[ The Types Forum (announcements only), http://lists.seas.upenn.edu/mailman/listinfo/types-announce ]
PhD Research Assistantships at Stevens Institute of Technology and Kansas State University Two Ph.D. research assistantships are available starting Spring 2007 for research in software security policy specification and program analyses for software security. Project title: Access Control and Downgrading in Information Flow Assurance The project is funded by the US National Science Foundation (CyberTrust). It also involves collaborations with several researchers in the European project Mobius, at IBM Research, Microsoft Research, the SAnToS Laboratory at Kansas State University, etc. One position is at the Department of Computer Science, Stevens Institute of Technology, and the other is at the Department of Computing and Information Sciences, Kansas State University. The Ph.D. supervisors will be Anindya Banerjee at Kansas State University and/or David Naumann at Stevens Institute of Technology. For more information and details about the application process, please look at the URL http://www.cis.ksu.edu/~ab/phd.html which also contains relevant contact information. The positions are available until filled. Project Summary *************** The project investigates techniques to achieve high assurance that systems satisfy end-to-end confidentiality and integrity policies. The techniques involve type checking/inference and correctness verification. The broad objective is for confidentiality and integrity requirements to be expressed as such, with clear meaning for requirements analysts and implementors. Designs should explicitly account for the use of access controls and other means to satisfy information flow requirements. Designs and implementations must be checked for conformance with information flow policies, accounting for interaction with less trustworthy components. Rigorous validation tools must serve both to ensure compliance and also to help avoid waste of resources in unnecessary runtime checks, monitoring, or other security measures. The tools should not only guide developers but also facilitate system administration, so that trustworthiness is maintained as circumstances change and systems evolve.