This is an old revision of the document!
Job offerings - CRoCS
This page lists currently open employment and PhD positions to our lab.
Employment positions
We currently have no employment positions open, but feel free to see the list of current research projects to see the areas we work in.
PhD positions
Supervisor: Vashek Matyas <matyas@fi.muni.cz>
Industry cooperation: Red Hat Czech s.r.o.
Start date: September 2024 or February 2025
Topic specification
The aim of these PhD positions is to analyse and improve the ecosystems of products certified under security certification frameworks such as FIPS 140 and Common Criteria. Even such security-certified products suffer from critical vulnerabilities, and assessing which certified products are impacted by such vulnerabilities is complicated due to the large amount of unstructured certification-related data and unclear relationships between the certificates. Our tooling (https://seccerts.org) automates the analysis of tens of thousands of certification-related documents, extracting machine-readable features where manual analysis is unattainable. This tooling is still to be improved and utilized.
Expected expertise
We expect candidate(s) who have (or soon will have) a MSc degree or equivalent and a solid background in computer science or engineering, with some background either in computer security or machine learning or natural language processing (though not necessarily both). Fluent communication in spoken and written English is expected.
The sec-certs project
tba
Industry involvement
The successful candidate(s) will work with CRoCS during the whole duration of the project, while cooperation with Red Hat is expected in a form of regular meetings with Red Hat experts where progress will be evaluated and next targets agreed. The work to be undertaken during all years of research will be at the intersection of computer security and machine learning.
In case of inquires related to the industrial cooperation, please contact Martin Ukrop <mukrop@redhat.com>.
Publications
2022
- Assessing Real-World Applicability of Redesigned Developer Documentation for Certificate Validation Errors
Martin Ukrop, Michaela Balážová, Pavol Žáčik, Eric Vincent Valčík and Vashek Matyas,
Proceedings of the 2022 European Symposium on Usable Security, ACM, 2022, 131-144.
Keywords: usablesec, red-hat, pre-print PDF, DOI website, BibTeX
2020
- Will You Trust This TLS Certificate? Perceptions of People Working in IT (Extended Version)
Martin Ukrop, Lydia Kraus and Vashek Matyas,
Digital Threats: Research and Practice, Association for Computing Machinery, 2020.
Keywords: usablesec, red-hat, pre-print PDF, DOI website, BibTeX
2019
- Will You Trust This TLS Certificate? Perceptions of People Working in IT
Martin Ukrop, Lydia Kraus, Vashek Matyas and Heider Ahmad Mutleq Wahsheh,
Proceedings of the 35rd Annual Computer Security Applications Conference (ACSAC'2019), ACM, 2019.
Keywords: usablesec, red-hat, pre-print PDF, DOI website, BibTeX
2018
- Why Johnny the Developer Can't Work with Public Key Certificates: An Experimental Study of OpenSSL Usability
Martin Ukrop and Vashek Matyas,
Topics in Cryptology – CT-RSA 2018: The Cryptographers' Track at the RSA Conference 2018, Springer International Publishing, 2018, 45–64.
Keywords: usablesec, red-hat, pre-print PDF, DOI website, BibTeX
Interested?
Are you interested in the position? The next step is to contact the supervisor to discuss each other's expectations and meet the rest of the team.