This vacancy is in the scope of the INTERSCT project (https://intersct.nl/), a large Dutch national project on security for the Internet-of-Things. The area of the expected research focuses on how to better design, build, test and certify secure IoT systems that may consist of individual devices or a collection of devices.

The PhD project will address the conceptual foundation of IoT security standards and how it can be captured in a domain-specific language. Such a language would enable a precise formulation, interpretation, and refinement of security standards in a structured way and would support reuse in the compliance assessment and certification processes. This approach poses a number of questions: what are the fundamental domain concepts of such a language, what are the most suitable semantic entities that comprise its semantic domain and how they can support the tasks of validation, testing and checking compliance with the standards.

General Info
The increasing use of Internet-of-Things (IoT) technologies and devices facilitates the automation of many aspects of our daily life but also introduces serious risks of new cyber security threats. In IoT, these risks go beyond the boundaries of our digital world and penetrate into the physical world as well. Achieving an Internet of Secure Things is the primary goal of the project INTERSECT (https://intersct.nl/), a large Dutch national project on security for the Internet of Things. INTERSECT involves six universities in the Netherlands and over 30 non-academic partners from the public and private sector. The area of the expected research for this PhD vacancy falls in INTERSECT Work Package 2 (Design) that focuses on how to better design, build, test and certify secure IoT systems that may consist of individual devices or a collection of devices. Important topics in this package are security engineering for IoT systems, human factors in secure software engineering, code generation, assurance (with validation, testing, and certification).

Research Scope of the PhD Project
The importance of the security aspect for IoT has been recognized by a number of standardization bodies (e.g. NIST, ENISA, IoTSF among others) that proposed a set of security requirements, guidelines and recommendations. Currently, there is no globally established standard for IoT security. Furthermore, it is likely that different application domains like healthcare, industrial IoT, home automation will refine and extend the existing general standards. Regardless the diversity and the differences in the standards, they often have common conceptual underpinnings that may be captured in a domain-specific language. Such a language would enable a precise formulation, interpretation, and refinement of security standards in a structured way and would support reuse in the compliance assessment and certification processes. This approach poses a number of questions: what are the fundamental domain concepts of such a language, what are the most suitable semantic entities that comprise its semantic domain and how they can support the tasks of validation, testing and checking compliance with the standards.

Hosting Research Group
You will join the Software Engineering and Technology (SET) group in the Faculty of Mathematics and Computer Science, TU/e. SET performs research in software engineering with a strong focus on methods and tools for time- and cost-efficient development and evolution of high-quality software systems. More information about the group is available at https://www.tue.nl/en/research/research-groups/computer-science/software-engineering-and-technology-w/

We require:

• A masters' degree in computer science/software engineering
• Experience and interests in language engineering, model-driven engineering, and security
• Knowledge and experience in the area of Internet-of-Things is an advantage
• Solid software development skills
• Independent, motivated and eager to learn personality, with enthusiasm for research
• Good communication skills in English, both in speaking and writing
• A publication record is considered as an advantage.

• A meaningful job in a dynamic and ambitious university with the possibility to present your work at international conferences.
• Collaboration with industrial partners
• A full-time employment for four years, with an intermediate evaluation (go/no-go) after nine months.
• To develop your teaching skills, you will spend 10% of your employment on teaching tasks.
• To support you during your PhD and to prepare you for the rest of your career, you will make a Training and Supervision plan and you will have free access to a personal development program for PhD students (PROOF program).
• A gross monthly salary and benefits (such as a pension scheme, pregnancy and maternity leave, partially paid parental leave) in accordance with the Collective Labor Agreement for Dutch Universities; ranging from EUR 2434 gross per month in the first year, to EUR 3111 in the fourth year.
• Additionally, an annual holiday allowance of 8% of the yearly salary, plus a year-end allowance of 8.3% of the annual salary.
• Should you come from abroad and comply with certain conditions, you can make use of the so-called '30% facility', which permits you not to pay tax on 30% of your salary.
• A broad package of fringe benefits, including an excellent technical infrastructure, moving expenses, and savings schemes.
• Family-friendly initiatives are in place, such as an international spouse program, and excellent on-campus children day care and sports facilities.
• Collaboration with industrial partners.