PhD Scholarship on Trusted Computing Technologies for Operational Assurance in ICT Supply Chains

Updated: 26 days ago

The Cyber Security Section at DTU Compute conducts interdisciplinary research in most aspects of computer and information security, ranging from advanced cryptography and access control mechanisms, for ensuring secrecy and authentication in todays’ communications, to the design, analysis and implementation of novel protection mechanisms for enhanced security, privacy, trustworthiness, and reliability in numerous emerging IoT applications. Through methods such as applied cryptography, hardware enhanced security, modelling and security analysis of systems, and verification, we are building security into new technology, providing assurance to the user that they are interacting with a trusted platform. Our research focuses on cryptography; trusted computing; secure communications; privacy and authentication; and security verification – with applications in, e.g., automotive, future Internet and 5G, smart grid, healthcare, e Payment, etc.

This PhD scholarship is funded by the DataVaults and ASSURED research projects as part of the European Union H2020 programme. The goal is to design and develop novel attestation mechanisms for the enhanced security, privacy and trustworthiness of heterogeneous devices comprising a potentially untrusted ICT supply chain. With the rise of Internet of Things, the number of devices that run potentially vulnerable software has exploded, and vulnerabilities are increasingly being discovered in the software running on these devices. To keep up with the amount of services that must be vetted for vulnerabilities, an automated approach is required. Alternative, security architectures are required which allow the system to detect whether it is under attack, and therefore intensify the protection mechanisms. Particular focus would be given on control systems, communication and computing infrastructures, wireless communication and embedded software verification. The envisioned research activities include the design and development of cryptographically secure and scalable attestation mechanisms for enhancing the overall privacy posture of deployed devices as well as verifying the integrity of deployed software-based services.  Furthermore, carrying out research towards the vulnerability analysis of the leveraged Trusted Platform technologies (i.e., TPMs) and the underlying TCG Software Stack (TSS) as well as the market landscapes to allow a detailed design phase to proceed.

Examples of specific research aspects to be investigated include:

  • Definition and investigation of hybrid layered attestation approaches for enabling the collective attestation of edge devices. This will include the design of advanced attestation enablers such as Direct Anonymous Attestation (DAA) and control- and information-flow attestation;
  • Modelling of appropriate verification mechanisms needed for protecting the remote attestation mechanisms and edge services from unauthorized access;
  • Design and implementation of efficient and scalable (aggregate) remote attestation for a multitude of potentially heterogeneous edge devices and services;
  • The modelling of a trusted mesh overlay network that can be deployed over geo-distributed resources and can manage the trusted exchange of data (considering also the use of Blockchains) and services.

The objective of this project is to engage trusted data sharing technologies towards developing a unified security overlay mesh network for enabling the secure and trustworthy orchestration and data management of emerging IoT-based edge applications and services.

Responsibilities and tasks
The primary task of the PhD candidate will be to conduct original research in the area described above with the goal to produce a PhD dissertation by the end of the 3-year program. 

The goal is to answer difficult questions concerning the integration of advanced remote attestation enablers in the context of ICT supply chains and the design of sufficient privacy-preserving protocols based on the use of trusted computing. The research outcomes will expected to be applied in security, privacy, trust and operational assurance of IoT-enabled ecosystems.

The PhD candidate will learn to write articles reporting the original results, of a sufficient high quality to appear in top scientific conferences and journals. He/she will participate in relevant conferences in the relevant field and, as part of the PhD program; he/she may have the opportunity for an external research stay abroad of 3-6 months.

It is a requirement of the program that all PhD students take advanced courses amounting to approximate 30 ECTS points. As part of the salary, there is a requirement of performing additional tasks (about 3 months during the 3 years) in the area of teaching or other departmental work. 

Candidates should have a two-year Master’s degree or a similar degree with an academic level equivalent to a two-year MSc degree. A good background in the theory and practice of system and network security is essential, and preference will be given to candidates who can demonstrate knowledge on trusted computing concepts, fog computing, applied crypto and trust management. Good implementation skills and practical experience are also desirable. Furthermore, good command of the English language is essential.

Approval and Enrolment
The scholarship for the PhD degree is subject to academic approval, and the candidate will be enrolled in one of the general degree programmes at DTU. For information about our enrolment requirements and the general planning of the PhD study programme, please see DTU PhD Guide . 

We offer
DTU is a leading technical university globally recognized for the excellence of its research, education, innovation and scientific advice. We offer a rewarding and challenging job in an international environment. We strive for academic excellence in an environment characterized by collegial respect and academic freedom tempered by responsibility.

Salary and terms of employment
The appointment will be based on the collective agreement with the Danish Confederation of Professional Associations. The allowance will be agreed upon with the relevant union. The period of employment is 3 years. 

Starting date is January 1st , 2021 or according to mutual agreement as soon as possible after that.

You can read about career paths at DTU here . 

Further information
Further information concerning the project can be obtained from Thanassis Giannetsos (mail , tel +45 45 25 30 09), in the Cyber Security Section at DTU Compute. 

Information concerning the application is available at the DTU Compute PhD homepage . 

You can read more about DTU compute at .

Application procedure
Please submit your application no later than 3 November 2020 (local time). Applications must be submitted as one PDF file containing all materials to be given consideration. To apply, please open the link "Apply online", fill out the online application form, and attach all your materials in English in one PDF file. The file must include:

  • A letter motivating the application (cover letter)
  • Curriculum vitae
  • Grade transcripts and BSc/MSc diploma
  • Excel sheet with translation of grades to the Danish grading system (see guidelines and Excel spreadsheet here )

Candidates may apply prior to ob­tai­ning their master's degree but cannot begin before having received it.

Applications and enclosures received after the deadline will not be considered.

All interested candidates irrespective of age, gender, race, disability, religion or ethnic background are encouraged to apply. 

DTU Compute has a total staff of 400 including 100 faculty members and 130 PhD students. We offer introductory courses in mathematics, statistics, and computer science to all engineering programmes at DTU and specialised courses to the mathematics, computer science, and other programmes. We offer continuing education courses and scientific advice within our research disciplines, and provide a portfolio of innovation activities for students and employees.

Technology for people
DTU develops technology for people. With our international elite research and study programmes, we are helping to create a better world and to solve the global challenges formulated in the UN’s 17 Sustainable Development Goals. Hans Christian Ørsted founded DTU in 1829 with a clear vision to develop and create value using science and engineering to benefit society. That vision lives on today. DTU has 12,000 students and 6,000 employees. We work in an international atmosphere and have an inclusive, evolving, and informal working environment. Our main campus is in Kgs. Lyngby north of Copenhagen and we have campuses in Roskilde and Ballerup and in Sisimiut in Greenland.

View or Apply

Similar Positions