The CISPA Helmholtz Center for Information Security is looking for PhD Students in areas related to:
- Cybersecurity, Privacy and Cryptography
- Machine Learning and Data Science
- Efficient Algorithms and Foundations of Theoretical Computer Science
- Software Engineering, Program Analysis and Formal Methods
We constantly seek applications from qualified researchers regardless of their national origin or citizenship. The working language is English. A command of German is not required for a successful career at CISPA.
What They offer to you
- Admitted students are paid employees of CISPA with a full-time contract of three years with the possibility of one year extension. Salary starting from approx. €4180 (gross/month) according to the scale of the TVöD (German Federal Employment Agreement) equilivalent of Rs. 3,72,811.74 as of today’s rate.
- Health insurance, 30 days paid time off and a pension scheme
- Opportunities for development and growth from language classes, research support to extracurricular and social activities
- Our onboarding team will provide you with all information needed for a successful start and support you if needed
What They expect from you
- You have a Bachelor’s or Master’s degree from a top-tier, research-oriented institutions of higher education in a subject relevant to our research
- You should have an outstanding academic record (at or near top of your class)
- You’re proficient in spoken and written English
- You have strong letters of recommendation from your academic advisors
Details of the Jobs
Details are given as per various group.
Ali Abbasi’s group
Ali Abbasi’s group’s main aim is to design defense mechanisms and break existing embedded systems to improve their security. We combine deep technical insights of both firmware and hardware to build novel analysis techniques, allowing us to tackle hard-to-test and previously unknown attack surfaces. We also design and implement new methods to protect embedded systems against various classes of attacks, both on the hardware and firmware level.
For hardware security-oriented Ph.D. positions, we are looking for candidates with a strong interest in:
- Hardware-assisted security testing and hardware vulnerabilities
- Side-channel attacks (e.g., power analysis and instruction-level side channel profiling)
- FPGA programming and system building at the board-level around customized circuits
- RISC-V and ideally one of its open source designs
- Computer architecture design, simulation, and performance evaluation
For software security-oriented Ph.D. positions, we are looking for candidates with solid programming skills in low-level languages like C/C++/Rust/Assembly and in-depth knowledge of operating systems. The candidate should also be interested in at least one of the following topics:
- Firmware reverse engineering and/or exploit development
- Automated software testing (e.g., fuzzing), especially with an interest in hardware/software-assisted firmware testing
- Space assets security (e.g., in-orbit satellite systems security)
- Security of Industrial Control Systems (ICS), Electronic Control Units (ECUs), or mobile basebands
For both types of positions, actively playing CTFs, having a public track record of vulnerability research, or building open-source security analysis tooling is a plus. A person with an offensive security mindset will enjoy the work in our group.
Andreas Zeller’s group
Andreas Zeller’s group creates tools and techniques that help developers build better software – by automatically testing, analyzing and debugging its code and its development process. His group focuses on software analysis, notably software testing and debugging. Their research projects involve generating software tests, automated debugging and repair, analyzing mobile systems, analyzing user interfaces and more. Essentially, their research focuses on the following questions:
- How can we systematically test complex software systems?
- How can we accurately determine and characterize input formats?
- How can we explain causes and circumstances of software failures?
Andreas’ solutions typically apply and combine several techniques including dynamic analysis, static analysis, specification mining, test generation, natural language processing, machine learning, constraint solving and formal languages.
In 2023, Andreas received an ERC Advanced Grant of 2.5 million EUR for the project “Semantics of Software Systems” (S3) on massice generaion of tests and oracles for software. Check out the grant proposal!
Since 2022, most of Andreas’ projects focus on semantic fuzzing and debugging, centered around our all-new ISLa specification language and input generator.
Since 2021, Andreas’ Debugging Book presents and implements techniques for automated debugging and repair, and The Fuzzing Book introduces test generation (“fuzzing”) techniques. Both books are interactive – you can execute and edit the code right in your browser.
In all this, we are looking for solutions that make a splash in academia and industry and that stand the test of time – Andreas holds no less than seven 10-year impact paper awards. If you’d like to go where no one has gone before, contact us.
Christian Rossow’s group
Christian Rossow’s group’s research focuses on system and network security; network security spans practical protocol analyzing, network fuzzing, DDoS attacks and defenses, attack attribution, and traffic analysis. Our system security research is concerned about designing secure networked/distributed systems using novel trusted computing primitives (e.g., Intel TDX, AMD SEV, ARM Realms) or networking harward (e.g., P4-programmable switches, SmartNICs). Either way, our primary focus is practical high-impact research, aiming to present our results at the leading conferences in our field.
We can offer you an excellent working environment on the campus of TU Dortmund, strong individual supervision, interesting and cutting-edge research topics, and world-wide collaborations. You qualify for a PhD position if you (are about to) have an excellent degree at the MSc level. We expect enthusiasm and creativity from you, and (at least) a basic background in security.
Krikamol Muandet’s group
Krikamol Muandet’s group’s research aims at understanding the principles that enable autonomous agents to learn from past experience and interact succesfully with complex environments, and to use this understanding to design new learning algorithms. The research theme spans the following areas:
- Prediction: How do we design ML algorithms that can cope with distrbutional shifts? The topics of interest are domain adaption (DA), domain generalization (DG), out-of-distribution (OOD) generalization, and robustness. Kernel methods, kernel mean embedding of distributions and applications thereof are our mathematical arsenal to tackle these problems.
- Causation: How do we leverage cause-effect relationships in improving ML models, and conversely how do we use sophisticated ML methods to aid causal inference in complex environments? Topics of interest are unobserved confounders in causal inference, spurious correlation in machine learning, distributional treatment effects, counterfactual inference, and algorithmic decision making. Natural experiments and quasi-experimental designs such as instrumental variable (IV), proxy variables, and regression discontinuity design (RDD) offers tools to address these problems.
- Regulation: How do we regulate the deployment of ML models in heterogeneous environments to ensure the democratic use of AI? Topics of interest are feedback loops and strategic behavior. To gain a better understanding of these problems, we will be adopting techniques from algorithmic game theory, mechanism design, social choice theory, and other related sub-fields of economics.
Mridula Singh’s group
Mridula Singh’s group’s research focuses on enabling secure communication, positioning, and combining sensor modalities for autonomous systems. The technologies of interest are CANBus, UWB, WiFi, 5G, LEO, and GNSS. Example research topics will include:
- Exploring security vulnerabilities of the communication technologies mainly at the physical and logical layer
- Secure sensor fusion
- Designing secure positioning architecture for 5G
- Secure time synchronization
- Location privacy
Robert Künneman’s group
Robert Künneman’s group’s goal is to bring guarantees obtained in abstract models for TLS etc. down to the implementation level. With monitoring, we can make programs crash if they violate those guarantees. With fuzzing, we can find out if they do that before they reach the user. We plan to closely collaborate with LORIA, Nancy as part of the French-German-Center for Cybersecurity, offering the option to be co-supervised and experience the rich research environment provided by both LORIA and CISPA. The ideal candidate has a knack for formal modelling and (computational) logic, but also an interest to explore program analysis techniques like fuzzing and symbolic execution.
Sebastian Stich’s group
Sebastian Stich’s group’s research focuses on distributed algorithms (such as federated and decentralized learning), algorithms for differentially private, robust, and fair machine learning, and on distributed artificial intelligence (see also www.sstich.ch for past and current research). It will be a plus if the student is motivated to work on theoretical challenges that arise in practical application in the fields of biology and health (e.g., structured, or multimodal data, low sample sizes, etc.). Within this project, the student will have the opportunity to collaborate with partners within the Helmholtz AI unit.
Requirements: The candidate is expected to have an excellent degree at the MSc level in mathematics, statistics, computer science or a related discipline. A solid mathematical foundation (e.g. probability theory, statistics, calculus, and linear algebra) is a must, experience in optimization, machine learning, data science or with a ML framework such as e.g. PyTorch, is a plus.
Wouter Luek’s group
Wouter Luek’s group’s interest is addressing — if possible — societal challenges through the careful design of new privacy-friendly systems. To do so, we create new applied cryptographic primitives and system’s building blocks such as anonymous communication systems. We also analyse and improve existing systems.
A familiarity with in security/privacy in general, and training in either applied cryptography or systems is recommended. But we welcome applications by qualified students from other areas as long as you have an interest in privacy and technology.
CISPA Helmholtz Center for Information Security is a German national Science Institution within the Helmholtz Association and provides a unique work environment that offers the advantage of a university department and a research laboratory alike. CISPA’s mission is to rethink the digitized world of the future from the ground on up an make it safer through innovative cutting-edge research. CISPA is committed to the highest international academic standards. We offer a world-class research environment that grants extensive resources to a wide range of researchers and constitutes an attractive destination for the best talents and scientists from all countries. CISPA provides a highly international and diverse working environment, currently hosting researchers of over 40 nationalities.
CISPA headquarter is located in Saarbrücken, in the tri-border area of Germany, France and Luxembourg. The CISPA campus is located close to Saarland University, which is known for its excellence in Computer Science, the Max Planck Institute for Informatics, the Max Planck Institute for Software Systems, and the German Research Center for Artificial Intelligence (DFKI).