[TYPES/announce] PostDoc/Engineer at UCLouvain in assistive code repair
[ The Types Forum (announcements only), http://lists.seas.upenn.edu/mailman/listinfo/types-announce ] Apologies for multiple postings... Universite Catholique de Louvain is seeking to recruit a PostDoc/Research engineer position in a full time position to work on a project on assistive code repair. The post is initially offered for one year, with options to extend for up to three years (project duration is three years from October 2019). The main responsibilities of the successful candidate will be to: 1. implement program transformation from source code to a formal model suitable for analysis, 2. implement and refine analysis techniques to find program flaws, and 3. to automatically generate program repairs for the flaws found. The post holder will be working closely with researchers within the group at UCLouvain and industrial partners. The post holder will benefit from a strong research environment provided at UCLouvain and within the team. There will also be opportunities to collaborate on other related projects in the domains of security and verification. The ideal candidate will hold a PhD or other significant experience in one or more of the following areas: - program analysis - (statistical) model checking - program verification - automatic program repair - programming languages/transformation. Information enquiries are welcome and should be directed to Dr Thomas Given-Wilson (thomas.given-wil...@uclouvain.be) or Prof. Axel Legay (axel.le...@uclouvain.be). Net salary is 2200-2500 euro per month (after taxes and social security). Applications should be sent to both Dr Thomas Given-Wilson (thomas.given-wil...@uclouvain.be) or Prof. Axel Legay (axel.le...@uclouvain.be). signature.asc Description: OpenPGP digital signature
[TYPES/announce] PostDoc/Research Engineer in IoT Securit at UCLouvain
[ The Types Forum (announcements only), http://lists.seas.upenn.edu/mailman/listinfo/types-announce ] One year PostDoc/research engineer position to work at Universite Catholique de Louvain on IoT security. The focus of this project is to improve IoT security against various forms of attacks such as: fault injection, side-channel analysis, and through information leakage. Successful applications should have background and interest in at least one of the following areas: - security - IoT development - fault injection attacks - formal methods for program analysis - verification - information leakage - cryptography The employment is full-time and the salary is between 2300 and 2500 euro after taxes, social security included. Initial contract offered for 1 year, extensions possible. The working language is English, French is not required. Interested candidates should contact Axel Legay (axel.le...@uclouvain.be).
[TYPES/announce] PostDoc/Research Engineer at UCLouvain in resilient cryptography for IoT devices
[ The Types Forum (announcements only), http://lists.seas.upenn.edu/mailman/listinfo/types-announce ] A one year PostDoc/research engineer position to work at UCLouvain with Axel Legay and Thomas Given-Wilson. Net salary between 2300 and 2500 euro after taxes, social security included. Note that renewal for a second year is possible. Main Competences: Cryptography, software development for IoT devices. Beneficial Competencies: side-channel analysis, information leakage, hardware Starting date: January or February 2019 (flexible) Project Description -- Any cryptographic hardware device containing secret data (cryptographic keys) is vulnerable to an adversary. Hardware attacks are a very powerful class of attacks which exploit or fault physical properties of the device. Side-channel attacks are capable to break cryptographic secrets by capturing additional physical information while the device is processing sensitive data. For example, an adversary could monitor the running time, the cache behaviour, the power consumption, and/or the electromagnetic radiation of the device. In order to protect cryptographic secret data against side-channel attacks, the most investigated countermeasure is masking that may results in provable security against a certain type of restricted attacker. Besides that hiding and shuffling are effective countermeasures in practice which cannot hinder possible attacks but rather raise their complexity. However, in practise the most challenging problem is the upcoming of unexpected leakage information due to hardware properties. Therefore, while using the mentioned implementation level countermeasures designers are able to build “secure" chips (withstanding standard practical security evaluation processes), it is still not well understood when certain security levels are reached and which properties need to hold in practise. To overcome these limitations, recently, theoretical treatments of physical attacks have attracted the attention of the cryptographic community. Instead of preventing any kind of leakage source, in these works, the adversary is modelled with abilities of monitoring side-channel information or inserting faults. These leakage resilient schemes generally aim to move from the traditional empirical ad-hoc analysis of the attack towards stronger and more systematic security arguments or even proofs. Naturally, these more general approaches suffer from limitations that are mainly caused by the restriction to particular meaningful adversaries as it is not feasible to consider an all powerful physical adversary. Project Objectives - In the new area of the Internet of Things (IoT) billions of connected of devices will operate in domains that address wearables, smart homes, automotives, smart cities, the workspace and industrial applications. Most attention for IoT has been given on the applications for the home (consumer), transport (mobility), health (body), buildings (infrastructure), factory (industrial) and cities (utilities, security). Many of these (if not all) domains require a reasonable amount of security and/or privacy protection such as cryptographic encryption and authentication. In this context, symmetric cryptographic primitives such as block ciphers are of utmost importance, because of their low cost and efficiency on a wide range of platforms. However, these aspects also makes them a target of choice for physical attackers. In this project we aim to investigate if leakage resilient authentication and encryption schemes can be utilised in the context of IoT where we particularly concentrate on side-channel attacks using electromagnetic emanation. For this, we pre-select two state-of-the-art schemes and investigate if these schemes are suitable for resource restricted IoT devices and furthermore which requirements have to be met. As a next step in this project, we will empirically analyse the chosen IoT device against hardware attacks (use of templates, machine learning, ...). Furthermore, despite the assumed attacker model of the leakage resilient schemes, we will investigate which attacker models are possible in general in the context of IoT. Using these general attacker models we determine the security resistance of the investigated schemes and derive which extra resources are needed to provide a sufficient security level. How to apply: -- Contact Axel Legay at axel.le...@uclouvain.be with a CV and, if possible, a letter of recommendation For more information: -- Contact Axel Legay at axel.le...@uclouvain.be signature.asc Description: OpenPGP digital signature
[TYPES/announce] PostDoc Position at UCLouvain in Formal Verificaion, Privacy, and Security
[ The Types Forum (announcements only), http://lists.seas.upenn.edu/mailman/listinfo/types-announce ] Hi Everyone, A two years postdoc scholarship to work at UCLouvain with Axel Legay and Thomas Given-Wilson. Further details below. Regards, - Thomas Given-Wilson Position: - A two years postdoc scholarship to work at UCLouvain with Axel Legay and Thomas Given-Wilson. Net salary between 2300 and 2500 euro after taxes, social security included. Main Competences: Formal verification, privacy, security. Beneficial Competencies: software development, model checking, information theory. Starting date: February 2019 (flexible) Objective of the Serums project: -- In order to achieve high quality healthcare provision, it is increasingly important to collect highly confidential and personal medical data that has been obtained from a variety of sources, including personal medical devices and to share this through a variety of means, including public networks and other systems whose security cannot be implicitly trusted. Patients rightly expect full privacy, except where permission has been explicitly given, but they equally expect to be provided with the best possible medical treatment. Evidence suggests that integrating home-based healthcare into a holistic treatment plan is more cost effective, reduces travel-associated risks and costs, and increases the quality of healthcare provision, by allowing the incorporation of more frequent home-, work- and environment-based monitoring and testing into medical diagnostics. There is thus a strong and urgent demand to deliver better, more efficient and more effective healthcare solutions that can achieve excellent patient-centric healthcare provision, while also complying with increasingly strict regulations on the use and sharing of patient data. This provision needs to be multi-site, crossing traditional physical and professional boundaries of hospitals, health centres, home and workplace, and even national borders. It needs to engage hospitals, medical practitioners, consultants and other specialists, as well as incorporating patient-provided data that is produced by personal monitoring devices, healthcare apps, environmental monitoring etc. This creates huge pressures. The goal of the Serums project is to put patients at the centre of future healthcare provision, enhancing their personal care, and maximising the quality of treatment that they can receive, while ensuring trust in the security and privacy of their confidential medical data. UCLouvain's role in the project: --- The objective of this postdoc position is to develop new security proofs to ensure correctness of security properties developed in Sérums. In addition, the postdoc will participate to development of new research to guarantee privacy of data and evaluate solutions developed by the consortium. How to apply: -- Contact Axel Legay at axel.le...@uclouvain.be with a CV and, if possible, a letter of recommendation For more information: -- Contact Axel Legay at axel.le...@uclouvain.be signature.asc Description: OpenPGP digital signature
