitable for large sets of documents. It will also focus on aspects of practical implementation on a distributed cluster of standalone computers, and usage in a production environment of the Masaryk University Information System.
The thesis was defended.

Mgr. Zdeněk Vrbka

Title: Proposal of Testing Process for Service Systems
Supervisor: RNDr. Zdenko Staníček, Ph.D., FI MU
Opponents: doc. Ing. Branislav Lacko, CSc., FSI VUT v Brně
prof. Eric Dubois, Public Research Centre H. Tudor, Luxembourgh
Date of the defence: 15 January 2010

Summary of the thesis:

At present, there are many standards, methodologies and authorities and their recommendations for quality assurance and testing (for example RUP, ISO or ISTQB), but serious failures and issues still occur. Many of software failures are caused by non-systematic approach to software quality. However, lots of current failures and issues are not caused by defects in software, but by its improper use. Despite the fact that the code is more or less correct, there are other external factors causing the failure of process, which is supported by the software, such as the users or environment. Such improper use of hight-quality software can have the same or ever worse consequences than proper use of low quality software. Attempts at large-scale value co-creation (service) can fail catastrophically for many reasons. As the people, businesses, and nations of the world become more interconnected and interdependent (globally integrated), the ecology of interacting service systems and networks has become increasingly complex and difficult to manage. Therefore we believe that the goal of ICT is shifting. At present, ICT would not serve only to support the business processes but also to verify the complex service systems and constantly monitor their quality. The goal of the thesis is to propose the testing process for complex service systems. This testing process will enhance the current testing approaches and techniques, which are focused mainly on the software products or simple services (as defined by SOA), with the focus on the whole complex service system, and work with the value proposition, which is the key of every service. We will also compare proposed testing process with traditional testing approaches, propose the integration of current testing tools into service system testing process and suggest how could advanced ICT technologies, such as Knowledge and Information Robots technology, offer insight into network represented by complex service system. To achieve these goals, we are going to use the results in service science domain, which reveals new paradigm to understand how different entities colaborate to create the value. Such entity can be organization unit, human being, information or software. Further, we are going to build the service system testing process with respect to the software architecture evolution from structured and object-oriented design to the Service Oriented Architecture (SOA) and based on the experiences of application of traditional testing approaches, which are mainly based on software system development model, so called V-model. Finally, we are going to use current reseach results in service system quality management area, which focuses mainly on the so called gap between what the service provider planned to deliver and what the customer expected to receive. The thesis intent is to offer the advanced testing process, that would enable quality assurance managers and testing teams members to better evaluate the quality of complex service systems and thus assure higher quality of the service system. We believe, that this will at the same time increase customers confidence in verified service systems and allow the further development in the areas such as outsourcing or cloud computing, where the confidence of the customer in the service system is critical.
The thesis was defended.

Mgr. Marek Winkler

Title: Conceptual modeling for service-oriented systems
Supervisor: RNDr. Zdenko Staníček, Ph.D., FI MU
Opponents: prof. RNDr. Jarosla Král, DrSc., FI MU
prof. Michel Léonard, FSES - University of Geneva
Date of the defence: 15th January 2010

Summary of the thesis:

Recently, there has been a lot of excitement about services. Research and industry projects have been looking for more powerful, efficient and yet easy-to-use ways of designing, modeling, implementing and re-engineering service-oriented systems. There already are well elaborated approaches to service-oriented systems software engineering (e.g. SOA, IBM SOMA, SENSORIA project), however, they look at the described domain from different perspectives, each of them more or less appropriately in different aspects of development process of such kind of systems. The proposed thesis will interconnect the recently emerged field of service science with the established world of SOA and other service-oriented systems software engineering methods. Service science will be extended in the area of service systems modeling and analysis with tools and methods inspired by SOA and others, while software engineering will gain new concepts (such as already known Value Proposition, or newly proposed Service-Breakdown Structure and semantics-oriented Service Composition Algebra) and modeling perspectives. Expected results include ability of existing modeling methods to use (both in theory and practice) new kind of modeling perspective -- conceptual perspective -- allowing conceptual annotation of considered service system. These annotations will provide modeled services and service systems with semantic information usable for instance for service discovery in service brokering. The feasibility of constructing a semantics-oriented service algebra will be evaluated in the proposed work, eventually, an example of a basic service algebra would be provided. When used for instance in service brokering, such a service algebra would probably surpass the capabilities of purely ontology-oriented approaches, because of its greater information capability. The proposed methods and techniques will be validated against selected real system.
The thesis was defended.

Mgr. Milan Češka

Title: GPU Accelerated Enumerative Model Checking
Supervisor: prof. RNDr. Luboš Brim, CSc., FI MU
Opponents: Mgr. Petr Tobola, Ph.D., FI MU
doc. Ing. Tomáš Vojnar, Ph.D., FIT VUT v Brně
Date of the defence: 12th January 2010

Summary of the thesis:

Throughout the recent years, formal verification and validation became an important part of the design process of computer systems. Unfortunately, the gap between the complexity of systems built in practice and the complexity of systems the current formal verification tools can handle is still quite wide. Therefore, any technique accelerating verification process is mostly desired. A possible way to reduce the delay due to the formal verification process is to accelerate computation of verification tools using contemporary masivelly parallel hardware. It is the aim of the proposed PhD. thesis to design and implement new methods allowing for acceleration of model checking process by full utilization of modern massively parallel GPU architectures. This can help to integrate formal methods into development of computer systems in practise. In particular, this aim involves design of new and adaptation of existing parallel algorithms for state space generation, accepting cycle detection, and strongly connected components decomposition. It also involves development of suitable data structures allowing parallel processing. Further research will be devoted to finding new techniques for fighting the state explosion problem by employing massive parallelism. The designed methods will be implemented and experimentally evaluated. The achieved results will be incorporated to \divine model checking framework.
The thesis was defended.

Mgr. Robert Ganian

Title: Parametrized algorithms on Width Parameters of Graphs
Supervisor: doc. RNDr. Petr Hliněný, Ph.D., FI MU
Opponents: Mgr. Jan Obdržálek, Ph.D., FI MU
prof. Peter Rosmanith, RWTH, Aachen, Germany
Date of the defence: 12th January 2010

Summary of the thesis:

The design of graph algorithms is an integral part of computer science research for practical as well as theoretical reasons. Unfortunately, most of the interesting problems in this field have been proved to be NP-complete in general. One very effective way of dealing with this obstacle is to design parameterized algorithms utilizing certain structural parameters (often called width parameters) of graphs. Research in this field was initiated by the introduction of tree-width as a powerful parameter capable of solving many NP-hard problems in polynomial time. However tree-width is also fairly restrictive and a lot of focus has shifted towards developing algorithms on more general graph parameters. The aim of the thesis is the study of structural graph parameters and parameterized algorithms utilizing these parameters.
The thesis was defended.