Job offerings - CRoCS

This page lists currently open employment and PhD positions to our lab.

We currently have no employment positions open, but feel free to see the list of current research projects to see the areas we work in.

 Topic: Examining the ecosystems of computer security certification schemes

 Supervisor: Vashek Matyas <matyas@fi.muni.cz>

 Industry cooperation: Red Hat Czech s.r.o.

 Start date: September 2024 or February 2025

Contact the supervisor

We are looking for two doctoral students to work in the areas of computer security and machine learning improving the security certification scene. The students will join an existing research team around the sec-certs project. Positions are fully funded by the faculty with extra remuneration provided by the industrial partner.

The aim of these PhD positions is to analyse and improve the ecosystems of products certified under security certification frameworks such as FIPS 140-2/3 and Common Criteria. Even such security-certified products suffer from critical vulnerabilities, and assessing which certified products are impacted by such vulnerabilities is complicated due to the large amount of unstructured certification-related data and unclear relationships between the certificates. The tooling we develop automates the analysis of tens of thousands of certification-related documents, extracting machine-readable features where manual analysis is unattainable.

We expect candidate(s) who have (or soon will have) a MSc degree or equivalent and a solid background in computer science or engineering, with some background either in computer security or machine learning or natural language processing (though not necessarily both). Fluent communication in spoken and written English is expected.

The academic research team you'll join consists of your supervisor, two part-time engaged assistant professors and multiple supervised bachelor and master students. Furthermore, multiple Red Hat engineers are engaged to help the application of the project results at Red Hat as well as the wider certification community.

Sec-certs is a tool for data scraping and analysis of security certificates from Common Criteria and FIPS 140-2/3 frameworks. It periodically updates the database of certificates, processes the available certification PDFs and metadata and enriches them by adding new metadata (e.g. detected certificate dependencies) or cross-referencing other datasets (CPEs, CVEs, CWEs, …). The whole dataset is open an available through the web interface at seccerts.org.

sec-certs project

 

The successful candidate(s) will work with CRoCS during the whole duration of the project, while cooperation with Red Hat is expected in a form of regular meetings with Red Hat experts where progress will be evaluated and next targets agreed. The work to be undertaken during all years of research will be at the intersection of computer security and machine learning.

In case of inquires related to the industrial cooperation, please contact Martin Ukrop <mukrop@redhat.com>.

Red Hat

2024
  • Chain of Trust: Unraveling References Among Common Criteria Certified Products
    Adam Janovsky, Lukasz Chmielewski, Petr Svenda, Jan Jancar and Vashek Matyas,
    IFIP International Conference on ICT Systems Security and Privacy Protection, Springer Nature Switzerland, 2024, .
    Keywords: sec-certs, DOI website, paper website, BibTeX
  • sec-certs: Examining the security certification practice for better vulnerability mitigation
    Adam Janovsky, Jan Jancar, Petr Svenda, Lukasz Chmielewski, Jiri Michalik and Vashek Matyas,
    Computers & Security, 2024.
    Keywords: sec-certs, DOI website, paper website, BibTeX
  • Are you interested in the position? The next step is to contact the supervisor to discuss each other's expectations and meet the rest of the team.
  • Do you know someone who may be interested? Please refer them to this web page.
  • Do you know a relevant place to hang a poster? Download it below.

Contact the supervisor   Poster (A4)   Presentation slide (16:10)