PhD Project in Formal Methods for Security

DTU Compute
torsdag 22 feb 18

Send ansøgning

Frist 31. marts 2018
Du kan søge om jobbet ved DTU Compute ved at udfylde den efterfølgende ansøgningsformular.

Ansøg online

DTU Compute’s Section for Formal Methods would like to invite applications for a 3-year PhD position starting May 2018 or early thereafter. The project is financed by the Independent Research Fund Denmark (Danmarks Frie Forskningsfond).

Our department DTU Compute is an internationally unique academic environment spanning the science disciplines mathematics, statistics and computer science. At the same time we are an engineering department covering informatics and communication technologies (ICT) in their broadest sense. Finally, we play a major role in addressing the societal challenges of the digital society where ICT is a part of every industry, service, and human endeavour.

DTU Compute strives to achieve research excellence in its basic science disciplines, to achieve technological leadership in research and innovation, and to address societal challenges in collaboration with partners at DTU and other academic institutions, nationally and internationally, and, equally important, with industry and organizations. We communicate and collaborate with leading centres and strategic partners in order to increase participation in major consortia.

DTU Compute plays a central role in education at all levels of the engineering programmes at DTU - both in terms of our scientific disciplines and our didactic innovation.                                    

Project Description 
We use on the Internet a variety of security protocols such as TLS, and their security properties have been studied intensively for each protocol individually. There is, however, not much work on whether it is secure to run them all together on the same network (parallel composition), or even in a stacked fashion: for instance when TLS is used to provide a secure channel that is used for a login or an electronic banking application (vertical composition). Experience shows that putting such components together can easily break the security, even if each component alone is secure. We thus know very little about the security of something we use everyday, and the reason is the „complexity“ of the resulting system.

The project CompoSec: Secure Composition of Distributed Systems aims to close this gap by providing results of the form "Given a set of components that are each secure in isolation and that satisfy some condition X, then also their composition is secure." This condition X needs to be both easy to check and to be realistic (i.e., many existing and practically relevant components like TLS indeed satisfy it). The project has been running since October 2015, and (part of) the results so far are found on the CompoSec project webpage. The project has recently been extended so that we can open this PhD position.

The focus of this PhD project will be vertical composition, in particular to support a large class of transport protocols and properties of channels. This is foundational research in formal verification, i.e., reasoning about formal proofs of security of components and their relation in the composition of such components. The theory should always be motivated and guided by practical real-world examples like TLS, and lead to a concrete composition tool that helps developers to find any vulnerabilities in their designs, fix them, and verify the result.

The project also gives opportunity to exchange with other researchers working on related questions, in particular within the project, within our formal methods team, and with the project's external advisors Fraunhofer and Siemens in Germany.

Candidates must have a master degree in computational science and engineering (CSE), applied mathematics, or engineering, or equivalent academic qualifications. Preference will be given to candidates who can document experience with formal methods, mathematical logic, verification and a functional programming language. Additionally, a background in security is of advantage. Furthermore, good command of the English language is essential.

Approval and Enrolment 
The scholarship for the PhD degree is subject to academic approval, and the candidate will be enrolled in the DTU Compute PhD School Programme.

For information about the general requirements for enrolment and the general planning of the scholarship studies, please see the DTU PhD Guide.    

The assessment of the applicants will be made by Sebastian Mödersheim.

We offer
DTU is a leading technical university globally recognized for the excellence of its research, education, innovation and scientific advice. We offer a rewarding and challenging job in an international environment. We strive for academic excellence in an environment characterized by collegial respect and an academic freedom tempered by responsibility.

Salary and appointment terms
The appointment will be based on the collective agreement with the Danish Confederation of Professional Associations. The allowance will be agreed with the relevant union. The period of employment is 3 years.

Further Information
Further information concerning the project can be obtained from Sebastian Mödersheim (email).

Further information concerning the application is available at the DTU Compute PhD homepage or by contacting PhD coordinator Lene Matthisson +45 4525 3377.

Applications must be submitted in English as one single PDF, and we must have your online application by 31 March 2018. Please open the link in the red bar in the top of the page: "Apply online" (“ansøg online”). 

Applications must include: 

  • application (letter of motivation)
  • CV
  • documentation of a relevant completed M.Sc. or M.Eng.-degree
  • course and grade list of bachelor and master degrees
  • Excel sheet with translation of grades to the Danish grading system (see guidelines and excel spreadsheet here)
Candidates may apply prior to ob­tai­ning their master's degree, but cannot begin before having received it.

All interested candidates irrespective of age, gender, race, disability, religion or ethnic background are encouraged to apply.

DTU Compute has a total staff of 400 including 100 faculty members and 130 Ph.D. students. We offer introductory courses in mathematics, statistics, and computer science to all engineering programmes at DTU and specialised courses to the mathematics, computer science, and other programmes. We offer continuing education courses and scientific advice within our research disciplines, and provide a portfolio of innovation activities for students and employees.

DTU is a technical university providing internationally leading research, education, innovation and
scientific advice. Our staff of 5,800 advance science and technology to create innovative solutions that meet the demands of society; and our 11,000 students are being educated to address the technological challenges of the future. DTU is an independent academic university collaborating globally with business, industry, government, and public agencies.