PhD position on ‘Automated Detection of Security Vulnerabilities in Software’

Context of the research

Security vulnerabilities in software applications are serious threats, since they allow software to be exploited for malicious purposes, such as stealing sensitive information or launching attacks against critical systems. Such vulnerabilities can be detected by static analysis, where the program code is analyzed without executing it, or by dynamic analysis, where the runtime behaviour of the executed software is analyzed. There are many methods and tools available for both static and dynamic analysis. These tools are very powerful and widely applied, but they all suffer to some extend from both theoretical and practical limitations. This causes that the analysis results can be either incomplete (due to false negatives, when actual vulnerabilities are not detected) or incorrect (due to false positives, when non-existing vulnerabilities are reported).

Research challenges

The research project addresses two challenges. The first challenge is to provide automated support to human analysts for assessing the correctness of static code analysis results. The second challenge focuses on security testing of GUI-based applications, in combination with our TESTAR-framework. To address these challenges, you combine static and dynamic analysis, using a mixture of formal analysis, AI-agents and scriptless GUI testing. You apply and validate your results on realistic applications.

Your role

As a PhD candidate, you will be part of an active research team at the Open Universiteit. This research team has expertise in both software security, software testing, formal methods, and AI. Your tasks are to conduct research and to publish results in journals and conferences, which form the basis for your PhD dissertation. You work under supervision of professor Tanja Vos and professor Harald Vranken. You also may be involved in teaching activities for at most 20% of your time.

Your profile

We are looking for an enthusiastic and motivated candidate with:

• a MSc degree or equivalent degree in computer science or artificial intelligence, or a closely related field such as  mathematics
• knowledge of software engineering, security, testing, formal methods and/or AI, and willingness to learn and extend your knowledge in these areas
• interest in research with practical relevance
• strong analytical skills
• skills to work independently and also as part of a team
• good communication and presentation skills in English
• knowledge of Dutch is preferred, but not mandatory

Salary

The salary is determined in accordance with salary scale P of Appendix A of the Collective Labour Agreement of Dutch Universities and ranges from € 2.901,-- gross per month upon commencement to € 3.707,-- gross per month in the fourth and final year, in case of full employment.

The PhD candidate will be appointed for a period of 15 months. The appointment will be extended to 4 years when progress and performance are good. A PhD training program is part of the agreement.

Station

Heerlen. You are present in Heerlen (at least) two days a week.

Flexible studying anywhere in the Netherlands and (Belgium) Flanders
The Open Universiteit is the part-time university in the Netherlands. Students follow personalised and activating academic distance education and disciplinary research is carried out within the various fields of science. Students can complete bachelor and master programmes, but also shorter programmes. The characteristics of education are openness, flexibility and quality (see www.ou.nl/rankings). The Open Universiteit has over 17,000 students and more than 850 employees. The OU has branches in the Netherlands and Belgium (see www.ou.nl/studiecentra). The main office is located in Heerlen.

The latest technologies and educational insights are applied both in the bachelor's and master's programmes and courses and in projects and programmes with partners. Nationally and internationally, the OU plays an important role in the innovation of higher education. Education is interwoven with research, which also ensures that the current state of science is incorporated. The Open Universiteit invests not only in disciplinary research in nine scientific fields, but also in research in a multidisciplinary programme: Innovating for resilience.

The faculty of Science is one of the six faculties of the Open Universiteit. Education, research and valorisation are the main tasks. The faculty offers academic bachelor and master programmes in the fields of Computer Science, Information Science, and Environmental Sciences, including a recently developed Artificial Intelligence master programme (started February 2022). The faculty’s research programme focuses on Innovating for Resilience. The faculty has Ph.D.-students who conduct research on various current topics within the research programme. As a result of the interdisciplinary focus on education and research, as well as the close link with practice, work at our faculty provides many innovative and challenging opportunities for entrepreneurial researchers.

Department of Computer Science
The Department of Computer Science is an ambitious and enthusiastic group of approximately 40 people (33 FTE), broadly focused on improving the impact of computers and computer science on society. The department’s research program “Towards high-quality and intelligent software” (2020–2025) consists of four research lines, focusing on:

1.      Techniques for quality assurance of software systems

2.      Software and computer system security, and privacy-by-design

3.      Responsible artificial intelligence, including methods and applications of AI

4.      Educational tools and computing education

For more information about this vacancy you can contact professor Harald Vranken (harald.vranken@ou.nl).

The Open Universiteit provides good secondary benefits such as training, mobility, part-time employment and paid parental leave.