PhD position in the visualization of distributed software security

(ref. BAP-2022-762)

Laatst aangepast :

26/10/2022

DistriNet is a KU Leuven research group, and is part of the KU Leuven Security and Privacy Competence Center (http://distrinet.cs.kuleuven.be/). The focus and scope of imec-DistriNet is twofold: distributed software, with a focus on middleware, and secure software. Within these two domains, we perform research on a range of topics including: IOT systems, cloud applications, enterprise applications and data systems. Software engineering techniques are researched to realize adaptable and open software systems that are both high quality and trustworthy.

IDEAS is the Distrinet applied research unit at Group-T on intelligent and distributed e-application security. IDEAS is also part of the e-Media Research Lab, that brings together expertise from different domains such as electrical engineering, signal processing, data analysis, machine learning, computer sciences, software engineering, social sciences and user experience design.

The IDEAS research unit focusses on intelligent solutions for the both the technical problems as well as people problems in secure software engineering of web-based applications. In many application domains, development teams of software-intensive systems struggle to deliver secure software on time. Considering the many security issues reported every day, and considering the lack of personnel at many software development companies, applied research must address important key system architectures that suffer the most of this lack of security-awareness. In the current state-of-practice in software development, applications are continuously delivered too late, and often too insecure.

In summary, IDEAS’ research envisions secure and agile development platforms and methodologies that includes
– Early visualization of application developer mistakes and bugs with a focus on vulnerabilities in application-level security.
– ML-based analytics of software engineering processes and artifacts.
– Gamification and incentivization of security in software engineering.
– Usable security concepts and reconfigurable security middleware for application developers.

The research is experimenting and validating in the following key innovative system architectures:
– Cloud applications, including multi-tenant web APIs, and micro-service architectures,
– Client-centric web platforms such as the decentralized web Solid and progressive web apps,
– Web-connected, distributed, and embedded software for IoT solutions.

Project

The security of online web applications is an important software development concern to ensure privacy of users and security of company data. The many weak security tactics used by many developers are a huge problem in our society and economy causing many data leaks of personal information as well as company sensitive information. 

The OWASP Top 10 summarizes the 10 most important application-level security problems for web applications. In the last edition of that top 10, top of the bill has been “broken access control”, including both broken user authentication as well as broken authorization at the service-level or function-level. Bug bounty hunting and bug reporting platforms also rate this as one of the most important security vulnerabilities exploited by (ethical) hackers.  

However, for many web application architects and product owners it is unclear which application-level access control protocols, tactics and services are used by the many developers in the company. 

As a consequence there is need for capturing, reverse engineering, visualizing and analyzing the distributed end-to-end security architecture of complex online software services. This involves vizualization and visual analytics of authentication and identities in distributed control flows as well as the application-level authorization architecture and methods. 

We are looking for new colleagues to strengthen our research in visualization of security and application-level authorization in particular. 

In this research we will explore effective and scalable visual interfaces for security domains such as application-level access control, federated authentication and authorization of applications and users in general. If you join us, you will be challenged to further improve our security visualization research in the following topics of interest, including, but not limited to

– Situation awareness and understanding of application-level security tactics and architecture

– Visual analytics of authorization solutions and architectures

– Reverse engineering of application security architecture and techniques

– Multiple data source analysis and efficient data-processing for application security

– Machine learning and explainable AI for application security

Profile

If you share our strong interest in these research topics and if you have

– a master’s in engineering technology (ICT, software development, etc)

– or a master’s in computer science (or equivalent),

– an analytical mind and technically skilled,

– optionally some industry experience,

– and fluent English communication skills,

then you might be the researcher we are looking for. 

Offer

We offer

– to work towards obtaining a PhD degree from a highly ranked university and become a well-trained, independent researcher,

– a supportive and collaborative team in which you can develop know-how and expertise in state-of-the-art technologies, 

– the opportunity to build up research and innovation skills that are essential for a future career in industrial as well as academic research and development environments,

– support in the further development of your competences to analyze strategic research problems and to architect and evaluate innovative solutions with industrial applicability,

– an international and multicultural working environment at the KU Leuven Group-T Tech Campus,

– an attractive salary package, complemented with multiple benefits (health insurance, access to university infrastructure and sports facilities, etc.).

Interested?

For more information please contact Prof. dr. Bert Lagaisse, tel.: +32 16 32 78 55, mail: [email protected].

KU Leuven seeks to foster an environment where all talents can flourish, regardless of gender, age, cultural background, nationality or impairments. If you have any questions relating to accessibility or support, please contact us at [email protected].