PhD Position on Security of the cloud and network infrastructure

The Centrum voor Veiligheid en Digitalisering (Centre for Safety and Digitalisation, CVD) is a knowledge institute in which companies and public organisations are collaborating on questions related to this theme. In this context, the University of Twente, Saxion University of Applied Sciences, and the Police Academy of the Netherlands are setting up a joint research program around this time. The research program is centered around the 3 focus areas of the CVD: critical data & infrastructure, actionable intelligence and cyberresilience.

For each research line, we are looking for two PhD students to work on this theme. The PhD students will work in a multidisciplinary fashion, in close collaboration with each other, and with the supervision teams with members from the different CVD partners.

About the Project
Over the past decade, the trend in both the public sector and industry has been to outsource ICT to the cloud. While cost savings are often used as a rationale for outsourcing, another argument that is frequently used is that the cloud improves security. The reasoning behind this is twofold. First, cloud service providers are typically thought to have skilled staff trained in good security practices. Second, cloud providers often have a vastly distributed, highly connected network infrastructure, making them more resilient in the face of outages and denial-of-service attacks.

Yet many examples of cloud outages, often due to attacks, call into question whether outsourcing to the cloud really improves security. In this project our goal therefore is to answer two questions: 1) did the cloud make use more secure? and 2) can we provide specific security guidance to support cloud outsourcing strategies?

The goal of this PhD research is to explore the questions above from a technical angle. The project will focus on providing comprehensive insight into the attack surface at the network level of cloud providers and their users. We will use a measurement-based approach, leveraging large scale datasets about the Internet, both our own data (e.g. OpenINTEL1, a large-scale dataset of active DNS measurements) and datasets from our long-term collaborators, such as CAIDA2 in the US (BGPStream , Network Telescope) and Saarland University in Germany (AmpPot. We will use this data to study the network infrastructure outside and within cloud environments to structurally map vulnerabilities to attacks as well as to identify security anti-patterns, where the way cloud services are managed or used introduce a weak point that attackers can target.