[Blog] Open PhD Position at Ascola, France]]

Project-Team Ascola
Ecole des Mines de Nantes
INRIA, LINA
Nantes, France

We are seeking a PhD student to work on the project "Compositional
Evolutions of Secure Services with Aspects" (CESSA).
Four partners collaborates within the project coordinated by Ascola:
- INRIA project-team Ascola, located at Ecole des Mines, Nantes, France
- a security research team from Eurecom, Sophia-Antipolis, France
- the Security and Trust team from SAP Labs, Sophia-Antipolis, France
- IS2T, an innovative start-up company developing middleware
technologies, Nantes, France

The scope of the thesis includes the synthesis using aspects of secure
applications based on services (SOA applications). It should cover not
only the security certification of the synthesized applications, but
also the preservation of semantical properties, which is a real challenge.
In the field of language design and implementation, you would contribute
to the modularization of security functionalities.
In the field of formal methods, you would apply them to guarantee
security properties of SOAs.
You should have a keen interest in applying rigorous techniques or
formal methods to real-world systems, with a strong background in one or
more of the following:
* Aspect-Oriented Programming,
* Distributed Programming,
* Formal Semantics for Programming Languages,
* Program Verification,
* Automated Proof Assistants (like Coq).

Enquiries about the project should be addressed to Dr Mario Südholt
(http://www.emn.fr/x-info/sudholt/) or Dr Hervé Grall
(http://www.emn.fr/x-info/hgrall/).
See below for a brief presentation.

Applications should include:
* a Curriculum Vitae,
* a brief statement of the particular contribution you would make to the
project,
* the names and contact details (e-mail addresses) of two or three
referees. Please ask your referees to send confidential references
directly to Mario Südholt via e-mail.
Complete applications should be sent by e-mail to Mario Südholt and
Hervé Grall.

The position is to be filled as soon as possible. It is funded by a
grant from the french national research agency (agence nationale de la
recherche, ANR).

=====================================================================

Service-oriented architectures (SOAs) constitute a major style for
component-based architectures used to build large-scale distributed
systems. A service is a software application that can be located over a
network and whose interfaces and bindings can be defined, described and
discovered by using certain standardized access means and formats. A SOA
typically spans a number of different organizations, and may involve
powerful servers as well as resource-constraint devices (e.g., mobile
devices). Similar to other compositional structuring mechanisms, SOAs
are subject to the problem of cross-cutting functionalities, that is,
functionalities that are scattered and tangled over large par of the
architecture and the underlying implementation. Security
functionalities, such as access control and monitoring for intrusion
detection, are a prime example of such a functionality in that it is not
possible to modularize security issues in a well-separated module.
Aspect-Oriented Software Development is an application-structuring
method that addresses in a systemic way the problem of the lack of
modularization facilities for cross-cutting functionalities. The
partners of the CESSA industrial research project will develop solutions
to secure SOAs by providing an aspect-oriented structuring and
programming model that allows security functionalities to be
modularized. By means of security aspects and a new notion of
aspect-aware service interfaces, CESSA will enable the synthesis of
SOA-based applications that are correct by construction and will allow
the formal analysis of security properties of SOAs. Furthermore, the
partners will demonstrate that security aspects support the secure
horizontal composition (i.e., orchestration and choreography of
services) and vertical composition (i.e., service implementation) of
real-world industrial SOAs in the context of (i) an extension of an
enterprise information system from the first industrial partner SAP,
extension that is motivated by needs for evolution of software in the
financial sector due to regulatory requirements, and (ii) the
integration into a commercial SOA of embedded devices using customized
virtual machines produced by the second industrial partner IS2T.

_______________________________________________
Blog mailing list
Blog@aulf.org
http://lists.aulf.org/cgi-bin/mailman/listinfo/blog