[TYPES/announce] Post-doc position at Chalmers University of Technology

[Alejandro Russo]

[ The Types Forum (announcements only),
 http://lists.seas.upenn.edu/mailman/listinfo/types-announce ]

-
Post-doc position in using Functional Languages for Secure Programming of IoT
devices at Chalmers University of Technology, Sweden
-

Chalmers University of Technology is hiring:

Post-doc position (2 years)

* Important dates:

  Dec 19th - Deadline
  January 24 - 29 - Tentative week for interviews (via Zoom or similar tool)

  Chalmers is aiming to actively increase our gender balance. The CSE department
  is working broadly with the GENIE Initiative on gender equality for
  excellence. Candidates from minority groups are especially encouraged to 
apply!

* Expected starting date: preferably March 2021.

For details, including employment conditions and how to apply, see:

https://www.chalmers.se/en/about-chalmers/Working-at-Chalmers/Vacancies/Pages/default.aspx?rmpage=job=8918

-
Detailed description:
-

The position is within the recently project Octopi: Secure Programming for the
Internet of Things (IoT). Octopi is dedicated to contributing and further 
research
on (i) utilizing high-level languages to program constraint devices, (ii)
finding suitable programming models for IoT, and (iii) developing security
mechanisms to obtain system-wide guarantees. The programming language of the
project is Haskell (https://www.haskell.org/). Applicant's work is expected to
range from establishing new theoretical foundations to building mature
prototypes. Octopi presents many research tracks dedicated to tackling ambitious
challenges:

- Programming model

  This track focuses on developing programming models which capture the common
  coding patterns (and architecture) of IoT applications.

  Our latest publication (HASKELL'20): 
https://dl.acm.org/doi/abs/10.1145/3406088.3409027

- Compilation and runtime

  This track focuses on the design and implementation of languages and their
  runtime which are tuned to run on low power, memory-constrained
  microcontrollers. It also explores techniques to guarantee both safety and
  security measures about the runtime as well as programs.

  Our latest publication (PPDP'20): 
https://dl.acm.org/doi/abs/10.1145/3414080.3414092

- Hardware support

  This task is aimed at the endpoints of IoT systems. It plans on creating a
  processor aimed specifically at executing functional languages directly and
  efficiently. This entails both creating an efficient graph reduction engine as
  well as built-in support for garbage collection.

  Our latest publications on Cephalopode and Stately are to appear at
  MEMCODE'20: 
https://iitjammu.ac.in/conferences/memocode2020/listofacceptedpapers.html

- Penetration testing

  High-level languages prevent developers from introducing a wide class of
  security-related bugs that plague low-level ones. Nevertheless, programs
  written in a high-level language interacts, via bindings, with the underlying
  OS. The binding code is responsible to bridge the semantic gap across both
  languages, which constitutes a door for security bugs. This task plans to
  provide a smart fuzzing tool to test such binding code for vulnerabilities.

  Our latest publication (IFL'19): 
http://www.cse.chalmers.se/~mista/assets/pdf/ifl19.pdf

The post-doc will join high-profile groups of researchers on security and
functional programming with a rich network of collaborators and visibility
across several research communities. Octopi's faculty members have a strong
tradition in successfully applying the functional programming Haskell to
different domains: protection of privacy of data
(https://hackage.haskell.org/package/lio), testing
(https://hackage.haskell.org/package/QuickCheck), SAT-solving and theorem
proving (https://github.com/nick8325/equinox), and digital signal processing
(https://hackage.haskell.org/package/feldspar-language).

[TYPES/announce] SSIoT 2019 - IEEE EuroS Workshop on Software Security for Internet of Things

[Alejandro Russo]

[ The Types Forum (announcements only),
http://lists.seas.upenn.edu/mailman/listinfo/types-announce ]

*** Apologies if you have received multiple copies of this announcement ***

SSIoT 2019 - IEEE EuroS Workshop on Software Security for Internet of 
Things

Co-located with IEEE EuroS 2019, 16 June 2019, Stockholm, Sweden


Call for Papers
---

The IEEE Workshop on Software Security for IoT (SSIoT) 2019 is the first
international conference focusing primarily on the software security for the
Internet of Things (IoT). SSIoT aims to provide a forum for exploring and
evaluating ideas on bringing secure software to IoT and a venue to 
publish novel

research ideas on this topic. SSIoT strongly encourages proposals of new,
speculative ideas, evaluations of new or known techniques in practical 
settings,
and discussions of emerging threats and important problems. We are 
especially
interested in position papers that are radical, forward-looking, and 
likely to
lead to lively and insightful discussions that will influence future 
research on

IoT security.

The scope of SSIoT includes, but is not limited to:
- Verification, analysis, and testing techniques for IoT software.
- Verification, analysis, and testing of IoT security protocols
- Static and dynamic analysis of state-of-the-art IoT stacks, operating 
systems,

  and crypto libraries
- Design and implementation of secure programming languages for IoT
- New or extended software tools for IoT protocols/software analysis and
  verification
- IoT Software attestation and certification
- Software patch management for IoT
- Forensic-ready IoT software
- Software security enforcement through secure hardware designs for IoT
- Applications, case studies, and implementations of security techniques

We invite both full papers (10 pages) and short papers (4 pages). Full 
papers
are expected to present relatively mature content while short ones are 
expected
to present preliminary and exploratory work. Authors submitting papers 
in this
category must prepend the phrase "Short Paper:" to the title of the 
submitted
paper. Submissions should be anonymized for review and should be PDF 
documents
formatted according to the IEEE EuroS 2019 formatting requirements 
provided at

<https://www.ieee-security.org/TC/EuroSP2019/cfp.php>. Both full and short
papers must describe work not published in other refereed venues. Accepted
papers will appear as publication through IEEE Xplore in a volume 
accompanying

the main IEEE EuroS 2019 proceedings.

Important dates
---

Paper Submission: February 28, 2019
Notification    : April    10, 2019
Camera Ready due: April    20, 2019
Workshop    : June 16, 2019

Important links
---

Submission site: https://easychair.org/conferences/?conf=ssiot19
Web page: http://www.cse.chalmers.se/~russo/ssiot19/

PC Members
--

Bengt Jonsson, Uppsala University (co-chair)
Shahid Raza, RISE (co-chair)
Alejandro Russo, Chalmers University of Technology (co-chair)
Kostis Sagonas, Uppsala University, Sweden
Carsten Schürmann, IT University of Copenhagen, Denmark
Junaid Haroon Siddiqui, LUMS, Pakistan
Nikolay Kosmatov, CEA Paris, France
Phil Levis, Stanford University, USA
Amit Levy, Princeton University, USA
Olaf Landsiedel, University of Kiel, Germany
Joeri de Ruiter, SIDN Labs, the Netherlands
Somesh Jha, University of Wisconsin-Madison, USA
Tamara Rezk, INRIA Sophia Antipolis, France
Sonja Buchegger, KTH, Sweden
Earlence Fernandes, University of Washington, USA
Romina Spalazzese, Malmö University, Sweden

[TYPES/announce] PhD student positions in the Functional Programming group at Chalmers

[Alejandro Russo]

[ The Types Forum (announcements only),
http://lists.seas.upenn.edu/mailman/listinfo/types-announce ]

** Apologies for multiple copies **

Two PhD student positions in Functional Programming for guaranteed 
security in

the Internet of Things

The Octopi Project is led by Alejandro Russo, with Koen Claessen, John 
Hughes,
Carl-Johan Seger and Mary Sheeran as PIs. We will develop new ways to 
program
securely for the Internet of Things, working on everything from the 
programming
model to hardware design. We have already appointed three doctoral 
students, and
now we want to appoint two more, with emphasis on ways to express 
locality in
computations and also on designing hardware for executing functional 
languages
directly and efficiently. Carl-Johan Seger and Mary Sheeran will 
supervise the
two new students, and they will join an amazing team. This is a real job 
with a

decent salary for five years, and Gothenburg is a great place to live.

The following link gives more details and it is through the link that 
you apply

by pressing the button labelled Ansök. The deadline is October 31.

<http://www.chalmers.se/sv/om-chalmers/Arbeta-pa-Chalmers/lediga-tjanster/Sidor/default.aspx?rmpage=job=6691=SE>

Please consider applying, or advising your best students to apply.

Mary Sheeran, Carl-Johan Seger and the Octopi team
(<https://octopi.chalmers.se/team/>)

[TYPES/announce] Postdoc position on side-channel analysis and avoidance in Hardware (Chalmers University of Technology)

[Alejandro Russo]

[ The Types Forum (announcements only),
http://lists.seas.upenn.edu/mailman/listinfo/types-announce ]

-
Postdoctoral position (up to two years) on side-channel analysis and 
avoidance

in Hardware at Chalmers University of Technology, Sweden
-

* Important dates:

  October  30 - Deadline for applications
  November 5  - Tentative date for interviews

* Expected starting date: January 2019.

For details, including employment conditions and how to apply, see:

<https://web103.reachmee.com/ext/I003/304/job?site=5=UK=a72aeedd63ec10de71e46f8d91d0d57c_id=6702>

This position is funded by a grant from Intel Corp and will get 
supervised by
Prof. Carl-Johan Seger 
(<https://www.chalmers.se/en/Staff/Pages/secarl.aspx>) and
Prof. Alejandro Russo (<http://www.cse.chalmers.se/~russo/>). Prof. 
Seger has,
after 21 years at Intel corporation, a wealth of experience in verifying 
Intel's

microprocessors and is intimately familiar with the constraints and scale of
modern processors. He also has extensive experience in building formal
verification tools, and symbolic simulators in particular, for modern
microprocessors. Prof. Russo has vast expertise on protecting privacy in 
modern
software systems and his work has impacted different research 
communities and
appeared in prestigious conferences on programming languages, operating 
systems,

and security.

The project is dedicated to contribute and further research on (i) utilizing
some notion of dependent types to verify security and the 
presence/absence of
side-channels in multi-cycle circuits, (ii) apply symbolic execution 
techniques

to boost accuracy when needed, (iii) implement a tool that combines these
techniques, and (iv) perform evaluations on state-of-the-art public domain
microprocessor designs.

The position is to be carried out within both the Information Security 
(iSec)
and Functional Programming (FP) research groups. Both groups combine 
world-class
researchers in language-based security and functional programming. In 
addition,

there is a strong type-theory research group that can be used as a source of
knowledge in dependent types. Competitive candidates will have a strong 
computer
science background, both theoretical and practical, with emphasis on 
programming

languages techniques; expertise in some of the areas of interests for this
position; a passion for high-quality software research and development; and
excellent analytical and communication skills. Prior publications are
meritorious. English is the working language for research in Chalmers's
Department of Computer Science and Engineering.

For a popular science description of the project, please refer to the 
following

link: https://www.chalmers.se/en/departments/cse/news/Pages/Intel.aspx

[TYPES/announce] 9 PhD positions at Chalmers for web security and secure programing of IoT devices

[Alejandro Russo]

[ The Types Forum (announcements only),
http://lists.seas.upenn.edu/mailman/listinfo/types-announce ]

Dear all,

We are starting two big projects on security at Chalmers. Both of them 
leverage programming languages technology to solve security problems. 
Details below.


Best,
/Alejandro

** Apologies for multiple copies **

The Computer Science and Engineering Department, Chalmers University of
Technology is hiring:

4 PhD students in web application security

5 PhD students in secure programming of IoT devices

* Important dates:

  April 27- Deadline for first round of selection (we encourage all
 candidates to apply early, especially those who need visa
 for visiting Sweden)
  May 21 - Deadline for second round of selection
  June 1, 4 or 5 - Tentative dates for interviews

* Expected starting date: preferably around September 2018.

For details, including employment conditions and how to apply, see:



4 PhD students in web application security
--

The PhD students will join an ambitios framework project: WebSec:
Securing Web-driven Systems, conducted jointly with Uppsala
University. WebSec sets out to develop a principled security platform
for the web. WebSec will break away from temporary patches and
short-term mitigations and tackle the challenge of web security at
scale. WebSec will result in:

-Comprehensive framework for detection, mitigation, and prevention of
cross-site
 scripting (XSS) attacks, encompassing (i) Crawling 2.0 and advanced string
 constraint solving for XSS detection, (ii) flexible Content Security 
Policy

 (CSP) for XSS mitigation, and (iii) a server-side template framework
separating
 data from code for XSS prevention.

-JavaScript program analysis platform for monitoring and symbolically
executing
 JavaScript, the web's main programming language.

-Principled framework for system-wide security, enabling confinement,
tainting,
 and information-flow control mechanisms across web component boundaries,
 building on our work on JSFlow http://www.jsflow.net/

-Mechanisms for confinement and compartmentalization on the web, including
 extensions to the recently proposed COWL W3C standard
 (https://www.w3.org/TR/COWL/) and the multi-app web framework Hails
 (https://hackage.haskell.org/package/hails).

-Framework for privacy on the web, addressing user tracking while enabling
 privacy-preserving web analytics.

The PhD students will join a high-profile group of researchers on software
security. Software is often the root cause of vulnerabilities in modern
computing systems. By focusing on securing the software, we target
principled
security mechanisms that provide robust protection against large classes of
attacks.

We have a track record of successful projects with top international
partners in academia and industry, including a European project
WebSand on web application sandboxing: https://www.websand.eu/

Promotional video of Chalmers research on securing web applications:
https://vimeo.com/82206652

5 PhD students in secure programming of IoT devices
---

The PhD positions are within the recently granted project Octopi: Secure
Programming for the Internet of Things (IoT). Octopi is dedicated to
contribute
and further research on (i) utilizing high-level languages to program
constraint
devices, (ii) finding suitable programming models for IoT, and (iii)
developing
security mechanisms to obtain system-wide guarantees. The programming
language
of the project is Haskell (https://www.haskell.org/). Applicants work is
expected to range from establishing new theoretical foundations to building
mature prototypes. Octopi presents many research tracks dedicated to tackle
ambitious challenges:

- Programming model

  This track focuses on developing programming models which capture the
common
  coding patterns (and architecture) of IoT applications.

- Compilation and runtime

  Programs written in high-level languages often run in tandem with fat
runtime
  responsible to provide valuable services (e.g., safe memory
  management). Having such runtime in constraint IoT devices is simply not
  possible. This task explores mechanisms to predict resource consumption
  behavior of programs so that certain runtime services are not needed, 
thus

  reducing their size.

- Locality of data

  In data-driven IoT systems, users must be able to express and control
easily
  is the choice of whether to migrate data to functions or functions to
  data. This task focus on finding ways to provide such control without
giving
  up the benefits of programming in a high-level language.

- Hardware support

  This task is aimed at the end points of IoT system. It plans on 

[TYPES/announce] 2 PhD student positions on Language-based security at Chalmers

[Alejandro Russo]

 Functional Pearl: Two can keep a secret if one of them uses Haskell
(http://www.cse.chalmers.se/~russo/publications_files/pearl-russo.pdf<http://www.cse.chalmers.se/%7Erusso/publications_files/pearl-russo.pdf>).

This position will be supervised by Prof. Alejandro Russo
(http://www.cse.chalmers.se/~russo/<http://www.cse.chalmers.se/%7Erusso/>)

[TYPES/announce] Second Call for Papers (Deadline approaching) - PLAS 2014

[Alejandro Russo]

[ The Types Forum (announcements only),
http://lists.seas.upenn.edu/mailman/listinfo/types-announce ]

[We apologize for multiple copies]

ACM SIGPLAN Ninth Workshop on Programming Languages and Analysis for 
Security

(PLAS), 29th July 2014, Uppsala, Sweden

http://researcher.ibm.com/researcher/view_project.php?id=5237


Call For Papers (Deadline approaching)

This year, PLAS is co-located with the European Conference on 
Object-Oriented

Programming (ECOOP) (http://ecoop14.it.uu.se/)

PLAS aims to provide a forum for exploring and evaluating ideas on the 
use of
programming language and program analysis techniques to improve the 
security of
software systems. Strongly encouraged are proposals of new, speculative 
ideas,
evaluations of new or known techniques in practical settings, and 
discussions of

emerging threats and important problems.

The scope of PLAS includes, but is not limited to:

* Compiler-based security mechanisms or runtime-based security 
mechanisms such

  as inline reference monitors
* Program analysis techniques for discovering security vulnerabilities
* Automated introduction and/or verification of security enforcement 
mechanisms

* Language-based verification of security properties in software, including
  verification of cryptographic protocols
* Specifying and enforcing security policies for information flow and access
  control
* Model-driven approaches to security
* Security concerns for web programming languages
* Language design for security in new domains such as cloud computing and
  embedded platforms
* Applications, case studies, and implementations of these techniques


Submission Guidelines

We invite papers in two categories:

Full papers should be at most 12 pages long including bibliography and
appendices. Papers in this category are expected to have relatively mature
content. Full paper presentations will be 25 minutes each. Short papers 
should
be at most 6 pages long including bibliography and appendices. 
Preliminary and
exploratory work are welcome in this category. Short papers 
presentations will
be 10 minutes each. Authors submitting papers in this category must 
prepend the

phrase Short Paper: to the title of the submitted paper.

Submissions should be PDF documents typeset in the ACM proceedings 
format using

10pt fonts. SIGPLAN-approved templates can be found at
http://www.acm.org/sigs/sigplan/authorInformation.htm. We recommend 
using this
format, which improves greatly on the ACM LaTeX format. All submissions 
must be

in English. Page limits are strict.

Both full and short papers must describe work not published in other 
refereed

venues. (See the SIGPLAN republication policy at
http://www.sigplan.org/Resources/Policies/Republication for more details.)
Accepted papers will appear in the workshop ACM SIGPLAN proceedings 
which will
be distributed to the workshop participants and be available in the ACM 
Digital

Library.


Important dates

20th April 2014 (anywhere on earth): Deadline for paper submissions
19th May   2014: Authors notification
29th July  2014: Workshop


Program Committee

Paolina Centonze (Iona College)
Christos Dimoulas (Harvard University)
Boris Köpf (IMDEA Software Institute)
Stephen McCamant (University of Minnesota)
David Naumann (Stevens Institute of Technology)
Benjamin Pierce (University of Pennsylvania)
Frank Piessens (Katholieke Universiteit Leuven)
Marco Pistoia (IBM Research)
Alejandro Russo (Chalmers University of Technology) [co-chair]
Omer Tripp (IBM Research) [co-chair]

 _ _  __   __  _
|_)|  |_|(_ _)/ \/| |_|
|  |__| |__)   /__\_/ |   |

--
Alejandro Russo
Dept. of Computer Science and Engineering
Chalmers University of Technology
Phone: +46-(0)31-772-1098
Webpage: http://www.cse.chalmers.se/~russo/

[TYPES/announce] Call for Papers - PLAS 2014

[Alejandro Russo]

[ The Types Forum (announcements only),
http://lists.seas.upenn.edu/mailman/listinfo/types-announce ]

[We apologize for multiple copies]

ACM SIGPLAN Ninth Workshop on Programming Languages and Analysis for 
Security

(PLAS), 29th July 2014, Uppsala, Sweden

http://researcher.ibm.com/researcher/view_project.php?id=5237


Call For Papers

This year, PLAS is co-located with the European Conference on 
Object-Oriented

Programming (ECOOP) (http://ecoop14.it.uu.se/)

PLAS aims to provide a forum for exploring and evaluating ideas on the 
use of
programming language and program analysis techniques to improve the 
security of
software systems. Strongly encouraged are proposals of new, speculative 
ideas,
evaluations of new or known techniques in practical settings, and 
discussions of

emerging threats and important problems.

The scope of PLAS includes, but is not limited to:

* Compiler-based security mechanisms or runtime-based security 
mechanisms such

  as inline reference monitors
* Program analysis techniques for discovering security vulnerabilities
* Automated introduction and/or verification of security enforcement 
mechanisms

* Language-based verification of security properties in software, including
  verification of cryptographic protocols
* Specifying and enforcing security policies for information flow and access
  control
* Model-driven approaches to security
* Security concerns for web programming languages
* Language design for security in new domains such as cloud computing and
  embedded platforms
* Applications, case studies, and implementations of these techniques


Submission Guidelines

We invite papers in two categories:

Full papers should be at most 12 pages long including bibliography and
appendices. Papers in this category are expected to have relatively mature
content. Full paper presentations will be 25 minutes each. Short papers 
should
be at most 6 pages long including bibliography and appendices. 
Preliminary and
exploratory work are welcome in this category. Short papers 
presentations will
be 10 minutes each. Authors submitting papers in this category must 
prepend the

phrase Short Paper: to the title of the submitted paper.

Submissions should be PDF documents typeset in the ACM proceedings 
format using

10pt fonts. SIGPLAN-approved templates can be found at
http://www.acm.org/sigs/sigplan/authorInformation.htm. We recommend 
using this
format, which improves greatly on the ACM LaTeX format. All submissions 
must be

in English. Page limits are strict.

Both full and short papers must describe work not published in other 
refereed

venues. (See the SIGPLAN republication policy at
http://www.sigplan.org/Resources/Policies/Republication for more details.)
Accepted papers will appear in the workshop ACM SIGPLAN proceedings 
which will
be distributed to the workshop participants and be available in the ACM 
Digital

Library.


Important dates

20th April 2014 (anywhere on earth): Deadline for paper submissions
19th May   2014: Authors notification
29th July  2014: Workshop


Program Committee

Paolina Centonze (Iona College)
Christos Dimoulas (Harvard University)
Boris Köpf (IMDEA Software Institute)
Stephen McCamant (University of Minnesota)
David Naumann (Stevens Institute of Technology)
Benjamin Pierce (University of Pennsylvania)
Frank Piessens (Katholieke Universiteit Leuven)
Marco Pistoia (IBM Research)
Alejandro Russo (Chalmers University of Technology) [co-chair]
Omer Tripp (IBM Research) [co-chair]

 _ _  __   __  _
|_)|  |_|(_ _)/ \/| |_|
|  |__| |__)   /__\_/ |   |

--
Alejandro Russo
Dept. of Computer Science and Engineering
Chalmers University of Technology
Phone: +46-(0)31-772-1098
Webpage: http://www.cse.chalmers.se/~russo/