PhD project in IoT Security Risk Modelling and Assessment

DTU Compute’s Sections “Formal Methods for Safe and Secure Systems” and “Embedded Systems Engineering”, are looking for a bright and motivated PhD student for a 3-year PhD position starting February 1st , 2022. The project is financed by DTU and DIREC (Digital Research Centre Denmark). We offer a rewarding and challenging job in an international environment. We strive for academic excellence in an environment characterized by collegial respect and academic freedom tempered by responsibility. 

Our vision is a safe and secure digital society supported by reliable and trustworthy IT technologies with theoretically well-founded guarantees.To this aim we conduct state-of-the-art research in the areas of formal methods (formal modelling, formal verification, etc.), pervasive computing (IoT, Fog, etc.), and security (threat modelling & assessment, remote attestation, etc.).   

Project Description
IoT-devices are blending into the infrastructure of our society and personal life. Since these devices run in uncontrolled, potentially hostile environments, they are vulnerable to security and privacy attacks. The goal of DIREC’s project “Secure IoT” (SIoT) is to model security threats and countermeasures for IoT systems and services, in order to synthesize secure solutions, and to analyze residual security risks. SIoT  is a collaboration within DIREC (Digital Research Centre Denmark) between four Danish universities (Aarhus University, Aalborg University, CBS and DTU), the Alexandra Institute, and eight Danish companies. The project aims at theoretical progress in modelling and analysis with Attack-Defense-Games. We will take inspiration from case studies with interesting security challenges from the industrial partners.The project will use Attack-Defense-Trees for the systematic modeling of socio-technical vulnerabilities and countermeasures, and algorithms from automata theory and game theory to automate risk analysis and security strategy synthesis. The implementation of the security policies will consider both technical as well as social aspects, in particular usability in organizations and training of people.   

Responsibilities and qualifications
You are seeking to break new ground in the theory and practice of security risk modelling and assessment of IoT systemswith formal methods.

You are eager to work on:

• Analyzing requirements for IoT risk modelling and assessment, i.e., identifying the most critical aspects of IoT systems that need to be part of security risk models and assessment methodologies.
• Developing and/or adapting tools for security risk modelling and assessment of IoT systems, including what-if scenario analysis.
• Compiling a library of common patterns in security risk models for IoT systems, that users of the above tools can easily re-use, combine, and refine.

You should have a two-year master's degree (120 ECTS points) or a similar degree with an academic level equivalent to a two-year master's degree. The master degree should be in Computer Science and Engineering, Applied Mathematics, Engineering, or equivalent academic qualifications. 

It will be an advantage if you can document background and experience in one or more of the main relevant areas for the project:

• IoT Security
• Threat and risk modelling and assessment (e.g., with Attack Trees)
• Formal modelling and verification (e.g. model checking)
• Tool development

Furthermore, good command of the English language is essential.

Approval and Enrolment
The scholarship for the PhD degree is subject to academic approval, and the candidate will be enrolled in one of the general degree programmes at DTU. For information about our enrolment requirements and the general planning of the PhD study programme, please see the DTU PhD Guide .  

Assessment
The assessment of the applicants will be made by Head of Section and Assoc. Prof. Alberto Lluch Lafuente and Prof. Nicola Dragoni.

We offer
DTU is a leading technical university globally recognized for the excellence of its research, education, innovation and scientific advice. We offer a rewarding and challenging job in an international environment. We strive for academic excellence in an environment characterized by collegial respect and academic freedom tempered by responsibility.

Salary and appointment terms
The appointment will be based on the collective agreement with the Danish Confederation of Professional Associations. The allowance will be agreed upon with the relevant union. The position is a full-time position. The period of employment is 3 years starting February 1, 2022 (or as soon as possible thereafter). 

You can read more about career paths at DTU here .

Further information
Further information may be obtained from Head of Section and Assoc. Prof. Alberto Lluch Lafuente ([email protected]) and Prof. Nicola Dragoni ([email protected] ).

Further information concerning the application is available at the DTU Compute PhD homepage .  

You can read more about DTU Compute at www.compute.dtu.dk/english . 

If you are applying from abroad, you may find useful information on working in Denmark and at DTU at DTU – Moving to Denmark .  

Application procedure
Your complete online application must be submitted no later than1 November 2021 (Danish time). Applications must be submitted as one PDF file containing all materials to be given consideration. To apply, please open the link "Apply online", fill out the online application form, and attach all your materials in English in one PDF file. The file must include:

• A cover letter motivating the application. The letter must explain what makes you the ideal candidate to the position.
• A research statement explaining your take on the project challenges and objectives (max. 2 pages plus bibliography). Please refer to the contact persons for details on the project.
• Curriculum vitae
• Grade transcripts and BSc/MSc diploma
• Excel sheet with translation of grades to the Danish grading system (see guidelines and Excel spreadsheet here )

You may apply prior to ob­tai­ning your master's degree but cannot begin before having received it.

All interested candidates irrespective of age, gender, race, disability, religion or ethnic background are encouraged to apply.

DTU Compute
DTU Compute is a unique and internationally recognized academic department with 385 employees and 11 research sections spanning the science disciplines mathematics, statistics, computer science, and engineering. We conduct research, teaching and innovation of high international standard – producing new knowledge and technology-based solutions to societal challenges. We have a long-term involvement in applied and interdisciplinary research, big data and data science, artificial intelligence (AI), internet of things (IoT), smart and secure societies, smart manufacturing, and life science. At DTU Compute we believe in a diverse workplace with a flexible work-life balance.

Technology for people
DTU develops technology for people. With our international elite research and study programmes, we are helping to create a better world and to solve the global challenges formulated in the UN’s 17 Sustainable Development Goals. Hans Christian Ørsted founded DTU in 1829 with a clear vision to develop and create value using science and engineering to benefit society. That vision lives on today. DTU has 12,900 students and 6,000 employees. We work in an international atmosphere and have an inclusive, evolving, and informal working environment. DTU has campuses in all parts of Denmark and in Greenland, and we collaborate with the best universities around the world.