[ The Types Forum (announcements only),
http://lists.seas.upenn.edu/mailman/listinfo/types-announce ]
Dear all,
We are starting two big projects on security at Chalmers. Both of them
leverage programming languages technology to solve security problems.
Details below.
Best,
/Alejandro
** Apologies for multiple copies **
The Computer Science and Engineering Department, Chalmers University of
Technology is hiring:
4 PhD students in web application security
5 PhD students in secure programming of IoT devices
* Important dates:
April 27- Deadline for first round of selection (we encourage all
candidates to apply early, especially those who need visa
for visiting Sweden)
May 21 - Deadline for second round of selection
June 1, 4 or 5 - Tentative dates for interviews
* Expected starting date: preferably around September 2018.
For details, including employment conditions and how to apply, see:
<http://www.chalmers.se/en/about-chalmers/Working-at-Chalmers/Vacancies/Pages/default.aspx?rmpage=job&rmjob=6134>
<http://www.chalmers.se/en/about-chalmers/Working-at-Chalmers/Vacancies/Pages/default.aspx?rmpage=job&rmjob=p6138>
4 PhD students in web application security
------------------------------------------
The PhD students will join an ambitios framework project: WebSec:
Securing Web-driven Systems, conducted jointly with Uppsala
University. WebSec sets out to develop a principled security platform
for the web. WebSec will break away from temporary patches and
short-term mitigations and tackle the challenge of web security at
scale. WebSec will result in:
-Comprehensive framework for detection, mitigation, and prevention of
cross-site
scripting (XSS) attacks, encompassing (i) Crawling 2.0 and advanced string
constraint solving for XSS detection, (ii) flexible Content Security
Policy
(CSP) for XSS mitigation, and (iii) a server-side template framework
separating
data from code for XSS prevention.
-JavaScript program analysis platform for monitoring and symbolically
executing
JavaScript, the web's main programming language.
-Principled framework for system-wide security, enabling confinement,
tainting,
and information-flow control mechanisms across web component boundaries,
building on our work on JSFlow http://www.jsflow.net/
-Mechanisms for confinement and compartmentalization on the web, including
extensions to the recently proposed COWL W3C standard
(https://www.w3.org/TR/COWL/) and the multi-app web framework Hails
(https://hackage.haskell.org/package/hails).
-Framework for privacy on the web, addressing user tracking while enabling
privacy-preserving web analytics.
The PhD students will join a high-profile group of researchers on software
security. Software is often the root cause of vulnerabilities in modern
computing systems. By focusing on securing the software, we target
principled
security mechanisms that provide robust protection against large classes of
attacks.
We have a track record of successful projects with top international
partners in academia and industry, including a European project
WebSand on web application sandboxing: https://www.websand.eu/
Promotional video of Chalmers research on securing web applications:
https://vimeo.com/82206652
5 PhD students in secure programming of IoT devices
---------------------------------------------------
The PhD positions are within the recently granted project Octopi: Secure
Programming for the Internet of Things (IoT). Octopi is dedicated to
contribute
and further research on (i) utilizing high-level languages to program
constraint
devices, (ii) finding suitable programming models for IoT, and (iii)
developing
security mechanisms to obtain system-wide guarantees. The programming
language
of the project is Haskell (https://www.haskell.org/). Applicants work is
expected to range from establishing new theoretical foundations to building
mature prototypes. Octopi presents many research tracks dedicated to tackle
ambitious challenges:
- Programming model
This track focuses on developing programming models which capture the
common
coding patterns (and architecture) of IoT applications.
- Compilation and runtime
Programs written in high-level languages often run in tandem with fat
runtime
responsible to provide valuable services (e.g., safe memory
management). Having such runtime in constraint IoT devices is simply not
possible. This task explores mechanisms to predict resource consumption
behavior of programs so that certain runtime services are not needed,
thus
reducing their size.
- Locality of data
In data-driven IoT systems, users must be able to express and control
easily
is the choice of whether to migrate data to functions or functions to
data. This task focus on finding ways to provide such control without
giving
up the benefits of programming in a high-level language.
- Hardware support
This task is aimed at the end points of IoT system. It plans on
creating a
processor aimed specifically at executing functional languages
directly and
efficiently. This entails both creating an efficient graph reduction
engine as
well as built-in support for garbage collection.
- Penetration testing
High-level languages prevent developers from introducing a wide class of
security-related bugs that plague low-level ones. Nevertheless, programs
written in a high-level language interacts, via bindings, with the
underlying
OS. The binding code is responsible to bridge the semantic gap across
both
languages, which constitutes a door for security bugs. This task plans to
provide a smart fuzzing tool to test such binding code for
vulnerabilities.
PhD students will join high-profile groups of researchers on security and
functional programming with a rich network of collaborators and visibility
across several research communities. Octopi's faculty members have a strong
tradition in successfully applying the functional programming Haskell to
different domains: protection of privacy of data
(https://hackage.haskell.org/package/lio), testing
(https://hackage.haskell.org/package/QuickCheck), SAT-solving and theorem
proving (https://github.com/nick8325/equinox), and digital signal processing
(https://hackage.haskell.org/package/feldspar-language).
