PhD position on Modeling Security Standards for Internet of Things

This vacancy is in the scope of the INTERSCT project (https://intersct.nl/ ), a large Dutch national project on security for the Internet-of-Things. The area of the expected research focuses on how to better design, build, test and certify secure IoT systems that may consist of individual devices or a collection of devices.

The PhD project will address the conceptual foundation of IoT security standards and how it can be captured in a domain-specific language. Such a language would enable a precise formulation, interpretation, and refinement of security standards in a structured way and would support reuse in the compliance assessment and certification processes. This approach poses a number of questions: what are the fundamental domain concepts of such a language, what are the most suitable semantic entities that comprise its semantic domain and how they can support the tasks of validation, testing and checking compliance with the standards.

General Info
The increasing use of Internet-of-Things (IoT) technologies and devices facilitates the automation of many aspects of our daily life but also introduces serious risks of new cyber security threats. In IoT, these risks go beyond the boundaries of our digital world and penetrate into the physical world as well. Achieving an Internet of Secure Things is the primary goal of the project INTERSECT (https://intersct.nl/ ), a large Dutch national project on security for the Internet of Things. INTERSECT involves six universities in the Netherlands and over 30 non-academic partners from the public and private sector. The area of the expected research for this PhD vacancy falls in INTERSECT Work Package 2 (Design) that focuses on how to better design, build, test and certify secure IoT systems that may consist of individual devices or a collection of devices. Important topics in this package are security engineering for IoT systems, human factors in secure software engineering, code generation, assurance (with validation, testing, and certification).

Research Scope of the PhD Project
The importance of the security aspect for IoT has been recognized by a number of standardization bodies (e.g. NIST, ENISA, IoTSF among others) that proposed a set of security requirements, guidelines and recommendations. Currently, there is no globally established standard for IoT security. Furthermore, it is likely that different application domains like healthcare, industrial IoT, home automation will refine and extend the existing general standards. Regardless the diversity and the differences in the standards, they often have common conceptual underpinnings that may be captured in a domain-specific language. Such a language would enable a precise formulation, interpretation, and refinement of security standards in a structured way and would support reuse in the compliance assessment and certification processes. This approach poses a number of questions: what are the fundamental domain concepts of such a language, what are the most suitable semantic entities that comprise its semantic domain and how they can support the tasks of validation, testing and checking compliance with the standards.

Hosting Research Group
You will join the Software Engineering and Technology (SET) group in the Faculty of Mathematics and Computer Science, TU/e. SET performs research in software engineering with a strong focus on methods and tools for time- and cost-efficient development and evolution of high-quality software systems. More information about the group is available at https://www.tue.nl/en/research/research-groups/computer-science/software-engineering-and-technology-w/