TCSLAB positions

Postgraduate project in
Static analysis for software security

Techniques based on static analysis such as data-flow analysis can be used to automatically locate potential security vulnerabilities in software (e.g., buffer overruns or injection of untrusted data) without actually runinng the code. However, such techniques are by nature imprecise and typically result in some false positives (false alarms) and/or false negatives (actual vulnerabilities that are not reported). To validate if a potential vulnerability is an actual defect or just a false positive one typically has to inspect the code manually. In this project we seek to develop methods to (semi-)automate this validation process by employing formal static analysis techniques to direct the user to potential security problems using methods such as data-flow analysis, semantic inspection and program slicing.

The project will be carried out in in the research group TCSLAB (Theoretical Computer Science Laboratory) under supervision of professor Ulf Nilsson. The project length is 2.5 years and leads to a degree of licentiate. Subject to additional funding the project can be extended with 2.5 more years leading to a degree of PhD.

The successful candidate should have a degree of MSc in Computer Science or an equivalent education. Knowledge in discrete mathematics, logic, formal methods and/or semantics of programming languages is considered a qualification.

SHIELDS

This postgraduate project is funded by the European project SHIELDS which involves researchers and developers from seven European countries. The goal of SHIELDS it to develop next-generation model-based tools and techniques for developing secure software. Participation in SHIELDS will entail a certain amount of travel, mainly within the European Union, to project meetings, workshops and conferences. More information about SHIELDS can be found on the SHIELDS homepage, http://er-projects.gf.liu.se/~shields.

For information about how to apply please check here. For further information about this position, please contact Prof. Ulf Nilsson (ulfni AT ida.liu.se).