tex: add solution.tex
This commit is contained in:
parent
7b0fec1c4f
commit
7cb1456ef4
SSH Key Fingerprint:
SHA256:Dp8+iwKHSlrMEHzE3bJnPng70I7LEsa3IJXRH/U+idQ
195
solution.tex
195
solution.tex
@ -1 +1,196 @@
|
||||
\section{Overview}
|
||||
|
||||
\begin{table}[h]
|
||||
\begin{center}
|
||||
\begin{tabular}{l|l}
|
||||
\textbf{Thesis title} & Password Compromise Monitoring Tool\\
|
||||
\textbf{Thesis title CZ} & Nástroj pro monitoring kompromitace hesel\\
|
||||
\textbf{Supervisor} & Ing. David Malaník, Ph.D.\\
|
||||
\end{tabular}
|
||||
\caption{Overview}
|
||||
\label{tab:overview}
|
||||
\end{center}
|
||||
\end{table}
|
||||
|
||||
\subsection{Thesis guidelines}
|
||||
\begin{enumerate}
|
||||
\item Specifikujte požadavky na systém s ohledem na jeho zabezpečení.
|
||||
\item Vyberte vhodné zdroje dat pro ověření kompromitace hesel.
|
||||
\item Navrhněte systém pro online správu vlastní databáze kompromitovaných loginů.
|
||||
\item Navržený systém implementujte v testovacím prostředí a ověřte jeho funkčnost.
|
||||
\item Ověřte izolaci uživatelských účtů Vašeho systému. Popište bezpečnostní mechanismy, keré ji zajišťují.
|
||||
\end{enumerate}
|
||||
|
||||
\newpage
|
||||
\section{Thesis outline}
|
||||
|
||||
% set up list numbering with roman numerals.
|
||||
\renewcommand{\labelenumi}{\arabic{enumi}.}
|
||||
\renewcommand{\labelenumii}{\arabic{enumi}.\arabic{enumii}}
|
||||
\renewcommand{\labelenumiii}{\arabic{enumi}.\arabic{enumii}.\arabic{enumiii}}
|
||||
|
||||
\textbf{Introduction}\\
|
||||
\textbf{Theoretical part}
|
||||
\begin{enumerate}[\itemsep=0em]
|
||||
\item Purpose
|
||||
|
||||
\item Terms introduction
|
||||
|
||||
\item Cryptography primer
|
||||
\begin{enumerate}[\itemsep=0em]
|
||||
\item Hash functions
|
||||
\begin{enumerate}[\itemsep=0em]
|
||||
\item Uses and \textit{mis}uses
|
||||
\item Threats to hashes
|
||||
\end{enumerate}
|
||||
\end{enumerate}
|
||||
\begin{enumerate}[\itemsep=0em]
|
||||
\item Encryption
|
||||
\begin{enumerate}[\itemsep=0em]
|
||||
\item The key exchange problem
|
||||
\item The key protection problem
|
||||
\end{enumerate}
|
||||
\end{enumerate}
|
||||
|
||||
\item Brief passwords history
|
||||
\begin{enumerate}[\itemsep=0em]
|
||||
\item Purpose over time
|
||||
\item What is considered a password
|
||||
\item Problems with passwords
|
||||
\begin{enumerate}[\itemsep=0em]
|
||||
\item Arbitrary length requirements (min/max)
|
||||
\item Arbitrary complexity requirements
|
||||
\item Restricting special characters
|
||||
\end{enumerate}
|
||||
\end{enumerate}
|
||||
|
||||
\item Password strength validation
|
||||
|
||||
\item Web security
|
||||
\begin{enumerate}[\itemsep=0em]
|
||||
\item Browsers
|
||||
\item Cross-site scripting
|
||||
\item Content Security Policy
|
||||
\end{enumerate}
|
||||
|
||||
\item Sandboxing
|
||||
\begin{enumerate}[\itemsep=0em]
|
||||
\item User isolation
|
||||
\item Process isolation
|
||||
\item Namespaced isolation
|
||||
\end{enumerate}
|
||||
|
||||
\item Data storage
|
||||
\begin{enumerate}[\itemsep=0em]
|
||||
\item Integrity
|
||||
\item Authenticity
|
||||
\item Confidentiality
|
||||
\item Encryption-at-rest
|
||||
\end{enumerate}
|
||||
|
||||
\item Compromise checking and prevention
|
||||
\begin{enumerate}[\itemsep=0em]
|
||||
\item HIBP and similar tools
|
||||
\item OWASP Top 10 for the implementers
|
||||
\item Password best practices
|
||||
\end{enumerate}
|
||||
\end{enumerate}
|
||||
\\
|
||||
\textbf{Practical part}
|
||||
|
||||
\begin{enumerate}[\itemsep=0em]
|
||||
\setcounter{enumi}{9}
|
||||
|
||||
\item Toolchain
|
||||
\begin{enumerate}[\itemsep=0em]
|
||||
\item Development
|
||||
\begin{enumerate}[\itemsep=0em]
|
||||
\item A word about \href{https://builtwithnix.org/}{Nix}
|
||||
\end{enumerate}
|
||||
\item Production
|
||||
\end{enumerate}
|
||||
|
||||
\item Application architecture
|
||||
\begin{enumerate}[\itemsep=0em]
|
||||
\item Data integrity
|
||||
\item Data authenticity
|
||||
\item Data confidentiality
|
||||
\item Connection security
|
||||
\item User isolation
|
||||
\end{enumerate}
|
||||
|
||||
\item Implementation
|
||||
\begin{enumerate}[\itemsep=0em]
|
||||
\item Compromise checking
|
||||
\begin{enumerate}[\itemsep=0em]
|
||||
\item Have I Been Pwned? Integration
|
||||
\item Local Dataset Plugin
|
||||
\end{enumerate}
|
||||
\item Best practices
|
||||
\item Database configuration
|
||||
\item Deployment recommendations
|
||||
\end{enumerate}
|
||||
|
||||
\item Validation
|
||||
\begin{enumerate}[\itemsep=0em]
|
||||
\item Unit tests
|
||||
\item Integration tests
|
||||
\item Click-ops
|
||||
\end{enumerate}
|
||||
\end{enumerate}
|
||||
\textbf{Conclusion}
|
||||
|
||||
\newpage
|
||||
\section{Theoretical part status}
|
||||
Chapters started include: 3.1.1, 4.3.3, 6, 6.1, 7.1, 7.2, 7.3, 8.\\
|
||||
Pages written in total amount to less than 5 (@\today).\\
|
||||
Given how much I've written so far. I have not cited any resources.
|
||||
|
||||
\newpage
|
||||
\section{Practical part status}
|
||||
Chapters started include: 12.1, 12.2, 12.3., 12.4.\\
|
||||
|
||||
The application is going to a be monolithic (no microservices planned),
|
||||
statically linked (ideally), self-contained \href{https://go.dev/}{Go} program
|
||||
serving generated HTML using a combination of the SSR-first
|
||||
\href{https://github.com/kyoto-framework/kyoto}{Kyoto} framework and Go's
|
||||
native templating support. The exposed REST API will enable potentially
|
||||
plugging in alternative clients (such as CLI or mobile ones) in the future.
|
||||
The fitness of a GraphQL API is also going to be explored.
|
||||
|
||||
Client-side JS might be added, should building a particular component of the
|
||||
application be hardly feasible without it, although I'd love to get by without
|
||||
it, if at all possible.
|
||||
|
||||
On the backend the application is going to talk to a
|
||||
\href{https://www.postgresql.org/}{PostgreSQL} database for raw data
|
||||
and to \href{https://immudb.io/}{immudb} for verification of data integrity
|
||||
(append only mode immudb-side). Data is going to be stored encrypted at rest
|
||||
and is only going to be ever decrypted momentarily in memory.
|
||||
\\
|
||||
|
||||
It's very likely that I will use the Go \textit{standard library} for the vast
|
||||
majority of my coding needs (apart from my original code, of course), with the
|
||||
exception of database connectors and hash algorithms (such as Argon2 or
|
||||
Blake3), for which third-party libraries will most probably be utilised, and of
|
||||
course the \textit{Kyoto} framework itself.
|
||||
|
||||
Background tasks within the application (such as periodic checks) will be
|
||||
spawned using Go's native lightweight \textit{"threads"} - \textbf{Goroutines}.
|
||||
\\
|
||||
|
||||
Development environment will be brought up with the help of
|
||||
\href{https://builtwithnix.org/}{Nix} (specifically \texit{flakes}), which can
|
||||
then equally be used in CI and production, although alternative, containerised
|
||||
approach will also be evaluated for production (Kubernetes).
|
||||
The two, however, are not at all contradictory, Nix, for example, could be used
|
||||
to generate the container images (OCI) reproducibly (not just repeatably) in
|
||||
the exact same environment every single time.
|
||||
\\
|
||||
|
||||
So far I have only created the project's
|
||||
\href{https://git.dotya.ml/mirre-mt/pcmt}{home}, I have not written any code
|
||||
though (as of \today).
|
||||
|
||||
\newpage
|
||||
\section{Statement of the supervisor}
|
||||
|
||||
Reference in New Issue
Block a user