Job offerings - CRoCS

This is an old revision of the document!

This page lists currently open employment and PhD positions to our lab.

We currently have no employment positions open, but feel free to see the list of current research projects to see the areas we work in.

Topic: Examining the ecosystems of computer security certification schemes

Supervisor: Vashek Matyas <matyas@fi.muni.cz>

Industry cooperation: Red Hat Czech s.r.o.

Start date: September 2024 or February 2025

Contact the supervisor

We are looking for two doctoral students to work in the areas of computer security and machine learning improving the security certification scene. The students will join an existing research team around the sec-certs project. Positions are fully funded by the faculty with extra remuneration provided by the industrial partner.

The aim of these PhD positions is to analyse and improve the ecosystems of products certified under security certification frameworks such as FIPS 140 and Common Criteria. Even such security-certified products suffer from critical vulnerabilities, and assessing which certified products are impacted by such vulnerabilities is complicated due to the large amount of unstructured certification-related data and unclear relationships between the certificates. Our tooling (https://seccerts.org) automates the analysis of tens of thousands of certification-related documents, extracting machine-readable features where manual analysis is unattainable. This tooling is still to be improved and utilized.

We expect candidate(s) who have (or soon will have) a MSc degree or equivalent and a solid background in computer science or engineering, with some background either in computer security or machine learning or natural language processing (though not necessarily both). Fluent communication in spoken and written English is expected.

tba

The successful candidate(s) will work with CRoCS during the whole duration of the project, while cooperation with Red Hat is expected in a form of regular meetings with Red Hat experts where progress will be evaluated and next targets agreed. The work to be undertaken during all years of research will be at the intersection of computer security and machine learning.

In case of inquires related to the industrial cooperation, please contact Martin Ukrop <mukrop@redhat.com>.

2024

Two-factor authentication time: How time-efficiency and time-satisfaction are associated with perceived security and satisfaction
Agata Kruzikova, Michal Muzik, Lenka Knapova, Lenka Dedkova, David Smahel and Vashek Matyas,
Computers \& Security, 2024, 103667.
Keywords: usablesec, authentication, DOI website, paper website, BibTeX

@Article{2024-compsec-kruzikova,
  title = {Two-factor authentication time: How time-efficiency and time-satisfaction are associated with perceived security and satisfaction},
  author = {Agata Kruzikova and Michal Muzik and Lenka Knapova and Lenka Dedkova and David Smahel and Vashek Matyas},
  journal = {Computers \& Security},
  volume = {138},
  pages = {103667},
  year = {2024},
  issn = {0167-4048},
  doi = {https://doi.org/10.1016/j.cose.2023.103667},
  url = {https://www.sciencedirect.com/science/article/pii/S0167404823005771},
  keywords = {usablesec, authentication},
}

“These results must be false”: A usability evaluation of constant-time analysis tools
Marcel Fourné, Daniel De Almeida Braga, Jan Jancar, Mohamed Sabt, Peter Schwabe, Gilles Barthe, Pierre-Alain Fouque and Yasemin Acar,
Proceedings of the 33rd USENIX Security Symposium, USENIX Association, 2024, to appear.
Keywords: constant-time, cryptoimplementations, usablesec, libraries, side-channel, pre-print PDF, BibTeX

@InProceedings{2024-usenix-jancar,
  title = {“These results must be false”: A usability evaluation of constant-time analysis tools},
  author = {Marcel Fourné and Daniel De Almeida Braga and Jan Jancar and Mohamed Sabt and Peter Schwabe and Gilles Barthe and Pierre-Alain Fouque and Yasemin Acar},
  booktitle = {Proceedings of the 33rd USENIX Security Symposium},
  pages = {to appear},
  publisher = {USENIX Association},
  year = {2024},
  keywords = {constant-time, cryptoimplementations, usablesec, libraries, side-channel},
}

Details

2022

Assessing Real-World Applicability of Redesigned Developer Documentation for Certificate Validation Errors
Martin Ukrop, Michaela Balážová, Pavol Žáčik, Eric Vincent Valčík and Vashek Matyas,
Proceedings of the 2022 European Symposium on Usable Security, ACM, 2022, 131-144.
Keywords: usablesec, red-hat, pre-print PDF, DOI website, BibTeX

@InProceedings{2022-eurousec-ukrop,
  title = {Assessing Real-World Applicability of Redesigned Developer Documentation for Certificate Validation Errors},
  author = {Martin Ukrop and Michaela Balážová and Pavol Žáčik and Eric Vincent Valčík and Vashek Matyas},
  booktitle = {Proceedings of the 2022 European Symposium on Usable Security},
  series = {EuroUSEC '22},
  pages = {131-144},
  publisher = {ACM},
  location = {Karlsruhe, Germany},
  year = {2022},
  doi = {10.1145/3549015.3554296},
  keywords = {usablesec, Red-Hat},
}

Details

Comparing Nonresponders and Responders of Online Intercept Surveys: A Large-Scale Experimental ICT Security-Related Study
Lenka Knapova, David Smahel, Lenka Dedkova and Vashek Matyas,
Human Behavior and Emerging Technologies, Hindawi, 2022, 3107621.
Keywords: usablesec, DOI website, paper website, BibTeX

@Article{2022-hbet-knapova,
  title = {Comparing Nonresponders and Responders of Online Intercept Surveys: A Large-Scale Experimental ICT Security-Related Study},
  author = {Lenka Knapova and David Smahel and Lenka Dedkova and Vashek Matyas},
  journal = {Human Behavior and Emerging Technologies},
  volume = {2022},
  pages = {3107621},
  publisher = {Hindawi},
  year = {2022},
  issn = {2578-1863},
  doi = {10.1155/2022/3107621},
  url = {https://doi.org/10.1155/2022/3107621},
  keywords = {usablesec},
  month = {July},
  day = {28},
}

Even if users do not read security directives, their behavior is not so catastrophic
Vashek Matyas, Kamil Malinka, Lydia Kraus, Lenka Knapova and Agata Kruzikova,
Communications of the ACM, ACM, 2022, 37–40.
Keywords: usablesec, directive, DOI website, BibTeX

@Article{2022-cacm-matyas,
  title = {Even if users do not read security directives, their behavior is not so catastrophic},
  author = {Vashek Matyas and Kamil Malinka and Lydia Kraus and Lenka Knapova and Agata Kruzikova},
  journal = {Communications of the ACM},
  volume = {65},
  number = {1},
  pages = {37--40},
  publisher = {ACM},
  year = {2022},
  doi = {10.1145/3471928},
  keywords = {usablesec, directive},
}

Details

Usability Insights from Establishing TLS Connections
Lydia Kraus, Matej Grabovsky, Martin Ukrop, Katarina Galanska and Vashek Matyas,
ICT Systems Security and Privacy Protection, Springer International Publishing, 2022.
Keywords: usablesec, pre-print PDF, DOI website, BibTeX

@InProceedings{2022-ifipsec-kraus,
  title = {Usability Insights from Establishing TLS Connections},
  author = {Lydia Kraus and Matej Grabovsky and Martin Ukrop and Katarina Galanska and Vashek Matyas},
  booktitle = {ICT Systems Security and Privacy Protection},
  series = {IFIP Advances in Information and Communication Technology},
  publisher = {Springer International Publishing},
  year = {2022},
  doi = {10.1007/978-3-031-06975-8_17},
  keywords = {usablesec},
}

Details

Usable and secure? User perception of four authentication methods for mobile banking
Agata Kruzikova, Lenka Knapova, David Smahel, Lenka Dedkova and Vashek Matyas,
Computers \& Security, 2022, 102603.
Keywords: usablesec, tacr, authentication, DOI website, paper website, BibTeX

@Article{2022-compsec-kruzikova,
  title = {Usable and secure? User perception of four authentication methods for mobile banking},
  author = {Agata Kruzikova and Lenka Knapova and David Smahel and Lenka Dedkova and Vashek Matyas},
  journal = {Computers \& Security},
  volume = {115},
  pages = {102603},
  year = {2022},
  issn = {0167-4048},
  doi = {10.1016/j.cose.2022.102603},
  url = {https://www.sciencedirect.com/science/article/pii/S0167404822000025},
  keywords = {usablesec, TACR, authentication},
}

“They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks
Jan Jancar, Marcel Fourné, Daniel De Almeida Braga, Mohamed Sabt, Peter Schwabe, Gilles Barthe, Pierre-Alain Fouque and Yasemin Acar,
43rd IEEE Symposium on Security and Privacy, IEEE, 2022.
Keywords: constant-time, cryptoimplementations, usablesec, libraries, side-channel, pre-print PDF, BibTeX

@InProceedings{2022-sp-jancar,
  title = {“They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks},
  author = {Jan Jancar and Marcel Fourné and Daniel De Almeida Braga and Mohamed Sabt and Peter Schwabe and Gilles Barthe and Pierre-Alain Fouque and Yasemin Acar},
  booktitle = {43rd IEEE Symposium on Security and Privacy},
  publisher = {IEEE},
  address = {San Francisco},
  location = {San Francisco},
  year = {2022},
  keywords = {constant-time, cryptoimplementations, usablesec, libraries, side-channel},
  language = {eng},
}

Details

2021

How Do Users Chain Email Accounts Together?
Lydia Kraus, Maria Svidronova and Elizabeth Stobert,
IFIP International Conference on ICT Systems Security and Privacy Protection, Springer, Cham, 2021, .
Keywords: usablesec, pre-print PDF, BibTeX

@InProceedings{2021-ifipsec-kraus,
  title = {How Do Users Chain Email Accounts Together?},
  author = {Lydia Kraus and Maria Svidronova and Elizabeth Stobert},
  booktitle = {IFIP International Conference on ICT Systems Security and Privacy Protection},
  pages = {},
  publisher = {Springer, Cham},
  year = {2021},
  keywords = {usablesec},
}

Details

Who Is Smart with Their Smartphones? Determinants of Smartphone Security Behavior
Lenka Knapova, Agata Kruzikova, Lenka Dedkova and David Smahel,
Cyberpsychology, Behavior, and Social Networking, Mary Ann Liebert, Inc., 2021, 584-592.
Keywords: usablesec, paper website, BibTeX

@Article{2021-cyberpsychology-knapova,
  title = {Who Is Smart with Their Smartphones? Determinants of Smartphone Security Behavior},
  author = {Lenka Knapova and Agata Kruzikova and Lenka Dedkova and David Smahel},
  journal = {Cyberpsychology, Behavior, and Social Networking},
  pages = {584-592},
  publisher = {Mary Ann Liebert, Inc.},
  year = {2021},
  url = {https://www.liebertpub.com/doi/full/10.1089/cyber.2020.0599},
  keywords = {usablesec},
}

2020

Evolution of SSL/TLS Indicators and Warnings in Web Browsers
Lydia Kraus, Martin Ukrop, Vashek Matyas and Tobias Fiebig,
27th International Workshop on Security Protocols (SPW 2019), Springer International Publishing, 2020, 267–280.
Keywords: usablesec, pre-print PDF, DOI website, BibTeX

@InProceedings{2019-spw-kraus,
  title = {Evolution of SSL/TLS Indicators and Warnings in Web Browsers},
  author = {Lydia Kraus and Martin Ukrop and Vashek Matyas and Tobias Fiebig},
  booktitle = {27th International Workshop on Security Protocols (SPW 2019)},
  pages = {267--280},
  publisher = {Springer International Publishing},
  year = {2020},
  doi = {10.1007/978-3-030-57043-9_25},
  keywords = {usablesec},
}

Details

Will You Trust This TLS Certificate? Perceptions of People Working in IT (Extended Version)
Martin Ukrop, Lydia Kraus and Vashek Matyas,
Digital Threats: Research and Practice, Association for Computing Machinery, 2020.
Keywords: usablesec, red-hat, pre-print PDF, DOI website, BibTeX

@Article{2020-dtrap-ukrop,
  title = {Will You Trust This TLS Certificate? Perceptions of People Working in IT (Extended Version)},
  author = {Martin Ukrop and Lydia Kraus and Vashek Matyas},
  journal = {Digital Threats: Research and Practice},
  volume = {1},
  number = {4},
  numpages = {30},
  publisher = {Association for Computing Machinery},
  year = {2020},
  issn = {2692-1626},
  doi = {10.1145/3419472},
  keywords = {usablesec, Red-Hat},
}

Details

2019

Will You Trust This TLS Certificate? Perceptions of People Working in IT
Martin Ukrop, Lydia Kraus, Vashek Matyas and Heider Ahmad Mutleq Wahsheh,
Proceedings of the 35rd Annual Computer Security Applications Conference (ACSAC'2019), ACM, 2019.
Keywords: usablesec, red-hat, pre-print PDF, DOI website, BibTeX

@InProceedings{2019-acsac-ukrop,
  title = {Will You Trust This TLS Certificate? Perceptions of People Working in IT},
  author = {Martin Ukrop and Lydia Kraus and Vashek Matyas and Heider Ahmad Mutleq Wahsheh},
  booktitle = {Proceedings of the 35rd Annual Computer Security Applications Conference (ACSAC'2019)},
  publisher = {ACM},
  year = {2019},
  doi = {10.1145/3359789.3359800},
  keywords = {usablesec, Red-Hat},
}

Details

2018

A Large-scale Comparative Study of Beta Testers and Regular Users
Vlasta Stavova, Lenka Dedkova, Martin Ukrop and Vashek Matyas,
Communications of the ACM, ACM, 2018, 64–71.
Keywords: usablesec, eset, pre-print PDF, DOI website, BibTeX

@Article{2018-cacm-stavova,
  title = {A Large-scale Comparative Study of Beta Testers and Regular Users},
  author = {Vlasta Stavova and Lenka Dedkova and Martin Ukrop and Vashek Matyas},
  journal = {Communications of the ACM},
  volume = {61},
  number = {2},
  pages = {64--71},
  publisher = {ACM},
  year = {2018},
  doi = {10.1145/3173570},
  keywords = {usablesec, ESET},
}

Details

Experimental large-scale review of attractors for detection of potentially unwanted applications
Vlasta Stavova, Lenka Dedkova, Vashek Matyas, Mike Just, David Smahel and Martin Ukrop,
Computers \& Security, 2018, 92–100.
Keywords: usablesec, eset, gamu, DOI website, paper website, BibTeX

@Article{2018-compsec-statova,
  title = {Experimental large-scale review of attractors for detection of potentially unwanted applications},
  author = {Vlasta Stavova and Lenka Dedkova and Vashek Matyas and Mike Just and David Smahel and Martin Ukrop},
  journal = {Computers \& Security},
  volume = {76},
  pages = {92--100},
  year = {2018},
  issn = {0167-4048},
  doi = {10.1016/j.cose.2018.02.017},
  url = {http://www.sciencedirect.com/science/article/pii/S0167404818301640},
  keywords = {usablesec, ESET, GAMU},
}

Why Johnny the Developer Can't Work with Public Key Certificates: An Experimental Study of OpenSSL Usability
Martin Ukrop and Vashek Matyas,
Topics in Cryptology – CT-RSA 2018: The Cryptographers' Track at the RSA Conference 2018, Springer International Publishing, 2018, 45–64.
Keywords: usablesec, red-hat, pre-print PDF, DOI website, BibTeX

@InBook{2018-rsa-ukrop,
  title = {Why Johnny the Developer Can't Work with Public Key Certificates: An Experimental Study of OpenSSL Usability},
  author = {Martin Ukrop and Vashek Matyas},
  booktitle = {Topics in Cryptology -- CT-RSA 2018: The Cryptographers' Track at the RSA Conference 2018},
  pages = {45--64},
  publisher = {Springer International Publishing},
  year = {2018},
  doi = {10.1007/978-3-319-76953-0_3},
  keywords = {usablesec, Red-Hat},
}

Details

2017

Factors Influencing the Purchase of Security Software for Mobile Devices – Case Study
Vlasta Stavova, Vashek Matyas, Mike Just and Martin Ukrop,
Infocommunications Journal, 2017, 18–23.
Keywords: usablesec, eset, gamu, pre-print PDF, paper website, BibTeX

@Article{2017-infocomm-stavova,
  title = {Factors Influencing the Purchase of Security Software for Mobile Devices -- Case Study},
  author = {Vlasta Stavova and Vashek Matyas and Mike Just and Martin Ukrop},
  journal = {Infocommunications Journal},
  volume = {9},
  issue = {1},
  pages = {18--23},
  year = {2017},
  url = {http://www.infocommunications.hu/2017_1},
  keywords = {usablesec, ESET, GAMU},
}

2016

Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms
Vlasta Stavova, Vashek Matyas and Mike Just,
IFIP International Conference on Information Security Theory and Practice, 2016, 35–50.
Keywords: usablesec, sodatsw, gamu, DOI website, BibTeX

@InProceedings{2016-wistp-stavova,
  title = {Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms},
  author = {Vlasta Stavova and Vashek Matyas and Mike Just},
  booktitle = {IFIP International Conference on Information Security Theory and Practice},
  pages = {35--50},
  organization = {Springer},
  year = {2016},
  doi = {10.1007/978-3-319-45931-8_3},
  keywords = {usablesec, SODATSW, GAMU},
}

On the impact of warning interfaces for enabling the detection of Potentially Unwanted Applications
Vlasta Stavova, Vashek Matyas and Mike Just,
Euro Usable Security (EuroUSEC) Workshop Programme, 2016.
Keywords: usablesec, eset, pua, gamu, DOI website, BibTeX

@InProceedings{2016-eurousec-stavova,
  title = {On the impact of warning interfaces for enabling the detection of Potentially Unwanted Applications},
  author = {Vlasta Stavova and Vashek Matyas and Mike Just},
  booktitle = {Euro Usable Security (EuroUSEC) Workshop Programme},
  organization = {Internet Society},
  year = {2016},
  doi = {10.14722/eurousec.2016.23003},
  keywords = {usablesec, ESET, PUA, GAMU},
}

2015

The challenge of increasing safe response of antivirus software users
Vlasta Stavova, Vashek Matyas and Kamil Malinka,
International Doctoral Workshop on Mathematical and Engineering Methods in Computer Science, 2015, 133–143.
Keywords: usablesec, eset, gamu, DOI website, BibTeX

@InProceedings{2015-memics-stavova,
  title = {The challenge of increasing safe response of antivirus software users},
  author = {Vlasta Stavova and Vashek Matyas and Kamil Malinka},
  booktitle = {International Doctoral Workshop on Mathematical and Engineering Methods in Computer Science},
  pages = {133--143},
  organization = {Springer},
  year = {2015},
  doi = {10.1007/978-3-319-29817-7_12},
  keywords = {usablesec, ESET, GAMU},
}

Are you interested in the position? The next step is to contact the supervisor to discuss each other's expectations and meet the rest of the team.

Contact the supervisor

Job offerings - CRoCS

Employment positions

PhD positions

Topic specification

Expected expertise

The sec-certs project

Industry involvement

Publications

2024

2022

2021

2020

2019

2018

2017

2016

2015

Interested?