PhD Candidate: Software Security - Nijmegen, Nederland - Radboud University

    Radboud University
    Radboud University Nijmegen, Nederland

    2 weken geleden

    Default job background
    Beschrijving
    Cyber security problems have increased dramatically over the past decades. Not a day goes by without a major data leak, some system being hacked, or some organisation being ransomwared. This trend only looks set to continue as our society relies on IT to an ever larger degree.

    Software is an important root cause of cyber security problems:

    software is what gives modern IT its flexibility and power, but it also comes with flaws, ranging from simple coding mistakes to fundamental design flaws, which enable cyber criminals to exploit all this power and flexibility to attack individuals and organisations.


    Producing more secure software is a major challenge.

    To address this challenge, our research group investigates ways to analyse, design and test software for security flaws or, better still, prevent security flaws during design and construction.

    Examples of techniques we have used for this include automated reverse engineering with state machine inference to spot flaws in the program logic, the LangSec (Language-theoretic Security) approach to structurally improve input handling, and security testing by means of fuzzing.

    Some of these techniques can also be used for offensive purposes, for example in pentesting, but our ultimate objective is to contribute to the defensive side of security by improved software engineering practices.

    This is not limited to the techniques mentioned above:

    depending on your own interests, there are other aspects of secure software engineering that could be investigated, for example better management of software supply chain risks using SBOMs and SaasBOMs.

    Under the supervision of Dr Erik Poll, you will work on INTERSECT, a larger national research project into the security of the Internet of Things (IoT).

    INTERSECT is funded by the Dutch Research Council (grant NWA It involves six universities and over 20 organisations from the public and private sectors, including security evaluation companies, IT vendors, and some government and non-profit organisations. So you will have the chance to collaborate with researchers from a range of backgrounds.

    You will spend roughly 10 percent of your time (0.1 FTE) on assisting with the teaching in our department.

    This will typically include tutoring practical assignments, grading coursework, and supervising student projects.