The aim of these PhD positions is to analyse and improve the ecosystems of products certified under security certification frameworks such as FIPS 140 and Common Criteria. Even such security-certified products suffer from critical vulnerabilities, and assessing which certified products are impacted by such vulnerabilities is complicated due to the large amount of unstructured certification-related data and unclear relationships between the certificates. Our tooling (https://seccerts.org) automates the analysis of tens of thousands of certification-related documents, extracting machine-readable features where manual analysis is unattainable. This tooling is still to be improved and utilized.
+
The aim of these PhD positions is to analyse and improve the ecosystems of products certified under security certification frameworks such as FIPS 140-2/3 and Common Criteria. Even such security-certified products suffer from critical vulnerabilities, and assessing which certified products are impacted by such vulnerabilities is complicated due to the large amount of unstructured certification-related data and unclear relationships between the certificates. The tooling we develop automates the analysis of tens of thousands of certification-related documents, extracting machine-readable features where manual analysis is unattainable.
==== Expected expertise ====
==== Expected expertise ====
We expect candidate(s) who have (or soon will have) a MSc degree or equivalent and a solid background in computer science or engineering, with some background either in computer security or machine learning or natural language processing (though not necessarily both). Fluent communication in spoken and written English is expected.
We expect candidate(s) who have (or soon will have) a MSc degree or equivalent and a solid background in computer science or engineering, with some background either in computer security or machine learning or natural language processing (though not necessarily both). Fluent communication in spoken and written English is expected.
+
+
==== The team ====
+
+
The academic research team you'll join consists of your supervisor, two part-time engaged assistant professors and multiple supervised bachelor and master students. Furthermore, multiple Red Hat engineers are engaged to help the application of the project results at Red Hat as well as the wider certification community.
</col>
</col>
Line 53:
Line 57:
Sec-certs is a tool for data scraping and analysis of security certificates from Common Criteria and FIPS 140-2/3 frameworks. It periodically updates the database of certificates, processes the available certification PDFs and metadata and enriches them by adding new metadata (e.g. detected certificate dependencies) or cross-referencing other datasets (CPEs, CVEs, CWEs, …). The whole dataset is open an available through the web interface at [[https://seccerts.org|seccerts.org]].
Sec-certs is a tool for data scraping and analysis of security certificates from Common Criteria and FIPS 140-2/3 frameworks. It periodically updates the database of certificates, processes the available certification PDFs and metadata and enriches them by adding new metadata (e.g. detected certificate dependencies) or cross-referencing other datasets (CPEs, CVEs, CWEs, …). The whole dataset is open an available through the web interface at [[https://seccerts.org|seccerts.org]].