PhD Studentship in Verification of Security and Privacy in Modern Threat Landscapes

University of Surrey

Formalism and (semi)-automatic tools based on non-classical logics, for the verification of systems’ security and privacy in modern threat landscapes.

Duration of studentship: 3 years.

Stipend: A stipend of £16,000 per annum, tax free, subject to nationality and residence status (see below).

Eligibility: 
The studentship only covers fees for UK/EU students (in value of £4,195). Additional fees required for applicants who are not UK/EU nationals are not covered by this funding.

Studentship Description:

Formal verification of security is a well-established research topic, with different approaches, applied to systems, applications, or even code yielding guarantees concerning high-level security requirements or assurances at the level of the cryptographic primitives. In turn, formal analysis of privacy (with its different facets, from types of strong secrecy to anonymity of actions/actuators, from unlinkability to untraceability) is not as mature an area as that of security verification, with problems remaining to be solved both in theoretical and in the practical aspects of the topic. Moreover, new threat models are emerging, driven by recent developments in ICT (e.g. Blockchain) and by the hyper-connection in IoT, and these threats need to be incorporated in novel techniques for the verification of security and privacy.

Non-classical applied logics, such as logics of knowledge and logics of strategic ability, are traditional and very prolific in specifying and verifying AI-inspired and game-theoretic scenarios. What is more, in the last five years, they have made a promising start in being used in the verification of security and privacy. Indeed, logics of knowledge and/or of logics of strategic ability naturally capture two vital and non-trivial aspects in emerging secure systems: (a) expressions of privacy requirements, as well as intricate security properties such as private authentication; (b) expressions for collusions of system-participants which form a threat to an underlying security/privacy goal of the system (e.g. the coalition of some parties in a distributed, socially-endorsed system which jointly have financial incentives to attempt to subvert cryptographic/security/privacy goals of the system to maximize their financial gains).

In a larger study, we will explore directions of using such AI-inspired logics of knowledge and coalition to build new, systematic and automatable methods and tools for the verification of secure systems against goals of security and privacy modulo the strategic ability of collusions of attackers. New threat-models compounding coalitions, (rational) gains and cryptography-based subversion, in line with emerging applications such as those of crypto currencies, will be put forward.

This PhD studentship is aimed at focusing on the software development of the (semi)-automatic tools supporting the aforementioned advancements. This focus is not compulsory, and a move towards (more) theoretically-centred work in this space is also possible.

We are looking for a student who can undertake not only the technical aspects of such a project, but who also has an interest in cyber security in general and in the translation of this type of technology to real-life secure systems. Previous experience in formal methods and/or security is not essential, but evidence of previous work in one of these fields would be desirable.

If you may have interests in any of the aforementioned topics, but not in all, we encourage you to contact us for an informal discussion.

For further information, including how to apply, please click the 'Apply' link below.

Share this PhD
     
  Share by Email   Print this job   More sharing options
We value your feedback on the quality of our adverts. If you have a comment to make about the overall quality of this advert, or its categorisation then please send us your feedback
Advert information

Type / Role:

PhD

Location(s):

South East England