[ecoop-info] PhD position in Security Specification and Testing of Resilient Systems at the University of Luxembourg

[Gilles Perrouin]

The University of Luxembourg is looking for a:

PhD student (M/F)
3 years of full funding

Location: University of Luxembourg (http://www.uni.lu)

-----------------------------
Title: Security Specification and Testing of Resilient Systems

Context:

----------------------------

The Laboratory of Advanced Software Systems (LASSY) of the university is
dedicated to investigating various aspects of software engineering. In
particular, the successful candidate will work with a team of
specialists in Model Driven Development, Testing, Resilient and
Self-Adaptive systems in the frame of the SETER project.

Salary: approx. 2100 Euros net (taxes included)


Overview of the SETER Project:

-------------------------------
Duration: 3 years


The SETER project is funded by the Luxembourgish National Research
Found. The project is entitled Security Testing of Resilient Systems.
The main objective of the project is to propose new security testing
approaches for resilient systems (i.e. systems able to continue
operating in the presence of unexpected events) the earliest possible in
the software development life-cycle to assist engineers to develop more
secure and more reliable systems.

SETER Web Page: http://mindtouch.uni.lu/Projects/SETER


Keywords:
---------
Model-Driven Engineering, Testing, Requirements Engineering, Fault
Tolerance, Security, Resilient and Self-Adaptive/Self-* Systems,
Modularity, Reuse.



Background:
---------------------------

Resilient systems can be viewed as open distributed systems that have
capabilities to
dynamically adapt, in a predictable way, to unexpected and harmful
events, including such as hardware failures or malicious security
attacks. Hence, these systems can be built to handle critical situations
(crisis management, health-care). This dynamic adaptation requires that
these systems are able to reason about themselves in order to make the
best adaptation choice at the right time. Hence, engineering such
systems implies that the variability of adaptation is fully understood,
monitored and controlled which is intrinsically a difficult task due to
the complexity induced by resilient systems' adaptation capabilities.
Furthermore, as every software system, engineering a resilient system
should also take into account constraints on costs, quality, performance
etc.


Given the expected role of resilient systems and their complexity of
engineering, verification is of utmost importance. In particular we
propose to employ testing to provide trust in these systems. Testing is
an activity that aims at both demonstrating discrepancies between a
systems actual and intended behaviours and increasing the confidence
that there is no such discrepancy. One of the main features of a system
to test is the security of the system, especially for those which are
safety or business critical. The security of a system classically
relates to the confidentiality and integrity of data as well as its
availability. In the context of resilient systems, the challenge of
testing security is aggravated by the fact that the system is able of
self-adaptation which can either increase or decrease the security level
of the system.


Subject and Contributions:

---------------------------------


The goal of this PhD in the context of the SETER project is to define a
new testing approach that will ease the verification of resilient
programs that implement security properties. This approach must be aware
that confidentiality and integrity can be compromised in many different
ways (and
consequently the resilient system can evolve in many different ways too)
and must be able to cover the variability intrinsic to resilient systems
in order to provide a high degree of confidence in the adaptation of the
system. As variability guiding the adaptation is involved at various
stages of the development of a resilient system (from requirement
elicitation to runtime) the proposed approach should provide models an
techniques relevant with respect to these levels. In particular the
following contributions are expected:

1. Definition of a language at the requirement elicitation and
analysis (early and late requirements) levels supporting the
definition of security and resilience properties. This implies
the precise specification of these properties concerning
“expected” events but also innovative ways (rule-based, goal-driven, etc.)
to specify such properties so that the system can verify them
in the presence of unexpected events.

2. On the basis of this language, a testing method have to be
provided to generate tests for these properties. In particular,
the proposed method should take advantage of the commonalties
(corresponding to “expected behavior”) and variabilities induced
by adaption to unexpected events to minimize the number of tests.
Results from the (dynamic) Software Product Line, Self-* as well
as Self-Adaptive and/or Software Reconfiguration (reflective
middleware, reconfiguration languages) communities can be used to this end.


Moreover, since current trends advocate the idea that supporting
resilience should be done with current software engineering techniques,
the testing approach should be based on proven testing techniques and
extend them if necessary. This will minimize the learning of curve of
the method and allow the usage of already existing tool-sets. Finally,
the testing solution is expected to use model-driven engineering
techniques in order to specify, translate tests amongst all phases of
the the resilient system's life-cycle, run them and store meaningful
results that can be then exploited by the engineers to drive future
fixes/evolutions of the system.


Profile and Application:

-----------------------------


Candidates must hold a master in software engineering (or equivalent)
preferably with a research orientation. A good knowledge of English
(spoken and written) is mandatory, French and Luxembourgish would be a
plus. The university of Luxembourg is an equal opportunity employer.

Candidates must send the following information to Prof. Nicolas Guelfi
(nicolas.guelfi at uni.lu) and Dr. Gilles Perrouin (gilles.perrouin at uni.lu) no
later than *September 8th 2009*:

* Introduction Letter,

* Detailed resume comprising lectures followed as well as
participation in projects and/or professional experience and
publications if any,

* Copy of master thesis or equivalent (if possible).


Contact Information:

-----------------------------

For further information, please address yourself to Prof. Nicolas Guelfi
(nicolas.guelfi at uni.lu) and Dr. Gilles Perrouin (gilles.perrouin at uni.lu)


-- 
---------------------------------------------------------------
Dr. Gilles Perrouin, Scientific Collaborator, LASSY
FSTC / University of Luxembourg, Campus Kirchberg
6 rue Richard Coudenhove-Kalergi, L-1359 Luxembourg Kirchberg,
Luxembourg