Contact: Laurent.Mounier imag.fr or Marie-Laure.Potet imag.fr
This position takes place in the BinSec research project (a national French research project, ANR INS 2012, http://binsec.gforge.inria.fr) The project objective is to develop techniques and tools for the security analysis of binary code. One of the targeted application domain is vulnerability analysis, encompassing both vulnerability detection (locating potential vulnerabilities in a software) and crash analysis (identifying exploitable bugs from ``benign’’ program crashes).
The objective of this position is to participate to the development of an open-source integration platform as part of the BinSec project. This platform aims to provide an integration layer for binary-level analyzers, offering front-ends (disassemblers from common architectures to an intermediate assembly-level program representation) and services (static analysis modules operating on this intermediate representation). More precisely the job will consist in developing some analysis helping vulnerability and exploitability detection such as taint, buffer overflow pattern recognition or symbolic constraint generation.
Implementations are encoded in ocaml and rely on intermediate representation such as REIL, BAP or DBA.
The candidate is expected to hold a Master degree or a PhD in software engineering, with excellent software development skills. Some knowledge and competences are expected in at least one of the following domains:
- software security - software analysis (static or dynamic analysis, verification and validation) - binary code, assembly-level tools, and platform architecture
WORKING ENVIRONMENT AND LOCATION
Grenoble is also called the capital of the French Alps and is one of the most active areas in Europe for research in Information and Communication Technologies. VERIMAG is a public joint research laboratory of Universit´e Joseph Fourier, Grenoble INP, and the CNRS. Research topics addressed at VERIMAG aim at providing theoretical and technical means for developing embedded systems. Computer security is one of the research fields studied at VERIMAG since about 10 years, with a strong emphasis on cryptographic protocol validation and software security.
STARTING DATE, DURATION, TERMS of EMPLOYMENT
This position is a one-year full-time position as a contractual researcher with the possibility of a follow-up contract. It could start between October 2014 and January 2015. Salary will depend on the applicant’s degree and experience.
The application should consist of a motivation letter and a curriculum vitae. Contact information for referees may be joined. Applications and requests should be sent to Laurent.Mounier imag.fr and Marie-Laure.Potet imag.fr