Thesis proposal: Continuous Secure Evolution of Software System’ Artefacts
Location: IMT Atlantique, Brest
Start date: January 2022
Keywords: security, software engineering, software evolution, model-driven engineering.
Team : P4S/SHARP/LabSTICC (UMR 6285)
Contact : Salvador Martínez: salvador.martinez(at)imt-atlantique.fr & Fabien Dagnat: fabien.dagnat(at)imt-atlantique.fr
Applications are invited for a PhD position on security of software. Summarizing, the project aims at studying how to evolve a software system while maintaining its security properties and requirements.
The student will work in the P4S team at IMT Atlantique & Lab-STICC (CNRS), Brest, France The position is for 3 years from January 2022.
Master’s degree or equivalent in Computer Science, with a specialization in Software Engineering
Knowledge or special interest in security, e.g.: privacy, confidentiality, etc
Solid software development and programming skills
Good communication skills in English
IMT Atlantique is a French elite technological university located in the beautiful city of Brest, west of France (4 hours by train from Paris). Pleasant working conditions will be offered to the student.
To get more information and apply, please send a complete CV with a corresponding motivation letter, recommendation letter(s) and a list of both already published papers and open source contributions (if any) to Salvador Martínez: salvador.martinez(at)imt-atlantique.fr Fabien Dagnat: fabien.dagnat(at)imt-atlantique.fr
Information and Communication Technologies have been integrated in many different environments, including critical ones (i.e., environments where a system fail regarding its missions, business operations, safety and/or security would have severe adverse impacts that range from data loss to even loss of life). This integration makes systems prone to a wider range of security issues and consequently, research and industry efforts
have been directed at enhancing the security of these systems by integrating existing security mechanisms (controls), developing new ones and advocating for secure-by-construction development processes. Unfortunately, systems are far from being static, i.e., it may be modified on required maintenance/evolution phases.
Therefore, security needs to be integrated as a core concern on the evolution phase of software systems in what we call a continuous secure evolution paradigm. Providing the means to efficiently assure that the security of a software system is not being affected negatively by a given evolution event is the high-level objective of this Ph.D thesis. In order to do so, we intend to use the tools and techniques of software engineering such as
for example Model-Driven Engineering (MDE). To reach this scientific objective at least the following aspect will be explored:
- mechanisms to obtain / compute a security status. This: i) may (partially) exist as documentation of the system; ii) may be built by hand or iii) may be (semi)automatically ”discovered”.
- where required, mechanisms to link security knowledge (e.g., desired security properties, access-control policies, etc.) to the software system.
- mechanisms to efficiently evaluate/propagate changes of the software system w.r.t the security status (e.g., we want to be able to determine which security properties are affected by a given change).
The work of the thesis will be done for software for spacecraft. Indeed, software for satelites are large, complex, critical and developped by large consortiums with strong security requirements. A case study from ESA should be the testbed for the thesis proposals.