lu.se

Elektro- och informationsteknik

Lunds Tekniska Högskola | Lunds universitet

Forskarutbildning

This is a temporary webpage dedicated to the WASP PhD student call in security. It includes somewhat more information than the text in the call.

The security project is focused in software updates in autonomous systems, and in particular software updates to devices operating in these systems and environments. Scalability, size and the fact that the systems and devices are operating autonomously makes this a challenging task. The project will consider several aspects of the update process, such as identification, evaluation and deployment of updates.

There are several aspects that needs to be considered when updating software. First, how critical is the update? Does it have to be deployed immediately due to a critical security vulnerability? How do we even assess the criticality of vulnerabilities in autonomous systems? Exploitability will depend on many different parameters, such as access media, configuration and environment.

Second, how is the update deployed? In an unmanned environment, updates must be distributed automatically. The software should be digitally signed, following a PKI that is suitable for the environment. Distributed ledgers such as a blockchain is an attractive alternatives to the PKIs used today as it can distribute the trust in certificates and CAs to a large number of peers. Moreover, protocols that guarantee the scalability and the dynamic features of the system must be used.

Thirdly, as the software may contain sensitive data or algorithms, it must be protected from reverse engineering and information theft. This is particularly important in an unmanned system as potential adversaries may gain access to the devices and the software.

The project will develop tools and analyze methods for realising secure deployment of software patches, following the problems above. All problems will be considered from an architectural point of view, while some of them will be treated in more detail.

The PhD candidate should have a solid background in programming and a good understanding of computer systems. The candidate should also have very good English communication skills, both written and oral.

The application must be submitted through https://lu.mynetworkglobal.com/en/what:job/jobID:148561/