Doctoral candidate (PhD student) in Computer Science

Updated: about 2 months ago
Deadline: 31 Dec 2021

The University of Luxembourg is an international research university with a distinctly multilingual and interdisciplinary character. The University was founded in 2003 and counts more than 6,700 students and more than 2,000 employees from around the world. The University’s faculties and interdisciplinary centres focus on research in the areas of Computer Science and ICT Security, Materials Science, European and International Law, Finance and Financial Innovation, Education, Contemporary and Digital History. In addition, the University focuses on cross-disciplinary research in the areas of Data Modelling and Simulation as well as Health and System Biomedicine. Times Higher Education ranks the University of Luxembourg #3 worldwide for its “international outlook,” #20 in the Young University Ranking 2021 and among the top 250 universities worldwide.

The Faculty of Science, Technology and Medicine (FSTM) contributes multidisciplinary expertise in the fields of Mathematics, Physics, Engineering, Computer Science, Life Sciences and Medicine. Through its dual mission of teaching and research, the FSTM seeks to generate and disseminate knowledge and train new generations of responsible citizens, in order to better understand, explain and advance society and environment we live in.

The University of Luxembourg invites applications to the vacancy in the Department of Computer Science ( ).


In this proposed PhD thesis topic, we aim to develop the first account ecosystem management and security analysis tool. To achieve this, we must solve foundational research questions and develop efficient algorithms as outlined below. The developed algorithms will be implemented into a fully functional prototype.

Your Role...

The candidate’s tasks include:

  • Assistance with teaching classes in security
  • Conducting research publishable in reputable international venues
  • Writing of progress reports and presentations towards thesis
  • Work constructively towards goals set by supervisors
  • The candidate should be prepared to engage in the project ``Semi-Controlled Distributed Account Management’’ described below. The project is within the Security and Trust of Software System (SaToSS) research group led by Prof Sjouke Mauw.

Description of proposed PhD thesis topic...

The use of a password manager is a current best practice that many users and organisations follow. Password managers facilitate the generation and maintenance of unique, complex and random passwords and thus help prevent account compromise due to weak or reused passwords. However, with the rising number of apps, online accounts, smart devices and authentication methods, we are facing many new threats that are not related to passwords. For example, we must now also worry about misconfigured apps, third-party access permissions to accounts, vulnerabilities of devices, and security incidents at service providers.

Moreover, our apps, accounts, and devices are interconnected: An email app on a smartphone provides access to the email account to anyone who can unlock the smartphone. If, say, the smartphone user’s groceries account supports password resetting by email, then the user’s groceries account, too, can be accessed by anyone who can unlock the smartphone. There are many other such connections due to multi-factor, single sign-on, and other authentication methods. We refer to this collection of apps, devices, accounts, and authentication methods as an account ecosystem.

The interconnected nature of items in an account ecosystem means that for any security incident involving one item, there are potential ramifications for every other item in an account ecosystem. In our user study of 20 young to middle aged adults, they reported on average 43 items in their account ecosystems that were in active use. The complexity of account ecosystems is expected to further increase significantly with new services, such as Open Banking, connecting our existing accounts with new third-party account services, and new items, such as wearable devices, smart home appliances, car infotainment systems connecting to our existing devices such as smartphones, home routers, and introducing new apps and cloud services to control them.

Yet, there is no tool that helps managing our account ecosystems and no simple way to assess the risks to the integrity and availability of items in our account ecosystem. Indeed, it is precisely the lack of such a tool at the larger scale of an organisation’s account ecosystem that leaves many institutions blind to the possible attack paths that ransomware attacks have exploited.

What we expect from you…

The candidate must have a master degree and outstanding qualifications in computer science, mathematics or a related discipline.

The candidate should have excellent spoken and written communication skills. The candidate should be prepared to integrate into the SaToSS research group, led by Prof Sjouke Mauw, which maintains excellent communication between all members.

We offer...

  • A large and dynamic research group with an exciting international environment
  • Training in scientific and transferable skills; participation in schools, conferences and workshops
  • The University of Luxembourg offers highly competitive salaries and is an equal opportunity employer

In Short...

Contract Type: Fixed Term Contract 36 Month, extendable to 48 months
Work Hours: Full Time 40.0 Hours per Week
Starting date: As soon as possible
Topics in security, privacy and formal methods
Student and employee status
Location: Belval
Job Reference: UOL04429

How to apply...

Applications written in English should be submitted online and include:

  • Detailed curriculum vitae, including your contact address, work experience and publications
  • Letter of motivation. This is essential and must clearly state how the experience and interests of the candidate are related to the PhD topic advertised. Generic applications that are not tailored to the group and topic will not be considered
  • Degree certificates and transcript of all grades from university-level courses taken
  • Contact information for 2-3 referees

Early submission is highly encouraged as the applications are processed in order of reception. Applications by email will not be considered, but we encourage applicants to contact the research group with questions.

The University of Luxembourg embraces inclusion and diversity as key values. We are fully committed to removing any discriminatory barrier related to gender, and not only, in recruitment and career progression of our staff.

In return you will get…

  • Multilingual and international character. Modern institution with a personal atmosphere. Staff coming from 90 countries. Member of the “University of the Greater Region” (UniGR).
  • A modern and dynamic university. High-quality equipment. Close ties to the business world and to the Luxembourg labour market. A unique urban site with excellent infrastructure.
  • A partner for society and industry. Cooperation with European institutions, innovative companies, the Financial Centre and with numerous non-academic partners such as ministries, local governments, associations, NGOs …

View or Apply

Similar Positions