[TYPES/announce] 2 PhD student positions on Language-based security at Chalmers

Alejandro Russo russo at chalmers.se
Mon Oct 17 07:24:39 EDT 2016

[Our apologies if you receive multiple copies of this message]

The Software Technology Division of the Computer Science and
Engineering Department, Chalmers University of Technology is hiring:

- 1 PhD student in Programming Language-based Security


- 1 PhD student in Language-based Security using Functional Programming


PhD student positions are for up to five years of full-time employment;
normally, 20% of the time is allocated to departmental work (mainly teaching
duties). The salary for the positions is as specified in Chalmers's general
agreement for PhD student positions.

* Application deadline: 30 November 2016.
* Expected starting date: preferably early 2017.

1 PhD student position in Programming Language-based Security
Increasingly, security flaws in applications arise due to software errors.
Programming Language-based Security is a domain in which we strive to enhance
security of software application by looking at properties of programming

In the Paragon project, we focus on achieving security of software through the
construction and use of a dedicated, statically security-typed programming
language. The language Paragon is an extension of Java (implemented in Haskell),
adding a type system for information flow control based on an expressive
calculus for security policies we have developed.

The position focuses on improving and extending the applicability of Paragon to
practical programming domains. Of particular interest is the Android operating
system, where we envision the construction of a secure, information-flow aware
app infrastructure.

Research opportunities include:
* applying Paragon to case studies in specific software domains, in particular
  the domain of Android apps.
* investigating the interaction of information flow and particular language
  features such as concurrency or typestate;
* applying the principles behind Paragon to other programming languages and
* proving mathematical properties of type systems;

The ideal applicant has a strong working knowledge in programming language
technology, including type systems, static analysis, and formal semantics; and
also in functional programming, as well as a broad interest in programming
languages and paradigms in general. Prior knowledge of software security or
Android programming are useful but not essential.

To read more about the Paragon project, see the project website
(http://www.cse.chalmers.se/research/group/paragon/). We recommend in particular
the interactive tutorial

This position will be supervised by Prof. Niklas Broberg and Prof. David Sands.

------------------------------------------------------------------------------ 1
1 PhD student position in Language-based Security using Functional Programming
The position focuses on developing techniques to protect confidentiality and
integrity of users' data when manipulated by third-party code (i.e., code
written by someone else) -- a pressing problem for the web as well as mobile
platforms. We expect functional programming to play an important role addressing
this challenge. In this direction, researchers at Chalmers have been responsible
for developing some of the state-of-the-art tools for protecting users' sensitive
data in Haskell programs (e.g., LIO https://hackage.haskell.org/package/lio and
MAC https://hackage.haskell.org/package/mac).

It is expected that the work carried out by the applicant ranges from
establishing new theoretical foundations to deploying prototypes in realistic
systems. We are looking for candidates with strong background in programming
languages who are also interested in building systems using their ideas. The
candidate is expected to pursue one or more of the following topics:

* Combining type-systems features and dynamic analysis to secure functional
languages, where the main target is Haskell programs.
* Leveraging hardware-level security components (e.g, Intel SGX and ARM
TrustZones) to provide security in depth, where private data can be protected
from the application level down to the low-level physical layers by the use of,
for instance, foreign function calls.
* Design of secure web frameworks to control the flow of information in an
end-to-end fashion, i.e., at the server side as well as in web browsers. We
envision the creation of secure web frameworks based on functional reactive
programming (FRP).

As an introduction to the research area, applicants are recommended to read the
article Functional Pearl: Two can keep a secret if one of them uses Haskell

This position will be supervised by Prof. Alejandro Russo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.seas.upenn.edu/pipermail/types-announce/attachments/20161017/2f6e422f/attachment.html>

More information about the Types-announce mailing list