[ The Types Forum (announcements only),
http://lists.seas.upenn.edu/mailman/listinfo/types-announce ]
Dear colleague,
We are seeking candidates for a PhD position at University of Luxembourg in the
SaToSS (Software and Trust of Software Systems) group led by Prof Sjouke Mauw
in the area of formal methods for security.
Please see here the description and link for applications marked "PhD
Studentship 2":
https://urldefense.com/v3/__https://satoss.uni.lu/vacancies/__;!!IBzWLUs!Futnb8Jjzm96LK-vbEV0JyHeQtfiGg7ZUETdLZaBcfqlEt9zz-v22_-bTUCdhSQ3nhUdqup-VUGsAQ$
We encourage applicants with a background in types systems, logic, formal
methods, as well as those enthusiastic about security and privacy.
Informal enquiries may be directed to the email addresses below, but the
application must be online via the following link.
https://urldefense.com/v3/__https://recruitment.uni.lu/en/details.html?id=QMUFK026203F3VBQB7V7VV4S8&nPostingID=67638&nPostingTargetID=97599&mask=karriereseiten&lg=UK__;!!IBzWLUs!Futnb8Jjzm96LK-vbEV0JyHeQtfiGg7ZUETdLZaBcfqlEt9zz-v22_-bTUCdhSQ3nhUdquqRO-4OGA$
The candidate's letter of motivation, must be relevant to research in the
SaToSS group: (See:
https://urldefense.com/v3/__https://satoss.uni.lu/publications/__;!!IBzWLUs!Futnb8Jjzm96LK-vbEV0JyHeQtfiGg7ZUETdLZaBcfqlEt9zz-v22_-bTUCdhSQ3nhUdqupladCUvA$
). The topic described is a suggestion.
Yours sincerely,
Prof. Sjouke Mauw [email protected]
Dr. Ross Horne [email protected]
Dr. Xihui Chen [email protected]
========Description of PhD position=====================
The University of Luxembourg invites applications to the following vacancy in
the Department of Computer Science
(https://urldefense.com/v3/__http://dcs.uni.lu__;!!IBzWLUs!Futnb8Jjzm96LK-vbEV0JyHeQtfiGg7ZUETdLZaBcfqlEt9zz-v22_-bTUCdhSQ3nhUdquokOp9noA$
) within its Faculty of Science, Technology and Medicine:
https://urldefense.com/v3/__https://satoss.uni.lu/vacancies/__;!!IBzWLUs!Futnb8Jjzm96LK-vbEV0JyHeQtfiGg7ZUETdLZaBcfqlEt9zz-v22_-bTUCdhSQ3nhUdqup-VUGsAQ$
Doctoral candidate (PhD student) in Computer Science (m/f)
• Initial 36 months fixed-term contract, renewable for up to 48 months
depending on thesis progress evaluation
• Full-time employment (40h/week)
• Student and employee status
• Start date: as soon as possible
• Topics in security, privacy and formal methods
Your Role
The candidate’s tasks include:
• Assistance with teaching classes in security
• Conducting research publishable in reputable international venues
• Writing of progress reports and presentations towards thesis
• Work constructively towards goals set by supervisors
The candidate should be prepared to engage in the project ``Semi-Controlled
Distributed Account Management’’ described below. The project is within the
Security and Trust of Software System (SaToSS) research group led by Prof
Sjouke Mauw.
Description of proposed PhD thesis topic:
The use of a password manager is a current best practice that many users and
organisations follow. Password managers facilitate the generation and
maintenance of unique, complex and random passwords and thus help prevent
account compromise due to weak or reused passwords. However, with the rising
number of apps, online accounts, smart devices and authentication methods, we
are facing many new threats that are not related to passwords. For example, we
must now also worry about misconfigured apps, third-party access permissions to
accounts, vulnerabilities of devices, and security incidents at service
providers.
Moreover, our apps, accounts, and devices are interconnected: An email app on a
smartphone provides access to the email account to anyone who can unlock the
smartphone. If, say, the smartphone user’s groceries account supports password
resetting by email, then the user’s groceries account, too, can be accessed by
anyone who can unlock the smartphone. There are many other such connections due
to multi-factor, single sign-on, and other authentication methods. We refer to
this collection of apps, devices, accounts, and authentication methods as an
account ecosystem.
The interconnected nature of items in an account ecosystem means that for any
security incident involving one item, there are potential ramifications for
every other item in an account ecosystem. In our user study of 20 young to
middle aged adults, they reported on average 43 items in their account
ecosystems that were in active use. The complexity of account ecosystems is
expected to further increase significantly with new services, such as Open
Banking, connecting our existing accounts with new third-party account
services, and new items, such as wearable devices, smart home appliances, car
infotainment systems connecting to our existing devices such as smartphones,
home routers, and introducing new apps and cloud services to control them.
Yet, there is no tool that helps managing our account ecosystems and no simple
way to assess the risks to the integrity and availability of items in our
account ecosystem. Indeed, it is precisely the lack of such a tool at the
larger scale of an organisation’s account ecosystem that leaves many
institutions blind to the possible attack paths that ransomware attacks have
exploited.
Objectives
In this proposed PhD thesis topic, we aim to develop the first account
ecosystem management and security analysis tool. To achieve this, we must solve
foundational research questions and develop efficient algorithms as outlined
below. The developed algorithms will be implemented into a fully functional
prototype.
Your Profile
The candidate must have a master degree and outstanding qualifications in
computer science, mathematics or a related discipline.
The candidate should have excellent spoken and written communication skills.
The candidate should be prepared to integrate into the SaToSS research group,
led by Prof. Sjouke Mauw, which maintains excellent communication between all
members.
We offer
• A large and dynamic research group with an exciting international environment
• Training in scientific and transferable skills; participation in schools,
conferences and workshops.
• The University of Luxembourg offers highly competitive salaries and is an
equal opportunity employer
Further Information
Applications —written in English— should be submitted online and include:
• Detailed curriculum vitae, including your contact address, work experience
and publications
• Letter of motivation. *This is essential and must clearly state how the
experience and interests of the candidate are related to the PhD topic
advertised. Generic applications that are not tailored to the group and topic
will not be considered*
• Degree certificates and transcript of all grades from university-level
courses taken
• Contact information for 2-3 referees
Deadline for application:
Early submission is highly encouraged as the applications are processed in
order of reception. Only formal applications via the link provided will be
considered.
https://urldefense.com/v3/__https://recruitment.uni.lu/en/details.html?id=QMUFK026203F3VBQB7V7VV4S8&nPostingID=67638&nPostingTargetID=97599&mask=karriereseiten&lg=UK__;!!IBzWLUs!Futnb8Jjzm96LK-vbEV0JyHeQtfiGg7ZUETdLZaBcfqlEt9zz-v22_-bTUCdhSQ3nhUdquqRO-4OGA$
However, we encourage applicants to contact members research group with
questions about possible research topics.
