Verification of security and privacy in modern threat landscapes

Studentship end date

Ongoing

Eligibility

This studentship covers the university costs for UK/EU students*.

Supervisor(s)

Dr Ioana Boureanu Professor Steve Schneider

Funding amount

A stipend of £16,000 per annum, income-tax free + absolved of all UK taxes.

Contact

i.boureanu@surrey.ac.uk

New threat models, issued from e.g., IoT and FinTech, linked to intricate adversarial collusions, contrived forms of tracing objects/subjects, mixing cryptographic savviness  with rationality (e.g., incentives driven by finance, etc.) need to be incorporated in novel techniques and tools for the verification of security and privacy.

Topics

Formalism and (semi)-automatic tools for the verification of systems’ security and privacy in modern threat landscapes; cryptography; logics; model checking; theorem proving

Studentship Description

We will explore directions of using such AI-inspired logics to build new, systematic and automatable methods and tools for the verification of secure systems against goals of security and privacy modulo the strategic ability of collusions of attackers. New threat-models compounding coalitions, (rational) gains and cryptography-based subversion, in line with emerging applications such as those of crypto-currencies, will be put forward. Related to these, there are several theoretical aspects (e.g., decidability, complexity) which are open research-problems in our interests.

This PhD studentship is aimed at focusing on the software development of the (semi)-automatic tools supporting the aforementioned advancements. This focus is not compulsory, and a move towards (more) theoretically-centred work in this space is also possible.

We are looking for a student who can undertake not only the technical aspects of such a project, but who also has an interest in cyber security in general and in the translation of this type of technology to real-life secure systems. Previous experience in formal methods and/or security is not essential, but evidence of previous work in one of these fields would be desirable.

If you may have interests in any of the aforementioned topics, but not in all, we encourage you to contact us for an informal discussion.

Person Specification

Essential:

  • Bachelor degree in Computer Science or Mathematics (UK equivalent of 2:1 classification or above)
  • Interest in verification techniques (e.g., formal methods/analysis) and/or in security and privacy
  • Programming experience (any language)
  • Analytical skills: knowledge of foundations of computer science (e.g., discrete mathematics) and ability to think independently 
  • Strong verbal and written communication skills, both in plain English (see  http://www.plainenglish.co.uk/), and scientific language for publication in relevant journals and presentation at conferences

Desirable:

  • Master’s degree in (UK equivalent of Merit classification or above)
  • Experience in Boolean and/or first order logic
  • Experience in formal verification (model checking, theorem proving or SMT solving) 
  • Experience of implementation and/or experimentation with verification tools
  • Knowledge of cryptography and/or information security
  • Proficiency in C++ and/or Java
  • Experience with a functional programming language (e.g., Haskell, Ocaml)
  • Flexible, able to work collaboratively 
  • A strong team player with good interpersonal skills able to build and sustain effective working relationships with the SCCS group
  • Self-motivated researcher, with a hands-on approach, willing to develop their technical and analytical skills and contribute to the overall aims of the research project in innovative ways
  • Proven organisational skills

Application

The formal application process requires the submission of a CV (preferably no longer than 2 pages), two letters of recommendation or the contact information of two referees, copies of degree certificates and transcripts from all university-level courses taken. More information of how to apply can be found on our Computer Science PhD page.

In addition to the above, as part of your application, the candidate is also required to upload the following document: a cover letter, explaining your interests, computer-science and research experience (including examples of previous project work).

Contact name/email (for enquiries): Dr Ioana Boureanu, i.boureanu@surrey.ac.uk

Closing Date: The position will remain open until a suitable candidate is found.

Interviews: Interviews will be conducted either in person at the University of Surrey (Guildford, UK) or via Skype. We can only guarantee to contact the shortlisted candidates

Duration of studentship

3 years.

Stipend

A stipend of £16,000 per annum, income-tax free + absolved of all UK taxes.

Eligibility

This studentship covers the university costs for UK/EU students*.

Hosting Institution

The student will be registered with University of Surrey and join a team of researchers at Surrey Centre for Cyber Security (http://www.surrey.ac.uk/sccs/),  and will be supervised by Dr. Ioana Boureanu (http://people.itcarlson.com/ioana), in collaboration with Prof. Steve Schneider (https://www.surrey.ac.uk/cs/people/steve_schneider/). Their research interests include verification and provable security applied to a broad range of secure systems, ranging from established cryptographic protocols to emerging ones, like those in the sphere of Internet of Things.

The studentship will be based at the University of Surrey, UK.


*If you are a non-UK/non-EU citizen interested by this, please contact us nonetheless.

Related subjects