Expected start date2020-03-01
Estimated duration24 months
We are looking for a highly motivated post-doc in software and security.
The post-doc offer is for a period of at least 24 months.
The salary is highly competitive, i.e., as much as an associate professor (tenured) with 5 years of experience.
The research is funded by the SLIMFAST project, in collaboration with the DGA (french army). Screening of applications starts immediately.
Keywords: Software Engineering, Program Analysis, Software Security, Systems
We expect software systems to deliver the right functionality, as quickly and frugally as possible, in any possible circumstances whatever the hardware, the operating systems, or the input data are.
For fitting such a diversity of settings, most modern systems (operating systems like Linux or Android, Web browsers like Firefox or Chrome, video encoders like ffmpeg, x264 or VLC, mobile and cloud applications, autonomous systems, etc.) are subject to variation or come in many variants. Hundreds of configuration options – features, plugins, parameters, hyperparameters – can be combined, each potentially with distinct functionality and effects on time, security, energy consumption, etc.
The ability of varying is therefore a mandatory feature of any (sub-)system.
Despite its ubiquitous presence, variability (adaptation at compile-time or run-time) is also an enormous source of complexity with a combinatorial explosion of possible configurations. For example, the Linux kernel exhibits 16000+ options and most options can take “yes”, “no”, or “module” values. Several works observed that configuration options can be the source of compilation failures, can crash the system, can compute wrong results, or can degrade the performance.
There is another important issue: the surface attack of configurable system is potentially extremely important. Each (combination of) option can be subject to a different attack, for example, an attacker can inspect many configuration-related paths in a program.
Overall, our observation is twofold:
As configuration options can be pointless and represent a threat, our objective is to automatically remove unneeded configuration-related code out of programs.When options are removed, we aim to show that some attacks are no longer possible while the the functionality or usability of the system is not altered. We plan to study real-wold systems, attacks, and options to empirically study the effectiveness of our techniques.
We also plan to provide some theoretical guarantees about our removal process.
We are looking for highly motivated people in software (in a broad sense) and security.
We are studying real-world, popular, open-source, configurable software projects like Linux, Firefox, ffmpeg, VLC, Apache or JHipster – and we hope to have concrete impacts on them!
The candidate should have a strong interest and the skills for performing large-scale experiments with software. In particular:
The candidates will work with two PhD students, at 2 least two professors, and a researcher from DGA.
The candidate will work at Inria/IRISA in the DiverSE team (workplace: University of Rennes 1, Campus de Beaulieu, 35000 Rennes, France).
DiverSE’s research is in the area of software engineering, focusing on the management of diversity in the construction of software intensive systems.
The team is actively involved in European, French and industrial projects and is composed of 8 faculty members, 18 PhD students, and 3 engineers.
The candidate can teach but it’s not mandatory.
(Cyber)-security is an important topic at Inria/IRISA, with many teams and collaborations (e.g., with DGA).
Besides, Rennes is one of the best city to live in France (routinely ranked in the top 3).
Please send your application (PDF) as soon as possible.
Screening of applications starts immediately and continues until the position is filled.
Send cover letter including names of at least two referees, CV, PDFs of PhD thesis (or draft) if any, and possibly up to three most relevant publications (if any) to Mathieu Acher: firstname.lastname@example.org