Research Scholarship: CISUC - UIDB/00326/2020 - Process 779706

CALL FOR RESEARCH INITIATION FELLOWSHIP

Process 779706

University of Coimbra opens a call for one research initiation fellowship, in the framework of the Research Centre for Informatics and Systems of the University of Coimbra (CISUC) (reference: UIDB/00326/2020), financed by Foundation for Science and Technology, IP with national funds (PIDDAC) via the State Budget, in the following conditions:

Scientific area: Informatics Engineering.

Skills/Qualifications/Admission requirements: Students enrolled in a Bachelor Course in Informatics Engineering or similar or Students enrolled in a Master Course in Informatics Engineering, Informatics Security or similar.

Research Initiation Fellowships cannot be awarded to those who have already benefited from research fellowships directly or indirectly financed by the FCT (regardless of the type).

Furthermore, this (these) fellowship(s) can only be awarded to those who do not exceed, with the conclusion of the contract in question, including possible renewals, an accumulated period of one year in this type of fellowship, consecutive or interpolated.

Although the recipients must be enrolled in a cycle of studies leading to the attribution of an academic degree, at the time of application it is not necessary for the candidate to have made such an enrollment, and proof of enrollment must be presented until the fellowship is contractualized. Candidates are only required to meet the requirements to enroll in the training offer. If there are candidates already enrolled (including attending a course), they compete on an equal footing with those who are not enrolled.

Work plan/ Objectives: This proposal aims to develop a Vulnerability and Attack Injection Tool in Python (VAITP) to test the security of applications and security tools. This project can be divided into two main components:

1. A Vulnerability Injection component, which inserts known vulnerability types in the source code of an application. The vulnerabilities injected should be as similar as possible to real-world vulnerabilities;

2. An Attack Injection component, which attacks (as automatically as possible) the vulnerabilities injected by the Vulnerability Injection component. So, this Attack Injection component knows what vulnerabilities were injected and, using this knowledge, create attacks that can exploit the vulnerabilities (one at a time).

With the VAITP tool developed we can:

1. Test security teams by making them search for the vulnerabilities injected. These vulnerabilities are proven to be real since they were verified by the Attack Injection component;

2. Evaluate existing security tools during the execution of the Attack Injection component.

Given the many possibilities that Python libraries provide, we consider that the development of both components may benefit from the use of Artificial Intelligence (e.g. when deciding the location where to inject the vulnerability, the selection of the attack payload to use, etc.).

Regime: The attribution of the fellowship does not generate or entitle a relation of a legal-labour nature, and the fellowship is undertaken in an exclusive dedication regime. The fellowship holder is awarded the Fellowship Statute of the UC, in its current wording, according to the Research Fellowship Holder Statute , and according to the Regulation for Research Fellowships of the Fundação para a Ciência e a Tecnologia, I.P., both in their current wording.

Location: Department of Informatics Engineering, Faculty of Science and Technology at the University of Coimbra.

Duration: 6 months.

Renewal: Eventually renewable.

Scientific orientation: Professors José Carlos Coelho Martins da Fonseca and Naghmeh Ramezani Ivaki.

Financial conditions: The amount of the fellowship is € 446,12 corresponding to the monthly compensation stipulated in the FCT table (https://www.fct.pt/apoios/bolsas/valores.phtml.en ), plus social security (Seguro Social Voluntário, first level contributions) and personal accidents insurance. The payment will be made by bank transfer. This amount will not be increased during the entire period of the fellowship duration.

Selection methods: CV Evaluation (70%) and Interview (30%).

Selection criteria: The evaluation of the CV will focus on:

A. Average of courses completed (taking into account the number of courses completed) or Bachelor's Degree Average (60%);

B. Level of English Proficiency (10%).

The interview will focus on:

C. Interest in acquiring knowledge and research in programming areas (20%);

D. Motivation (10%).

Jury responsible for selection: Professors Henrique Santos do Carmo Madeira, Naghmeh Ramezani Ivaki and José Carlos Coelho Martins da Fonseca.

Formalization of application: Applications must be performed by sending the following mandatory elements:

1. Detailed curriculum vitae including academic titles;

2. Motivation Letter;

3. List of Master's Degree grades obtained and Bachelor's Degree Certificate or List of Bachelor's Degree grades obtained;

4. Proof of enrolment in a Bachelor's or Master's Degree (optional - must be presented until the fellowship is contractualized);

5. Declaration mentioned below.

Declaration on the honor of the candidate(s) with the indication of the fellowship(s) of the typology to which the contest was held and the respective duration(s).

Applicants with academic degrees obtained abroad will be required to present a Certificate of Recognition in accordance with applicable law. This document is mandatory only in the contractualization phase.

Applications submission: Applications must be sent to the following e-mail addresses: [email protected] and [email protected] , clearly indicating the application reference "CISUC-SSE-779706").

Submission of applications: Between 01/12/2021 and 17/12/2021.

Submission deadline date: 17/12/2021.

Additional information: The evaluation results will be announced within 90 working days after the end of the applications submission deadline, by notifying the applicants via email. After the announcement of the results, candidates are considered automatically notified to, if they wish to do so, comment on the results on a preliminary hearing period within 10 days after that date. After this, the selected candidates will have to declare in writing their acceptance. Unless a justification worthy of consideration is presented, if the declaration is not submitted within the referred period, it is considered that the candidate waivers the fellowship. In case of resignation or withdrawal of the selected candidate, the next candidate with the highest evaluation score will be notified immediately.

Once the selection process is completed, the fellowship contract will be drawn up in accordance with the draft contract provided by the FCT.

After the contracted period, the fellowship holder and supervisor must prepare the final report in accordance with the respective assessment criteria that were established.

Selection reserve list: N.A.