4 PhD positions in security and privacy at Chalmers

Application deadline: April 14, 2015

Details and application procedure: http://www.chalmers.se/en/about-chalmers/vacancies/?rmpage=job&rmjob=2913

The Department has about 70 faculty members and enrolls a number of PhD students from more than 30 countries. The research spans the whole spectrum, from theoretical foundations to applied systems development. There is extensive national and international collaboration with academia and industry all around the world. For more information, see http://www.chalmers.se/cse/EN/.

Major responsibilities
The PhD students will join a high-profile group of researchers on software security. Software is often the root cause of vulnerabilities in modern computing systems. By focusing on securing the software, we target principled security mechanisms that provide robust protection against large classes of attacks.

Application software relies on access to a range of sensitive data, but standard security mechanisms such as access controls can’t distinguish between an app which uses data in a reasonable way from one which abuses the resources to which it has access. More research is needed to enable the specification and enforcement of fine grained security and privacy policies.

Securing real systems involves many challenges. Real systems are not single monolithic entities, but combine functionalities from many providers. For example, web applications combine services from different providers via script inclusion mechanisms, which routinely turns barebone web pages into fully fledged services built up from third-party code; server applications combine multiple components, application software, operating systems, and databases in security-critical ways. These projects will bridge theory and practice to put principled security and privacy to work, focusing on four application areas: Android apps, Web apps, Secure systems, and Location privacy. We are seeking a PhD student to work in each of them:

1. Android App Security
Our aim is to build a mobile app eco-system that has information flow control at its core, thereby guaranteeing that apps will be secure by construction. We will build on the programming language Paragon /, a variant of Java extended with rich information flow policies and compile-time checking of information flow policies. Research challenges include (i) extending Paragon with sufficient concurrency support, (ii) designing an android policy API for Paragon, (iii) tackling usability issues for both programmer and end user.

The position will be supervised by Prof. David Sands http://www.cse.chalmers.se/~dave and Dr. Niklas Broberg http://www.nbroberg.se/. More information about Paragon can be found here http://www.cse.chalmers.se/research/group/paragon.

2. Web Application Security
This position will focus on developing security policies and enforcement mechanisms to address partial trust to third-party code and unification of web/mobile security policies. The enforcement mechanisms may combine static (for example, static program analysis-based) and dynamic (for example, run-time execution monitoring-based) techniques. In pursuing these goals, there are possibilities for collaboration with our high-profile academic and industrial partners. We run a number of ambitious projects with top international partners in academia and industry, including a recent European project WebSand on web application security: https://www.websand.eu/.

This position will be supervised by Prof. Andrei Sabelfeld http://www.cse.chalmers.se/~andrei/. Andrei’s home page contains information about his latest research and the recent tools, such as JSFlow, SandPass, and SeLINQ, built by his team. Promotional video about Andrei’s team research on securing web applications: http://vimeo.com/82206652.

3. Constructing Secure Systems
This position will focus on protecting confidentiality and integrity of data across system boundaries, combining programming languages and operating systems research. Our goals are go from theoretical foundations to prototypes feasibly deployable in production systems. The research includes case studies involving the functional programming language Haskell, web browsers, and scripting languages.

This position will be supervised by Associate Prof. Alejandro Russo http://www.cse.chalmers.se/~russo/. Prof. Russo has applied his research to construct mature solutions for securing server- and client-side web components (see Hails http://hails.scs.stanford.edu/ and COWL http://cowl.ws/, respectively). This project presents opportunities for collaborations with top universities and research institutions in both US and Europe.

4. Robust Location Privacy
Location based services are becoming increasingly popular, ranging from device tracking to vehicle collision detection and to a wide variety of social location-based services. As devices become increasingly interconnected, and the majority sharing location information with different parties, often unbeknownst the user, it becomes increasingly important that location information can be used without violating user privacy.

This position will focus on providing unhampered functionality while providing rigorous and robust privacy for location-based services. Research in this project may utilize techniques that range from formal methods to programming languages and to applied cryptography for achieving robust yet usable privacy guarantees.

This position will be supervised by Prof. Andrei Sabelfeld, http://www.cse.chalmers.se/~andrei/. Andrei’s home page contains information about his latest research and the recent tools, such as JSFlow, SandPass, and SeLINQ, built by his team. Promotional video about Andrei’s team research on securing web applications: http://vimeo.com/82206652.

Position summary
PhD student positions are limited to five years and normally include 20 per cent departmental work, mostly teaching duties. Salary for the position is as specified in Chalmers’ general agreement for PhD student positions. Currently the starting salary is 27,835 SEK a month before tax. The positions are intended to start in Fall 2015.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s