PhD/Researcher position: Privacy Engineering through Source Code Analysis

at  KU Leuven

PhD/Researcher position: Privacy Engineering through Source Code Analysis
(ref. BAP-2024-545)
Laatst aangepast: 31/07/24
DistriNet is a leading research group specializing in secure and distributed software, embedded in the KU Leuven Department of Computer Science. With over 100 researchers, including 15 full-time professors, the group excels in systems-centric, application-driven research, often collaborating closely with industry. DistriNet’s expertise has led to the creation of multiple spin-off companies. The group focuses on Secure Software and Systems, encompassing applications, services, middleware and systems, infrastructures, methods, and tools. Their research is applied to innovative case studies in e-health, industry 4.0, e-finance, e-media, and e-government.
Are you passionate about privacy and enjoy diving into code? Join our team as a privacy researcher and contribute to driving innovative solutions that leverage source code for privacy threat modeling analysis. As a PhD candidate in this research track, you’ll play a crucial role in advancing privacy engineering practices. You will explore, investigate, and analyze techniques for architectural reconstruction to create the relevant models for privacy threat analysis. Your work will have an impact on cost-effective development practices, as well as enable seamless integration with contemporary development practices and CI/CD automation.
Website van de eenheid
Project
Threat modeling is a crucial element of the “shift-left” approach, which emphasizes addressing cybersecurity and privacy issues early in the development process for both new and existing digital systems and services. LINDDUN (https://linddun.org/) is an acclaimed privacy threat modeling approach that builds on 10+ years of research experience within DistriNet. As a member of the research team focused on security & privacy threat modeling and threat mitigation, you will contribute to the advancement, validation, and creation of tooling related to the LINDDUN Privacy Threat Modeling framework. The available work and results from the LINDDUN project serve as a major steppingstone for your work.
Within our research group, a team of researchers is dedicated to privacy threat analysis using the LINDDUN framework. We actively address challenges related to privacy analysis and risk assessment, as well as privacy-by-design throughout the software development life cycle. We apply our findings through case studies across innovative and challenging application domains, such as e-health, industry 4.0, e-finance, e-media, e-government and the Internet-of-Things, with active participation in European and Flemish research projects. Given that many software projects start from existing codebases, there is a strong need to integrate and consider this pre-existing context in future privacy (and security) threat analyses.
However, architectural documentation is frequently lacking, leading to a large upfront cost to recreate this documentation for use in threat modeling. This research track tackles this challenge by investigating and leveraging source code analysis to address this problem.

When you join us, you will be contributing to our ongoing and upcoming research activities related to LINDDUN across a variety of topics of interest, including:

• code analysis and model reconstruction
• code annotations
• privacy threat elicitation and documentation
• advanced tooling and automation approaches in support of threat analysis
• (domain-specific) reference applications, exemplar and validation cases of threat analysis
• assessment of privacy risk in concrete systems and informed by software and system architecture
• management and mitigation of privacy risk, in the design and development of privacy-preserving systems, the use and furthering of privacy-enhancing technologies (PETs)

Profile

You share our concern for privacy and interest in privacy engineering, and you have:

• a master in computer science (or equivalent)
• affinity for model-based analysis
• an analytical mind and capability of design-centric thinking
• technical/practical implementation skills
• and fluent English written and oral communication skills

Offer

We offer a full-time position as researcher, with or without a PhD trajectory in computer science:

• you will join a supportive and collaborative team in which you can develop know-how and expertise in state-of-the-art technologies
• you will have the opportunity to build up research and innovation skills that are essential for a future career in academia or in industry
• you will work in a multicultural working environment at the KU Leuven High Tech Campus

Interested?
For more information please contact Prof. dr. ir. Wouter Joosen, tel.: +32 16 32 76 53, mail: wouter.joosen@kuleuven.be or dr. ir. Laurens Sion, tel.: +32 16 37 39 52, mail: laurens.sion@kuleuven.be.
You can apply for this job no later than September 30, 2024 via the online application tool
KU Leuven strives for an inclusive, respectful and socially safe environment. We embrace diversity among individuals and groups as an asset. Open dialogue and differences in perspective are essential for an ambitious research and educational environment. In our commitment to equal opportunity, we recognize the consequences of historical inequalities. We do not accept any form of discrimination based on, but not limited to, gender identity and expression, sexual orientation, age, ethnic or national background, skin colour, religious and philosophical diversity, neurodivergence, employment disability, health, or socioeconomic status. For questions about accessibility or support offered, we are happy to assist you at this email address.
-
Heb je een vraag over de online sollicitatieprocedure? Raadpleeg onze veelgestelde vragen of stuur een e-mail naar solliciteren@kuleuven.be
avtimer
Tewerkstellingspercentage: Voltijds
locationcity
Locatie : Leuven
timer
Solliciteren tot en met:

Please refer the Job description for details