Overview
The University of Luxembourg seeks to hire outstanding researchers at its Interdisciplinary Centre for Security, Reliability and Trust (SnT) http://www.securityandtrust.lu/ .
SnT is a recently formed centre carrying out interdisciplinary research in secure, reliable and trustworthy ICT (Information and Communication Technologies) systems and services, often in collaboration with industrial, governmental or international partners. SnT is active in several international research projects funded by the EU 7 th framework programme and the European Space Agency. A successful candidate will conduct research in one or more of the centre projects and assist in the development of the SnT project portfolio. The Centre invites researchers from diverse research areas to contribute to our projects in areas such as Satellite Systems, Vehicular Networks, Network Security, Model-drive Security, Security Cloud computing, and ICT Services & Applications.
The PhD project will be conducted in partnership with Banque et Caisse d'Epargne de l'Etat, ( www.bcee.lu ), one of the major Luxembourg banks.
Project description
Depending on the background of the cand
idate, a thesis project in one of the following multi-disciplinary areas will be defined;
Security and privacy in cloud computing
On-demand computing services using cloud technologies face several challenges in terms of security and privacy of data. Identity plus access control is required to efficiently and safely allocate the appropriate resources to the users. This research area deals with change of paradigm from a classical client/server scenario, where identity and access control was not crucial for service delivery, to a distributed handling of identities and the access granted. Subtopics of this research area are manifold.
Access control policies
Access control is often based on a rather scattered set of Role Based Access Control policies. The current set up gives rise to maintainability problems because updating the set of agents, roles, resources and permissions is a complicated process. As a consequence, security requirements (e.g. the "need-to-know" principle) may not be met and contradictory permission information may be entered. Further, detective security measures, like inspecting log files on suspected behaviour or internal fraud are hard to implement efficiently. Research is needed on methods to (semi-automatically) simplify the current RBAC policies. This should be done in accordance to the security policies related to the different workflows. In addition, data mining techniques can be considered to support the analysis of log files and attack trees to systematically analyse possibilities for internal fraud.
Document signing chain
It is expected that in the future electronic non-repudiation approaches will replace the traditional approach towards signing and storing customer contracts. As a consequence, the bank is now experimenting with new techniques in which a customer uses a digital pen to sign a contract. The challenge is to define technical and procedural measures such that these electronic signatures can be taken to court as a formal proof of commitment. In order to be fully accountable, the whole chain from client (signing, transmission, storage) to court will have to be verified, as to prove integrity, authenticity and non-repudiation of the signature. Apart from the technical and logical aspects, the legal aspects have to be taken into account as well.
Profile of the candidate
A master's degree in Computer Science, Applied Mathematics, Engineering or a related field.
Experience of systems and network security is preferable.
Inquisitiveness, commitment, and a critical attitude.
Ability to work in both the academic and the banking environment is essential.
Very good written and oral English skills.
A working knowledge in German, French or Italian is an advantage.
Offer
The University offers a three year employment contract that may be extended up to a fourth year. The University offers highly competitive salaries and is an equal opportunity employer. You will work in an exciting international environment and will have the opportunity to participate in the development of a newly created research centre.
Application
Applications must include, in PDF format only:
Full CV, including name (and email address, etc) of three referees
Transcript of all modules and results from university-level courses taken
Research statement and topics of particular interest to the candidate (300 words).
If applicable:
Description of the undergraduate project (1 page)
Description of the MSc project (1 page)
Undergraduate work placement or other relevant work experience (1 page)
Applications, written in English and in PDF format only, should be sent via email to:
TO: snt-jobs@uni.lu
SUBJECT: Security and Trust in Banking and Finance
Deadline for applications: 15th March 2011.
For inquiries please contact Prof. Dr. Thomas Engel (thomas.engel@uni.lu) or Prof. Dr. Bjorn Ottersten (bjorn.ottersten@uni.lu).
Please quote Scholarization.blogspot.com on your application when applying for this scholarship
The University of Luxembourg seeks to hire outstanding researchers at its Interdisciplinary Centre for Security, Reliability and Trust (SnT) http://www.securityandtrust.lu/ .
SnT is a recently formed centre carrying out interdisciplinary research in secure, reliable and trustworthy ICT (Information and Communication Technologies) systems and services, often in collaboration with industrial, governmental or international partners. SnT is active in several international research projects funded by the EU 7 th framework programme and the European Space Agency. A successful candidate will conduct research in one or more of the centre projects and assist in the development of the SnT project portfolio. The Centre invites researchers from diverse research areas to contribute to our projects in areas such as Satellite Systems, Vehicular Networks, Network Security, Model-drive Security, Security Cloud computing, and ICT Services & Applications.
The PhD project will be conducted in partnership with Banque et Caisse d'Epargne de l'Etat, ( www.bcee.lu ), one of the major Luxembourg banks.
Project description
Depending on the background of the cand
idate, a thesis project in one of the following multi-disciplinary areas will be defined;
Security and privacy in cloud computing
On-demand computing services using cloud technologies face several challenges in terms of security and privacy of data. Identity plus access control is required to efficiently and safely allocate the appropriate resources to the users. This research area deals with change of paradigm from a classical client/server scenario, where identity and access control was not crucial for service delivery, to a distributed handling of identities and the access granted. Subtopics of this research area are manifold.
Access control policies
Access control is often based on a rather scattered set of Role Based Access Control policies. The current set up gives rise to maintainability problems because updating the set of agents, roles, resources and permissions is a complicated process. As a consequence, security requirements (e.g. the "need-to-know" principle) may not be met and contradictory permission information may be entered. Further, detective security measures, like inspecting log files on suspected behaviour or internal fraud are hard to implement efficiently. Research is needed on methods to (semi-automatically) simplify the current RBAC policies. This should be done in accordance to the security policies related to the different workflows. In addition, data mining techniques can be considered to support the analysis of log files and attack trees to systematically analyse possibilities for internal fraud.
Document signing chain
It is expected that in the future electronic non-repudiation approaches will replace the traditional approach towards signing and storing customer contracts. As a consequence, the bank is now experimenting with new techniques in which a customer uses a digital pen to sign a contract. The challenge is to define technical and procedural measures such that these electronic signatures can be taken to court as a formal proof of commitment. In order to be fully accountable, the whole chain from client (signing, transmission, storage) to court will have to be verified, as to prove integrity, authenticity and non-repudiation of the signature. Apart from the technical and logical aspects, the legal aspects have to be taken into account as well.
Profile of the candidate
A master's degree in Computer Science, Applied Mathematics, Engineering or a related field.
Experience of systems and network security is preferable.
Inquisitiveness, commitment, and a critical attitude.
Ability to work in both the academic and the banking environment is essential.
Very good written and oral English skills.
A working knowledge in German, French or Italian is an advantage.
Offer
The University offers a three year employment contract that may be extended up to a fourth year. The University offers highly competitive salaries and is an equal opportunity employer. You will work in an exciting international environment and will have the opportunity to participate in the development of a newly created research centre.
Application
Applications must include, in PDF format only:
Full CV, including name (and email address, etc) of three referees
Transcript of all modules and results from university-level courses taken
Research statement and topics of particular interest to the candidate (300 words).
If applicable:
Description of the undergraduate project (1 page)
Description of the MSc project (1 page)
Undergraduate work placement or other relevant work experience (1 page)
Applications, written in English and in PDF format only, should be sent via email to:
TO: snt-jobs@uni.lu
SUBJECT: Security and Trust in Banking and Finance
Deadline for applications: 15th March 2011.
For inquiries please contact Prof. Dr. Thomas Engel (thomas.engel@uni.lu) or Prof. Dr. Bjorn Ottersten (bjorn.ottersten@uni.lu).
Please quote Scholarization.blogspot.com on your application when applying for this scholarship
0 comments:
Post a Comment