Post-Doctoral Position on Software Vulnerabilities Analysis
Software vulnerabilities are daily reported by software editors or external bodies, most of them being associated with security patches. These vulnerabilities are most of the time the consequence of small programming errors or deficiencies that could be exploited by attackers. However, this situation is costly both for editors and users (applying a patch may lead to unexpected changes in the software functionalities).
Therefore, being able to check whether a given vulnerability may or not lead to an effective attack (for a given software configuration, in its whole execution context) is an important challenge.
This post-doctoral position takes place in the Vulcain research project, supported by the MSTIC department of Université Joseph Fourier (Grenoble, France). The project objective is to propose automated test-based techniques to detect software vulnerabilities that could be exploited by malicious external users. Several approaches combinations are foreseen : code analysis, "smart" fuzzing, guided execution, etc. These general analysis techniques could be specialized by taking into account some specific "vulnerability models" obtained from the existing databases. Typical target applications could be LAMP servers. Practical experimentations (test execution) could be carried out using the Grid’5000 infrastructure.
The candidate is expected to hold a PhD in software engineering. Some knowledge and competences are expected in at least one of the following domains :
- software security
- software analysis (static analysis, program verification)
- software testing (fuzzing, model-based testing)
- formal methods (model-checking, formal specification languages)
WORKING ENVIRONMENT AND LOCATION
Grenoble is also called the capital of the French Alps and is one of the most active areas in Europe for research in Information and Communication Technologies. The Vulcain project gathers people from LIG (Mescal and Vasco) and VERIMAG (DCS) laboratories.
STARTING DATE, DURATION, TERMS of EMPLOYMENT
This position is a one year full-time position as a contractual researcher. It could start between September 2009 and January 2009. Salary will be approximatively 40 Keuros gross per year.
The application should consist of a motivation letter and a curriculum vitae. Contact information for referees may be joined. Applications and requests should be sent to Marie-Laure.Potet imag.fr or Laurent.Mounier imag.fr