Opportunities

I am always looking for highly motivated interns, PhD students, and postdoctoral researchers to join my group and work with me on software and network security at Ruhr University Bochum in Germany.

Typically, starting a PhD in Germany requires a Master’s degree and takes 3–4 years. However, we also consider candidates without a Master’s degree, but with an excellent Bachelor’s degree for a US-style PhD student positions, which combines some course work (1–2 years) and doctoral studies (3–4 years), with employment in the research group starting immediately.

Currently, most of our work focuses on:

• Automatic vulnerability discovery, focusing on addressing and improving existing trade-offs in soundness, completeness, precision, accuracy, and approximation.
• Automatic vulnerability discovery, focusing on systematically understanding advantages, disadvantages, and limits of machine learning techniques for vulnerability discovery.
• Mobile application analysis for security & privacy, focusing on network protocol analysis for mobile IoT companion apps for the Android and Apple iOS operating systems.
• Program analysis, focusing on stateful applications, especially network protocol implementations. This includes the (automated) analysis of network applications, their underlying network protocols, and how the applications and protocols are being used in the real world.
• Developing analysis techniques for Internet Security measurements to better understand the security posture of the Internet, such as Internet-wide IPv6 measurements, and assessing the impact of modern security and privacy protocols, like TLS or DNS-over-HTTPS.

The work we do in our group is heavy on the analysis of systems and engineering, and you should have established practical experience and knowledge in some of the following areas:

• Development and implementation of program analysis techniques.
• Evaluating of analysis methods and security mechanisms/techniques.
• Experience with efficient and scalable data analysis techniques.
• Knowledge of program analysis techniques, such as taint analysis, data flow tracking, symbolic execution, or SMT solvers.
• Knowledge of techniques in network measurements and protocol analysis.
• Programming experience (especially in Rust, Python, C, C++, and/or Kotlin/Swift).
• Experience with Git and LaTeX.

The responsibilities of students/researchers are the development of new and scalable analysis techniques, by combining theory and practice, implementing prototypes, rigorously evaluating them, and communicating/disseminating the findings in the (scientific) community.

The working language in the group and in the Computer Science department is English. Knowledge of German is not required.

Requirements:

• For internships, you should already have an excellent Bachelor’s degree in Computer Science (Informatik) or IT security and plan to visit our group for approximately 6 months (minimum 3 months).
• For PhD positions, you should have an above average Master’s degree or an excellent Bachelor’s degree in Computer Science (Informatik) or IT security.
• For postdoctoral researcher positions, you need to have a doctoral degree in Computer Science, focusing on Software or Internet security, or program analysis and you contributed to the scientific state of the art during your PhD, as shown by prior publications in the relevant security & privacy or program analysis conferences.

If you are interested or have any questions, please send an email to softsec+applications@rub.de. It helps if you can include:

• An updated resume/CV
• A recent transcript

We also love to see prior non-trivial open source contributions, as we are strong advocates for open science.