Open PhD Position in Combining Program
Analysis and Machine Learning for Cybersecurity
The CEA LIST, Software Security Lab, has an open PhD
position at the crossroads of automated
software security analysis, program analysis and artificial intelligence,
to begin as soon as possible in Paris-Saclay, France.
The position benefits from the collaboration between CEA, Université of
Montpellier and Simula.
Keywords: computer science, machine
learning, program analysis, software security, formal methods
Quick position description
Binary-level security analysis is sometimes mandatory, e.g., malware or
vulnerability detection. Yet, such tasks are extremely hard to perform
manually and would greatly benefit from automation. While binary-level
program analysis is highly challenging, recent progress have been
recently obtained by adapting advanced methods from program analysis
and formal methods. But these logical methods also reach their
limits at some point. On the other hand, machine learning also starts
to be successfully applied to such problems. Interestingly, these two
families of approaches are complementary: program analysis can
prove facts while learning can infer facts. The goal of this doctoral
work is to understand how deduction-based approaches (from program
analysis) and learning-based approaches (from AI) can be combined
together for
attacking hard challenges arising from security-oriented program
analysis -- typically, code hardening, vulnerability detection or
reverse.
Context
The position is 3-years long. The successful candidate will be hosted
at CEA LIST (Paris area, France) where he will be supervised by
Sébastien Bardin, in close collaboration with Arnaud Gotlieb (Simula)
and Nadjib Lazaar (Université de Montpellier).
Requirements
We welcome curious and enthusiastic students with a solid background in
Computer Science -- both theoretical and practical aspects. Candidates should be familiar with
at least one of the following topics: program analysis or formal verification, machine learning, logic
(especially automated solvers). A good knowledge of functional programming (OCaml) is a plus. Some experience
in compiling, hacking or security challenges would be great.
Application
Applicants should send an email to Sébastien Bardin
sebastien.bardin@cea.fr - including CV, motivation letter and references. deadline: please contact us as soon as possible,
a first round of selection takes place at the end of May. More
information by email