意大利都灵理工招软件安全研究人员

标 题: 意大利都灵理工招软件安全研究人员
发信站: 水木社区 (Mon Nov 19 03:53:01 2007), 站内

请直接和负责人联系...

Two Research Positions in Software Security & Trust

Two Research Assistant positions are available in the area of
Software trust and client-side security in a European Research Project.
The posts are available at the Dipartimento di Automatica e Informatica
(Department of Computer Science), Faculty of Engineering, Politecnico di Torino, Italy.

The posts are part of a larger EU-funded project:
RE-TRUST (Remote EnTrusting by RUn-time Software auThentication ),
which is funded by the EU under its FET (Future and Emerging Technologies): re***.it[点击查看]
The main goal of RE-TRUST project is to develop a new platform for guaranteeing software integrity by means of dynamic software authentication.
The problem is:
"How to ensure that a trusted code is running on an untrusted machine
has not been modified prior to or during run-time ?"

This project will investigate both novel SW-based and
SW-based with hardware assistance, methodologies for mitigating this problem
by employing a trusted logic component on an untrusted machine
that in turn authenticates its operation continuously during run-time.
The method assures a remote entrusting component so that if the authentication
is successful, then the original software functionality is then executed on the untrusted machine.

The project consortium is composed by Politecnico di Torino (Italy), University of Trento (Italy),
Katholieke Universiteit of Leuven (Belgium), GemPlus (industry leader in smart-cards market),
and St. Petersburg Institute for Informatics and Automation (Russia).

The two post holders will work on:
1. Software-based methodologies for realizing dynamic authentication, in particular,
the secure software module should be combined in a secure way with the original application,
and the combined module must be robust against tampering (note these techniques are traditionally applied
to native-code, obtained from, e.g., C/C++).
An additional challenge in this task will be to extend the above-mentioned techniques
to a managed-code platform (e.g., C# and Java).
The second above objective will be addressed with two complimentary techniques:
- tamper resistance through software-based techniques, like obfuscation,
- tamper detection, by dynamically replacing parts of the application and of the
secure software module hence limiting the module lifetime.

Other approaches like self-modifying code, control-flow checking,
white-box cryptography, dynamic watermarking, obfuscation
will be evaluated and possibly used in the project.

2. Analysis of software-based and sw-hw assisted methods to assess the robustness of results, e.g.:
- To define metrics for reverse engineering complexity for some techniques such as code replacement and obfuscation.
- To provide a comparative analysis between RE-TRUST and trusted computing (TC).
- To explore trust and security vulnerabilities that are exploitable if the operating system (OS) is untrusted.
- To define a formal analysis and modeling of the possible attacks that can be performed
against genuine software, on an untrusted host.

Applicants should preferably hold a PhD and have research experience in
security, in particular on network security and client-side security.
A deep knowledge of C/C++ programming and Linux architecture is appreciated.
A knowledge of integrity-checking techniques, rootkits, reverse-engineering tools,
and software protection techniques is also very valuable.
The appointment is expected to be made up to current italian contract.
The term of appointment is for 1 year, possibly extensible for another year.

For further details, and applications, please write
to Prof. Mario Baldi ( mario.baldi@polito.it );
applicants are also welcome to make informal
inquiries to Dr. Paolo Falcarin (paolo.falcarin@polito.it )
--

35 来源:·水木社区 ne***net[点击查看]·[FROM: 151.21.24.*]