Research Intern: Trade-offs in Dynamic Analysis for Security Vulnerability Detection
OracleAu-au,australia-brisbaneUpdate time: February 26,2020
Job Description
Do you want to apply your knowledge of dynamic analysis for Java to detect security issues? Are you interested in understanding scalability challenges?
If so, we have a 4-6 month, full-time internship tenable during June 2020 to May 2021 that will interest you.
The aim of the internship is to identify precision and performance trade-offs of a generic runtime verification approach that automatically synthesises monitors from formal specifications and a dynamic taint analysis approach for a problem of security vulnerability detection in Java applications.
This internship will explore precision and performance trade-offs of runtime verification and taint analysis empirically using the following tools that implement these techniques\:
• JavaMOP (a generic runtime verification system), and
• Phosphor (a taint tracking system).
The internship will first focus on detection of SQL injections (due to its simplicity and availability of monitoring specifications) and further explore monitoring properties that are difficult to detect statically, such as authentication/session errors or CSRF.
This internship will explore precision and performance trade-offs of runtime verification and taint analysis empirically using the following tools that implement these techniques\:
• JavaMOP (a generic runtime verification system), and
• Phosphor (a taint tracking system).
The internship will first focus on detection of SQL injections (due to its simplicity and availability of monitoring specifications) and further explore monitoring properties that are difficult to detect statically, such as authentication/session errors or CSRF.
Duties You will\:
• Familiarise yourself with relevant techniques and tools
• Develop, implement and evaluate techniques to detect SQL injections
• Extend the above to handle different security properties that are difficult to detect statically, e.g.,
session errors, CSRF
• Meet with your supervisor daily for guidance and to discuss ways to solve the problem;
• Attend team meetings and give updates on your work;
• Present your findings and outcomes to the group.
• Familiarise yourself with relevant techniques and tools
• Develop, implement and evaluate techniques to detect SQL injections
• Extend the above to handle different security properties that are difficult to detect statically, e.g.,
session errors, CSRF
• Meet with your supervisor daily for guidance and to discuss ways to solve the problem;
• Attend team meetings and give updates on your work;
• Present your findings and outcomes to the group.
Prerequisites\:
• Currently enrolled in a PhD or research-based Masters degree in Computer Science or Software
Engineering
• Have excellent Java programming skills including Java infrastructure
• Have excellent software engineering skills
• Have strong understanding of security issues
• Demonstrated ability to work independently and collaboratively
• Having a compiler/program analysis background is a plus
• Currently enrolled in a PhD or research-based Masters degree in Computer Science or Software
Engineering
• Have excellent Java programming skills including Java infrastructure
• Have excellent software engineering skills
• Have strong understanding of security issues
• Demonstrated ability to work independently and collaboratively
• Having a compiler/program analysis background is a plus
Benefits\:
• These positions are paid at current industry rates.
• Where appropriate, travel & visa costs associated with overseas applicants will be reimbursed.
• Ongoing learning is incorporated in all aspects of the project.
!|!This job code is utilized for the majority of our temporary hires. The individual is performing hourly job duties as defined under the Fair Labor Standards Act.• These positions are paid at current industry rates.
• Where appropriate, travel & visa costs associated with overseas applicants will be reimbursed.
• Ongoing learning is incorporated in all aspects of the project.
!|!
Get email alerts for the latest"Research Intern: Trade-offs in Dynamic Analysis for Security Vulnerability Detection jobs in Au-au,australia-brisbane"