We are looking for highly motivated PhD candidates in software engineering and program analysis.
Contact: Benoit Baudry (benoit.baudry@inria.fr)
Keywords: software engineering, software diversity, program transformation, approximate computation, moving target defense, privacy
Description
The vision of moving target defense (MTD) is to create, evaluate, and deploy mechanisms and strategies that are diverse, continually shift and change over time to increase complexity and costs for attackers, limit the exposure of vulnerabilities and opportunities for attack, and increase system resilience [1]. In particular, unlike prior efforts in cybersecurity, MTD does not attempt to build flawless systems to prevent attacks.
This project aims at combining state of the art software engineering techniques of unsound program transformations and runtime reconfiguration to propose innovative MTD solutions. Unsound program transformations [2,3] aim at automatically generating variants of programs that can trade slight semantic differences for quality improvement (e.g., bug fixing or speed). All these transformations rely on the assumption that, as long as software satisfy a set of immutable, essential properties, its behavior can vary inside an acceptable correctness envelop. Runtime reconfiguration consists in a set of observations and transformation mechanisms that support the evolution of software configuration and functionality at runtime [3, 4]. The combination of both approaches (automatic transformation to generate diverse program variants and runtime reconfiguration to continually shift and change over time) paves the way for effective MTD.
The essential scientific objective of this PhD will be to gain in-depth understanding of the program transformation mechanisms that underlie the efficient and effective synthesis of software diversity for MTD. Efficiency in this context refers to the ability of reducing the search space of potential program variants: there is potentially an infinite number of transforming a program in another one, but a vast majority of transformation yield to programs that do not compile or do not satisfy the minimal set of properties. Effectiveness refers to the ability of synthesizing variants that provide a maximum diversity, while staying inside the acceptable correctness envelop. Effective diversity synthesis thus requires ways of evaluating the acceptability envelop, as well as computing diversity metrics in relation with MTD. We will evaluate the algorithms and tools, through a set of experiments on software stacks running in the cloud, e.g. Rhino [6] and WordPress [7].
The PhD student should have strong program analysis skills, a strong interest in software testing and correctness as well as in large-scale experiments and a taste for rigorous scientific investigation. Knowledge of compilation, rewriting and web server technology would be good.
References
[1] Jajodia, S. (Ed.). (2011). Moving target defense: creating asymmetric uncertainty for cyber threats (Vol. 54). Springer.
[2] Le Goues, C., Nguyen, T., Forrest, S., & Weimer, W. (2012). GenProg: A generic method for automatic software repair. Software Engineering, IEEE Transactions on, 38(1), 54-72.
[3] Sidiroglou-Douskos, S., Misailovic, S., Hoffmann, H., & Rinard, M. (2011). Managing performance vs. accuracy trade-offs with loop perforation.
[4] F. Fouquet, E. Daubert, N. Plouzeau, O. Barais, J. Bourcier, and J.-M. Jézéquel. Dissemination of reconfiguration policies on mesh networks. In Distributed Applications and Interoperable Systems, pages 16–30. Springer, 2012.
[5] Cheng, B. H., de Lemos, R., Giese, H., Inverardi, P., Magee, J., et al. (2009). Software engineering for self-adaptive systems: A research roadmap (pp. 1-26). Springer Berlin Heidelberg.
[6] https://github.com/mozilla/rhino
[7] https://github.com/WordPress/WordPress
Working Environment
The candidates will work at INRIA in the DIVERSE team. DIVERSE’s research is in the area of software engineering, focusing on the management of diversity in the construction of software intensive systems. The team is actively involved in European, French and industrial projects and is composed of 8 faculty members, 18 PhD students, 5 postdocs and 4 engineers.
This work on the artificial software synthesis is part of a more general investigation about the increase of software diversity in software intensive systems. In particular, our research group currently coordinates the EU project DIVERSIFY EU diversify, which focuses on the automatic synthesis and emergence of software diversity by adapting sound ecological principles of biodiversity dynamics
The position is open and applications will be reviewed until the positions are filled. The monthly net salary is 1600 euros. The PhD position is for 3 years.
Application
You can apply directly on the INRIA application page