[ The Types Forum (announcements only), 
     http://lists.seas.upenn.edu/mailman/listinfo/types-announce ]

PhD Research Assistantships at Stevens Institute of Technology and Kansas 
State University

Two Ph.D. research assistantships are available starting Spring 2007 for
research in software security policy specification and program analyses
for software security.

Project title: Access Control and Downgrading in Information Flow Assurance

The project is funded by the US National Science Foundation (CyberTrust). It 
also involves collaborations with several researchers in the 
European project Mobius, at IBM Research, Microsoft Research, the 
SAnToS Laboratory at Kansas State University, etc.

One position is at the Department of Computer Science, Stevens
Institute of Technology, and the other is at the Department of
Computing and Information Sciences, Kansas State University.  The
Ph.D. supervisors will be Anindya Banerjee at Kansas State University
and/or David Naumann at Stevens Institute of Technology.

For more information and details about the application process, please look at 
the URL
which also contains relevant contact information. The positions are available
until filled.

Project Summary
The project investigates techniques to achieve high assurance that
systems satisfy end-to-end confidentiality and integrity policies.
The techniques involve type checking/inference and correctness

The broad objective is for confidentiality and integrity requirements
to be expressed as such, with clear meaning for requirements analysts
and implementors.  Designs should explicitly account for the use of
access controls and other means to satisfy information flow
requirements.  Designs and implementations must be checked for
conformance with information flow policies, accounting for interaction
with less trustworthy components.  Rigorous validation tools must
serve both to ensure compliance and also to help avoid waste of
resources in unnecessary runtime checks, monitoring, or other security
measures.  The tools should not only guide developers but also
facilitate system administration, so that trustworthiness is
maintained as circumstances change and systems evolve.

Reply via email to