Ondrej Rysavý

Learn More
Network designers perform challenging tasks with so many configuration options that it is often hard or even impossible for a human to predict all potentially dangerous situations. In this paper, we introduce a formal method approach for verification of security constraints on networks with dynamic routing protocols in use. A unifying model based on(More)
Cisco's EIGRP is a hybrid routing protocol between distance vector and link-state routing protocols. EIGRP offers routing based on composite metric, which takes into account multiple factors and allows more granular and precise routing decisions based on the current state of the network. Cisco released basic specification of EIGRP as IETF's RFC draft in the(More)
Formal verification and validation techniques such as model checking are not widely used in computer networks. These methods are very useful to identify configuration errors, identify design problems and predict network behaviours under different network conditions. This paper describes the two main components of the formal verification process, formal(More)
Recursive InterNetwork Architecture is a cleanslate approach to how to deal with the current issues of the Internet based on the traditional TCP/IP networking stack. Instead of using a fixed number of layers with dedicated functionality, RINA proposes a single generic layer with programmable functionality that may be recursively stacked. We introduce a(More)
Modern computer networks are complex and their topology can dynamically change when links go down. It is difficult to predict behaviour of a large network with dynamic routing protocols. To automatically prove survivability and reliability of an end-to-end connection, formal analysis combined with simulation can be exploited. In this paper, an approach(More)
Modern SCADA networks are connected to both the companys enterprise network and the Internet. Because these industrial systems often control critical processes the cyber-security requirements become a priority for their design. This paper deals with the network security in SCADA environment implemented by firewall devices. We proposed a method for(More)
The present thesis introduces and studies a type theoretic system equipped with the type constructor of a simple form of objects and justifies the development by showing a capability of the system for specification and refinement of functional programs. The invented interpretation of an object type requires rather a nontrivial extension of the underlaying(More)
This paper deals with identification of operating systems (OSs) from the Internet traffic. Every packet injected on the network carries a specific information in its packet header that reflects the initial settings of a host's operating system. The set of such features forms a fingerprint. The OS fingerprint usually includes an initial TTL time, a TCP(More)