[TYPES/announce] Two PhD Research Assistantships Available
Anindya Banerjee
ab at cis.ksu.edu
Wed Sep 27 07:00:57 EDT 2006
PhD Research Assistantships at Stevens Institute of Technology and Kansas
State University
Two Ph.D. research assistantships are available starting Spring 2007 for
research in software security policy specification and program analyses
for software security.
Project title: Access Control and Downgrading in Information Flow Assurance
The project is funded by the US National Science Foundation (CyberTrust). It
also involves collaborations with several researchers in the
European project Mobius, at IBM Research, Microsoft Research, the
SAnToS Laboratory at Kansas State University, etc.
One position is at the Department of Computer Science, Stevens
Institute of Technology, and the other is at the Department of
Computing and Information Sciences, Kansas State University. The
Ph.D. supervisors will be Anindya Banerjee at Kansas State University
and/or David Naumann at Stevens Institute of Technology.
For more information and details about the application process, please look at
the URL
http://www.cis.ksu.edu/~ab/phd.html
which also contains relevant contact information. The positions are available
until filled.
Project Summary
***************
The project investigates techniques to achieve high assurance that
systems satisfy end-to-end confidentiality and integrity policies.
The techniques involve type checking/inference and correctness
verification.
The broad objective is for confidentiality and integrity requirements
to be expressed as such, with clear meaning for requirements analysts
and implementors. Designs should explicitly account for the use of
access controls and other means to satisfy information flow
requirements. Designs and implementations must be checked for
conformance with information flow policies, accounting for interaction
with less trustworthy components. Rigorous validation tools must
serve both to ensure compliance and also to help avoid waste of
resources in unnecessary runtime checks, monitoring, or other security
measures. The tools should not only guide developers but also
facilitate system administration, so that trustworthiness is
maintained as circumstances change and systems evolve.
More information about the Types-announce
mailing list