Deadline for receipt of applications: July 1, 2024 23:59 AoE (02 July 2024, 13:59h Europe/Madrid Time)
The Cybersecurity and Internet Analytics Groups at IMDEA Networks Institute has a joint opening for one PhD student in the area of IoT Cybersecurity. The successful candidate will analyse large-scale firmware images to detect vulnerabilities and harmful behaviours in IoT products and their software supply chain in the context of the PARASITE project.
The candidate will develop and apply scalable and efficient static and dynamic software analysis pipelines enhanced with Machine Learning techniques to 1) identify supply chain elements and dependencies in IoT firmware (Software Bill of Materials, SBOMs), 2) detect and analyze vulnerabilities and weak/malicious actors in the supply chain, 3) assess products compliance with the requirements of the new EU Cyber Resilience Act, or 4) produce empirical models to inform potential mitigations and certification and risk management methods.
The candidate will make fundamental contributions to unsolved technical and enforcement challenges that the new EU Cyber Resilience Act will bring and to the long and impactful track records of the IAG and Cybersecurity groups in the field of software analysis, cybersecurity, and privacy [See bibliographic references 1-10 below]. The PhD student will have privileged access to various cutting-edge software analysis tools, and to a big data analysis platform with substantial computing resources for their processing.
The position offers:
The position requires:
Inquiries on the position can be directed to the thesis supervisors via email, Dr. Guillermo Suarez-Tangil (guillermo.suarez-tangil “at” imdea.org) or Dr. Narseo Vallina-Rodriguez (narseo.vallina “at” imdea.org)
Candidates shall submit by the call deadline a CV, a motivation letter, and the contact details of two references through the IMDEA Networks Institute hiring portal, at https://careers.networks.imdea.org/.
Bibliographic References of Relevant Group Research Outputs:
[1.] “In the Room Where It Happens: Characterizing Local Communication and Threats in Smart Homes.” A. Girish, T. Hu, V. Prakash, D. J. Dubois, S. Matic, D. Huang, S. Egelman, J. Reardon, J. Tapiador, D. Choffnes, N. Vallina-Rodriguez In Proc. of the 2023 ACM on Internet Measurement Conference, 2023.
[2.] SkillVet: Automated Traceability Analysis of Amazon Alexa Skills. J. Edu, X. Ferrer-Aran, J. Such, G. Suarez-Tangil. IEEE Trans. on Dependable and Secure Computing. 2022.
[3.] IoTLS: Understanding TLS Usage in Consumer IoT Devices. M. Paracha, D. Dubois, N. Vallina-Rodriguez, D. Choffnes. Proc. of the ACM IMC, 2021
[4.] Trouble over-the-air: An analysis of fota apps in the android ecosystem. Blázquez, E., Pastrana, S., Feal, Á., Gamba, J., Kotzias, P., Vallina-Rodriguez, N., & Tapiador, J. IEEE Symposium on Security and Privacy (SP) 2021
[5.] An Analysis of Pre-installed Android Software. J. Gamba, M. Rashed, A. Razaghpanah, J. Tapiador, N. Vallina-Rodriguez IEEE Symposium on S&P’20 (BEST PRACTICAL PAPER AWARD, AEPD EMILIO ACED AWARD, CNIL-INRIA PRIVACY RESEARCH AWARD)
[6.] Measuring Alexa Skill Privacy Practices Across Three Years. J. Edu, X. Ferrer-Aran, J. Such, G. Suarez-Tangil. ACM Web Conference, 2022
[7.] Exploring the security and privacy risks of chatbots in messaging services J Edu, C Mulligan, F Pierazzi, J Polakis, G Suarez-Tangil, J Such. Proc. ACM IMC 2022
[8.] 50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions Systems. J. Reardon, A. Feal, P. Wijesekera, A. Elazari Bar On, N. Vallina-Rodriguez, S. Egelman. USENIX Security, 2019 (USENIX’19 DISTINGUISHED PAPER AWARD, CNIL-INRIA PRIVACY RESEARCH AWARD, AEPD EMILIO ACED)
[9.] Characterizing Linux-based malware: Findings and recent trends. Carrillo-Mondéjar, J.,, Martínez, J.L., Suarez-Tangil, G.. Future Generation Computer Systems, 2020.
[10.] Androdialysis: Analysis of android intent effectiveness in malware detection. Feizollah, A., Anuar, N. B., Salleh, R., Suarez-Tangil, G., & Furnell, S. (2017). Computers & security, 65, 121-134
[11] https://networks.imdea.org/team/imdea-networks-team/alumni-network
This contract is part of the project PID2022-143304OB-I00 (PARASITE) funded by MCIN/AEI /10.13039/501100011033/ and by the ERDF, A way of making Europe.
Equal Employment Opportunity
Networks Institute aims to increase the proportion of women and therefore qualified female applicants are explicitly encouraged to apply. Until a balanced ratio of men and women has been achieved at the institute, preference will be given to women if applicants have similar qualifications. IMDEA Networks Institute actively promotes diversity and equal opportunities. Applicants are not to be discriminated against in personnel selection procedures on the grounds of gender, ethnicity, religion or ideology, age, sexual orientation (anti-discrimination). People with disabilities who have the relevant qualifications are expressly invited to apply.