| Both sides previous revision Previous revision Next revision | Previous revision |
| public:hire [2024-04-16 20:04] – xukrop | public:hire [2024-04-23 09:16] (current) – [Publications] xukrop |
|---|
| ==== Topic specification ==== | ==== Topic specification ==== |
| |
| The aim of these PhD positions is to analyse and improve the ecosystems of products certified under security certification frameworks such as FIPS 140 and Common Criteria. Even such security-certified products suffer from critical vulnerabilities, and assessing which certified products are impacted by such vulnerabilities is complicated due to the large amount of unstructured certification-related data and unclear relationships between the certificates. Our tooling (https://seccerts.org) automates the analysis of tens of thousands of certification-related documents, extracting machine-readable features where manual analysis is unattainable. This tooling is still to be improved and utilized. | The aim of these PhD positions is to analyse and improve the ecosystems of products certified under security certification frameworks such as FIPS 140-2/3 and Common Criteria. Even such security-certified products suffer from critical vulnerabilities, and assessing which certified products are impacted by such vulnerabilities is complicated due to the large amount of unstructured certification-related data and unclear relationships between the certificates. The tooling we develop automates the analysis of tens of thousands of certification-related documents, extracting machine-readable features where manual analysis is unattainable. |
| |
| ==== Expected expertise ==== | ==== Expected expertise ==== |
| |
| We expect candidate(s) who have (or soon will have) a MSc degree or equivalent and a solid background in computer science or engineering, with some background either in computer security or machine learning or natural language processing (though not necessarily both). Fluent communication in spoken and written English is expected. | We expect candidate(s) who have (or soon will have) a MSc degree or equivalent and a solid background in computer science or engineering, with some background either in computer security or machine learning or natural language processing (though not necessarily both). Fluent communication in spoken and written English is expected. |
| | |
| | ==== The team ==== |
| | |
| | The academic research team you'll join consists of your supervisor, two part-time engaged assistant professors and multiple supervised bachelor and master students. Furthermore, multiple Red Hat engineers are engaged to help the application of the project results at Red Hat as well as the wider certification community. |
| |
| </col> | </col> |
| ==== The sec-certs project ==== | ==== The sec-certs project ==== |
| |
| tba | Sec-certs is a tool for data scraping and analysis of security certificates from Common Criteria and FIPS 140-2/3 frameworks. It periodically updates the database of certificates, processes the available certification PDFs and metadata and enriches them by adding new metadata (e.g. detected certificate dependencies) or cross-referencing other datasets (CPEs, CVEs, CWEs, …). The whole dataset is open an available through the web interface at [[https://seccerts.org|seccerts.org]]. |
| |
| [[https://seccerts.org/|{{:research:sec-certs-logo.png?nolink&200|sec-certs project}}]] | [[https://seccerts.org/|{{:public:research:sec-certs-logo.png?nolink&200|sec-certs project}}]] |
| {{:public:research:logo.png?400|}} | {{:public:research:logo.png?400|}} |
| | |
| | \_ |
| |
| ==== Industry involvement ==== | ==== Industry involvement ==== |
| ==== Publications ==== | ==== Publications ==== |
| |
| The list of existing publications will be added soon. | {{section>publications:keywords:sec-certs&noheader&fullpage}} |
| | |
| /* {{section>publications:keywords:red-hat&noheader&fullpage}} */ | |
| ==== Interested? ==== | ==== Interested? ==== |
| |
| Are you interested in the position? The next step is to contact the supervisor to discuss each other's expectations and meet the rest of the team. | * Are you interested in the position? The next step is to contact the supervisor to discuss each other's expectations and meet the rest of the team. |
| | * Do you know someone who may be interested? Please refer them to this web page. |
| | * Do you know a relevant place to hang a poster? Download it below. |
| |
| <button type="primary" icon="fa fa-fw fa-paper-plane">[[mailto://matyas@fi.muni.cz| Contact the supervisor]]</button> | <button type="primary" icon="fa fa-fw fa-paper-plane">[[mailto://matyas@fi.muni.cz| Contact the supervisor]]</button> |
| | \_<button icon="fa fa-fw fa-file">[[https://crocs.fi.muni.cz/_media/public/research/2024-04_sec-certs_phd-poster.pdf| Poster (A4)]]</button> |
| | \_<button icon="fa fa-fw fa-file-image-o">[[https://crocs.fi.muni.cz/_media/public/research/2024-04_sec-certs_phd-slide.pdf| Presentation slide (16:10)]]</button> |