[ The Types Forum (announcements only),
    http://lists.seas.upenn.edu/mailman/listinfo/types-announce ]

Dear all,

We are starting two big projects on security at Chalmers. Both of them leverage programming languages technology to solve security problems. Details below.


** Apologies for multiple copies **

The Computer Science and Engineering Department, Chalmers University of
Technology is hiring:

4 PhD students in web application security

5 PhD students in secure programming of IoT devices

* Important dates:

  April 27- Deadline for first round of selection (we encourage all
             candidates to apply early, especially those who need visa
             for visiting Sweden)
  May 21 - Deadline for second round of selection
  June 1, 4 or 5 - Tentative dates for interviews

* Expected starting date: preferably around September 2018.

For details, including employment conditions and how to apply, see:

4 PhD students in web application security

The PhD students will join an ambitios framework project: WebSec:
Securing Web-driven Systems, conducted jointly with Uppsala
University. WebSec sets out to develop a principled security platform
for the web. WebSec will break away from temporary patches and
short-term mitigations and tackle the challenge of web security at
scale. WebSec will result in:

-Comprehensive framework for detection, mitigation, and prevention of
 scripting (XSS) attacks, encompassing (i) Crawling 2.0 and advanced string
constraint solving for XSS detection, (ii) flexible Content Security Policy
 (CSP) for XSS mitigation, and (iii) a server-side template framework
 data from code for XSS prevention.

-JavaScript program analysis platform for monitoring and symbolically
 JavaScript, the web's main programming language.

-Principled framework for system-wide security, enabling confinement,
 and information-flow control mechanisms across web component boundaries,
 building on our work on JSFlow http://www.jsflow.net/

-Mechanisms for confinement and compartmentalization on the web, including
 extensions to the recently proposed COWL W3C standard
 (https://www.w3.org/TR/COWL/) and the multi-app web framework Hails

-Framework for privacy on the web, addressing user tracking while enabling
 privacy-preserving web analytics.

The PhD students will join a high-profile group of researchers on software
security. Software is often the root cause of vulnerabilities in modern
computing systems. By focusing on securing the software, we target
security mechanisms that provide robust protection against large classes of

We have a track record of successful projects with top international
partners in academia and industry, including a European project
WebSand on web application sandboxing: https://www.websand.eu/

Promotional video of Chalmers research on securing web applications:

5 PhD students in secure programming of IoT devices

The PhD positions are within the recently granted project Octopi: Secure
Programming for the Internet of Things (IoT). Octopi is dedicated to
and further research on (i) utilizing high-level languages to program
devices, (ii) finding suitable programming models for IoT, and (iii)
security mechanisms to obtain system-wide guarantees. The programming
of the project is Haskell (https://www.haskell.org/). Applicants work is
expected to range from establishing new theoretical foundations to building
mature prototypes. Octopi presents many research tracks dedicated to tackle
ambitious challenges:

- Programming model

  This track focuses on developing programming models which capture the
  coding patterns (and architecture) of IoT applications.

- Compilation and runtime

  Programs written in high-level languages often run in tandem with fat
  responsible to provide valuable services (e.g., safe memory
  management). Having such runtime in constraint IoT devices is simply not
  possible. This task explores mechanisms to predict resource consumption
behavior of programs so that certain runtime services are not needed, thus
  reducing their size.

- Locality of data

  In data-driven IoT systems, users must be able to express and control
  is the choice of whether to migrate data to functions or functions to
  data. This task focus on finding ways to provide such control without
  up the benefits of programming in a high-level language.

- Hardware support

This task is aimed at the end points of IoT system. It plans on creating a
  processor aimed specifically at executing functional languages
directly and
  efficiently. This entails both creating an efficient graph reduction
engine as
  well as built-in support for garbage collection.

- Penetration testing

  High-level languages prevent developers from introducing a wide class of
  security-related bugs that plague low-level ones. Nevertheless, programs
  written in a high-level language interacts, via bindings, with the
OS. The binding code is responsible to bridge the semantic gap across both
  languages, which constitutes a door for security bugs. This task plans to
  provide a smart fuzzing tool to test such binding code for

PhD students will join high-profile groups of researchers on security and
functional programming with a rich network of collaborators and visibility
across several research communities. Octopi's faculty members have a strong
tradition in successfully applying the functional programming Haskell to
different domains: protection of privacy of data
(https://hackage.haskell.org/package/lio), testing
(https://hackage.haskell.org/package/QuickCheck), SAT-solving and theorem
proving (https://github.com/nick8325/equinox), and digital signal processing

Reply via email to