SAP has flagged the Developer Associate for SAP Customer Engagement & Commerce (m/f) job as unavailable. Let’s keep looking.

about the role

You will be conducting a PhD on using provenance for cybersecurity in operational cloud environment.

Provenance, in the context of computer systems and security, refers to the collection of information that documents the history and origin of data and processes within a computer system. It allows for tracing the path and transformations undergone by the data, as well as the interactions between different components of the system, to analyze the causes and consequences of operations performed on the system. Its use in security covers areas such as threat detection, intrusion investigation, and forensic analysis.

The central issue of provenance is finding a balance between the granularity of provenance data (fine details) and its completeness (global), while managing the volume of generated data to optimize their analysis and interpretation [1].

The objective of the thesis is to propose mechanisms and methods for (semi) automated and scalable discovery and analysis of fine-grained causal links between events affecting system objects for cybersecurity purposes in investigating and interpreting attack histories. The starting point of the thesis, to address the known scientific and technical challenges of provenance, is to fundamentally revisit current practices in system log collection, considering the benefits of eBPF technology [2], which allows for hot-injection and execution of event-driven programs at the Linux kernel level to collect these system logs.

Three combined benefits of eBPF-based log collection are worth examining in this thesis to improve current approaches to provenance: programmable fine-grained collection, real-time context access including the system state at the time of the supervised execution, and hot-injection of probes allowing for dynamic activation, deactivation, and updates. The thesis can benefit from open-source tools such as eAudit [3], SysFlow [4], and CamFlow [5].

Security supervision is currently too local, both in time and space, and too static. The proposed direction in this thesis is expected to advance the investigation of attack progress, with interpretation of security events considering previous and subsequent events (time component), taking into account the remote context interacting via the network with these events (space component), and finally, with adaptive supervision and collection (dynamicity component). As an objective, subject to revision based on the lessons learned from the thesis, the contributions produced will be evaluated through a post-mortem investigation of a ransomware-type attack.

about you

  • Computer knowledge, including a deep understanding of operating systems (Linux)
  • Knowledge of computer security: understanding the fundamental principles of operating system security, defense mechanisms, and attack methods.
  • Mathematical skills: knowledge of graphs and algorithms for processing large graphs.
  • Programming skills: ability to develop tools and scripts to collect, analyze, and process system provenance data. Proficiency in programming languages such as C and Python is required.
  • Research skills: problem formulation, design and implementation of experiments, analysis of results, and writing scientific articles (excellent English proficiency is required).

The candidate should have a degree from an engineering school or a Master's degree in computer science with a specialization in security and/or significant personal experience in security.

[1] Sok: History is a vast early warning system: Auditing the provenance of system intrusions, INAM, Muhammad Adil, CHEN, Yinfang, GOYAL, Akul, et al. In : 2023 IEEE Symposium on Security and Privacy (SP). IEEE, 2023. p. 2620-2638

[2] eBPF—introduction, tutorials & community resources. https://ebpf.io

[3] eAudit: A Fast, Scalable and Deployable Audit Data Collection System, R Sekar, H Kimm, R Aich - 2024 IEEE Symposium on Security and Privacy (SP)

[4] https://research.ibm.com/projects/sysflow#overview

[5] M. Pasquier, J. Singh, D. Eyers and J. Bacon, "Camflow: Managed Data-Sharing for Cloud Services," in IEEE Transactions on Cloud Computing, vol. 5, no. 3, pp. 472-484, 1 July-Sept. 2017

additional information

The candidate will develop advanced technical skills that are sought after and rare in system security. Within Orange Innovation, he/she will have the opportunity to benefit from an operator's perspective for assessing the value of his/her research in terms of innovation, both in the IT domain (microservices, Cloud Native Computing) and in the field of networks (containerized NFV, 5G).

This security research is closely linked to the evolution of virtualized IT and network infrastructures, which are becoming programmable through infrastructure softwarization and the recent widespread adoption of eBPF technology, automated and intelligent.

department

Orange Innovation brings together the research and innovation activities and expertise of the Group's entities and countries. We work every day to ensure that Orange is recognized as an innovative operator by its customers and we create value for the Group and the Brand in each of our projects. With 720 researchers, thousands of marketers, developers, designers and data analysts, it is the expertise of our 6,000 employees that fuels this ambition every day.

Orange Innovation anticipates technological breakthroughs and supports the Group's countries and entities in making the best technological choices to meet the needs of our consumer and business customers.

Within Orange Innovation, you will be integrated into DPI team responsible for maintaining a high level of expertise in security for the Orange Group. Research carried out by DPI focuses in particular on system security, cryptography, and personal data protection. You will be part of a research ecosystem, working alongside anticipatory study engineers responsible for the practical implementation of new concepts, particularly in cybersecurity.

contract

Thesis

Read Full Description
Confirmed 17 hours ago. Posted 13 days ago.

Discover Similar Jobs

Suggested Articles