| Both sides previous revision Previous revision Next revision | Previous revisionLast revisionBoth sides next revision |
| public:hire [2024-04-16 20:14] – xukrop | public:hire [2024-04-23 09:15] – [Publications] xukrop |
|---|
| ==== Topic specification ==== | ==== Topic specification ==== |
| |
| The aim of these PhD positions is to analyse and improve the ecosystems of products certified under security certification frameworks such as FIPS 140 and Common Criteria. Even such security-certified products suffer from critical vulnerabilities, and assessing which certified products are impacted by such vulnerabilities is complicated due to the large amount of unstructured certification-related data and unclear relationships between the certificates. Our tooling (https://seccerts.org) automates the analysis of tens of thousands of certification-related documents, extracting machine-readable features where manual analysis is unattainable. This tooling is still to be improved and utilized. | The aim of these PhD positions is to analyse and improve the ecosystems of products certified under security certification frameworks such as FIPS 140-2/3 and Common Criteria. Even such security-certified products suffer from critical vulnerabilities, and assessing which certified products are impacted by such vulnerabilities is complicated due to the large amount of unstructured certification-related data and unclear relationships between the certificates. The tooling we develop automates the analysis of tens of thousands of certification-related documents, extracting machine-readable features where manual analysis is unattainable. |
| |
| ==== Expected expertise ==== | ==== Expected expertise ==== |
| Sec-certs is a tool for data scraping and analysis of security certificates from Common Criteria and FIPS 140-2/3 frameworks. It periodically updates the database of certificates, processes the available certification PDFs and metadata and enriches them by adding new metadata (e.g. detected certificate dependencies) or cross-referencing other datasets (CPEs, CVEs, CWEs, …). The whole dataset is open an available through the web interface at [[https://seccerts.org|seccerts.org]]. | Sec-certs is a tool for data scraping and analysis of security certificates from Common Criteria and FIPS 140-2/3 frameworks. It periodically updates the database of certificates, processes the available certification PDFs and metadata and enriches them by adding new metadata (e.g. detected certificate dependencies) or cross-referencing other datasets (CPEs, CVEs, CWEs, …). The whole dataset is open an available through the web interface at [[https://seccerts.org|seccerts.org]]. |
| |
| [[https://seccerts.org/|{{:research:sec-certs-logo.png?nolink&200|sec-certs project}}]] | [[https://seccerts.org/|{{:public:research:sec-certs-logo.png?nolink&200|sec-certs project}}]] |
| {{:public:research:logo.png?400|}} | {{:public:research:logo.png?400|}} |
| | |
| | \_ |
| |
| ==== Industry involvement ==== | ==== Industry involvement ==== |
| ==== Publications ==== | ==== Publications ==== |
| |
| The list of existing publications will be added soon. | {{section>publications:keywords:red-hat&noheader&fullpage}} |
| | |
| /* {{section>publications:keywords:red-hat&noheader&fullpage}} */ | |
| ==== Interested? ==== | ==== Interested? ==== |
| |
| Are you interested in the position? The next step is to contact the supervisor to discuss each other's expectations and meet the rest of the team. | * Are you interested in the position? The next step is to contact the supervisor to discuss each other's expectations and meet the rest of the team. |
| | * Do you know someone who may be interested? Please refer them to this web page. |
| | * Do you know a relevant place to hang a poster? Download it below. |
| |
| <button type="primary" icon="fa fa-fw fa-paper-plane">[[mailto://matyas@fi.muni.cz| Contact the supervisor]]</button> | <button type="primary" icon="fa fa-fw fa-paper-plane">[[mailto://matyas@fi.muni.cz| Contact the supervisor]]</button> |
| | \_<button icon="fa fa-fw fa-file">[[https://crocs.fi.muni.cz/_media/public/research/2024-04_sec-certs_phd-poster.pdf| Poster (A4)]]</button> |
| | \_<button icon="fa fa-fw fa-file-image-o">[[https://crocs.fi.muni.cz/_media/public/research/2024-04_sec-certs_phd-slide.pdf| Presentation slide (16:10)]]</button> |