We are seeking candidates for a PhD position at University of Luxembourg in the SaToSS (Security and Trust of Software Systems) group led by Prof Sjouke Mauw in the area of formal methods for security.
Please see here the description and link for applications marked "PhD Studentship 2":
https://satoss.uni.lu/vacancies/
We encourage applicants with a background in logic, formal methods, as well as those enthusiastic about security and privacy.
Informal enquiries may be directed to the email addresses below, but the application must be online via the following link.
https://recruitment.uni.lu/en/details.html?id=QMUFK026203F3VBQB7V7VV4S8&nPostingID=67638&nPostingTargetID=97599&mask=karriereseiten&lg=UK
The candidate's letter of motivation, must be relevant to research in the SaToSS group: (See: https://satoss.uni.lu/publications/). The topic described is a suggestion.
Yours sincerely,
Prof. Sjouke Mauw sjouke.mauw@uni.lu
Dr. Ross Horne ross.horne@uni.lu
Dr. Xihui Chen xihui.chen@uni.lu
========Description of PhD position=====================
The University of Luxembourg invites applications to the following vacancy in the Department of Computer Science (http://dcs.uni.lu) within its Faculty of Science, Technology and Medicine: https://satoss.uni.lu/vacancies/
Doctoral candidate (PhD student) in Computer Science (m/f)
• Initial 36 months fixed-term contract, renewable for up to 48 months depending on thesis progress evaluation
• Full-time employment (40h/week)
• Student and employee status
• Start date: as soon as possible
• Topics in security, privacy and formal methods
Your Role
The candidate's tasks include:
• Assistance with teaching classes in security
• Conducting research publishable in reputable international venues
• Writing of progress reports and presentations towards thesis
• Work constructively towards goals set by supervisors
The candidate should be prepared to engage in the project ``Semi-Controlled Distributed Account Management'' described below. The project is within the Security and Trust of Software System (SaToSS) research group led by Prof Sjouke Mauw.
Description of proposed PhD thesis topic:
The use of a password manager is a current best practice that many users and organisations follow. Password managers facilitate the generation and maintenance of unique, complex and random passwords and thus help prevent account compromise due to weak or reused passwords. However, with the rising number of apps, online accounts, smart devices and authentication methods, we are facing many new threats that are not related to passwords. For example, we must now also worry about misconfigured apps, third-party access permissions to accounts, vulnerabilities of devices, and security incidents at service providers.
Moreover, our apps, accounts, and devices are interconnected: An email app on a smartphone provides access to the email account to anyone who can unlock the smartphone. If, say, the smartphone user's groceries account supports password resetting by email, then the user's groceries account, too, can be accessed by anyone who can unlock the smartphone. There are many other such connections due to multi-factor, single sign-on, and other authentication methods. We refer to this collection of apps, devices, accounts, and authentication methods as an account ecosystem.
The interconnected nature of items in an account ecosystem means that for any security incident involving one item, there are potential ramifications for every other item in an account ecosystem. In our user study of 20 young to middle aged adults, they reported on average 43 items in their account ecosystems that were in active use. The complexity of account ecosystems is expected to further increase significantly with new services, such as Open Banking, connecting our existing accounts with new third-party account services, and new items, such as wearable devices, smart home appliances, car infotainment systems connecting to our existing devices such as smartphones, home routers, and introducing new apps and cloud services to control them.
Yet, there is no tool that helps managing our account ecosystems and no simple way to assess the risks to the integrity and availability of items in our account ecosystem. Indeed, it is precisely the lack of such a tool at the larger scale of an organisation's account ecosystem that leaves many institutions blind to the possible attack paths that ransomware attacks have exploited.
Objectives
In this proposed PhD thesis topic, we aim to develop the first account ecosystem management and security analysis tool. To achieve this, we must solve foundational research questions and develop efficient algorithms as outlined below. The developed algorithms will be implemented into a fully functional prototype.
Your Profile
The candidate must have a master degree and outstanding qualifications in computer science, mathematics or a related discipline.
The candidate should have excellent spoken and written communication skills. The candidate should be prepared to integrate into the SaToSS research group, led by Prof. Sjouke Mauw, which maintains excellent communication between all members.
We offer
• A large and dynamic research group with an exciting international environment
• Training in scientific and transferable skills; participation in schools, conferences and workshops.
• The University of Luxembourg offers highly competitive salaries and is an equal opportunity employer
Further Information
Applications —written in English— should be submitted online and include:
• Detailed curriculum vitae, including your contact address, work experience and publications
• Letter of motivation. *This is essential and must clearly state how the experience and interests of the candidate are related to the PhD topic advertised. Generic applications that are not tailored to the group and topic will not be considered*
• Degree certificates and transcript of all grades from university-level courses taken
• Contact information for 2-3 referees
Deadline for application:
The position is available immediately, so early applications are encouraged. Only formal applications via the link provided will be considered.
https://recruitment.uni.lu/en/details.html?id=QMUFK026203F3VBQB7V7VV4S8&nPostingID=67638&nPostingTargetID=97599&mask=karriereseiten&lg=UK
However, we encourage applicants to contact members research group with questions about possible research topics.
**********************************************************
*
* Contributions to be spread via DMANET are submitted to
*
* DMANET@zpr.uni-koeln.de
*
* Replies to a message carried on DMANET should NOT be
* addressed to DMANET but to the original sender. The
* original sender, however, is invited to prepare an
* update of the replies received and to communicate it
* via DMANET.
*
* DISCRETE MATHEMATICS AND ALGORITHMS NETWORK (DMANET)
* http://www.zaik.uni-koeln.de/AFS/publications/dmanet/
*
**********************************************************