Offers

In the context of the ANR JCJC MODES project (Model-Driven Evolution for Secured Systems), we seek a PhD candidate to work on the security consistency management for complex systems. The PhD candidate will work in the P4S team at IMT Atlantique & Lab-STICC (CNRS), Brest, France. The position is for 3 years from Fall 2024.

Offer Details

Location: IMT Atlantique - Brest Campus, France.

Start date: Fall 2024

Keywords: security, software engineering, software evolution, model-driven, engineering, SecDevOps

Team: P4S/SHARP/LabSTICC (UMR 6285)

Contact: Salvador Martinez. Fabien Dagnat. Jean-Christophe Bach.

Position requirements

• Master’s degree or equivalent in Computer Science, with a specialization in Software Engineering
• Knowledge or special interest in security, e.g.: privacy, confidentiality, etc
• Solid software development and programming skills
• Good communication skills in English

To get more information and apply, please send a complete CV with a corre- sponding motivation letter, recommendation letter(s) and a list of both already published papers and open source contributions (if any) to any of the contacts listed above

Summary

Security is a critical concern in current software intensive systems in which vul- nerabilities may have a severe impact and produce damages ranging from data privacy losses to even physical harm (e.g., cyber-physical systems). To allevi- ate this problem, security mechanisms (e.g., access-control, cryptography, etc.) have been integrated in many different components and artefacts so that it is possible to implement a security policy meeting the security requirements of a given system. Unfortunately, nowadays systems are very complex, encompass many different (evolving) components (e.g., code, libraries, models, databases, configurations), and interact with changing environments (e.g., they may be re- deployed). In this scenario, security is scattered between different components and artifacts, and consequently, the problem of security consistency arises (e.g., dependent components with available security mechanisms may fail to synchro- nize leading to potential security vulnerabilities). Contributing solutions to this problem is the high-level objective of this PhD proposal.

Objectives

The concrete scientific and technical objectives of this proposal may be adapted to the expertise and skills of the successful candidate as long as they fall in the general objective of contributing to security consistency management. We list in the following some suitable contributions:

• reverse engineering the security status of existing/deployed complex sys- tems. This may include the means to: 1) represent and manage the se- curity dependencies between components/artifacts; 2) express consistency requirements.
• mechanisms to detect inconsistencies and semi-automatically repair them. As with the concrete scientific and technical objectives, the application do- main for the works of this project is open and adaptable to the interests and knowledge of the successful candidate. Nevertheless, the P4S team is currently very active in the domain of digital twins, particular complex systems that may greatly benefit from security consistency.