The CISPA Helmholtz Center for Information Security is looking for PhD Students in areas related to:
Cybersecurity, Privacy and Cryptography
Machine Learning and Data Science
Efficient Algorithms and Foundations of Theoretical Computer Science
Software Engineering, Program Analysis and Formal Methods
We constantly seek applications from qualified researchers regardless of their national origin or citizenship. The working language is English. A command of German is not required for a successful career at CISPA
What we offer
- Admitted students are paid employees of CISPA with a full-time contract of three years with the possibility of one year extension. Salary starting from approx. €4180 (gross/month) according to the scale of the TVöD (German Federal Employment Agreement)
- Health insurance, 30 days paid time off and a pension scheme
- Opportunities for development and growth from language classes, research support to extracurricular and social activities
- Our onboarding team will provide you with all information needed for a successful start and support you if needed
What we expect
- You have a Bachelor’s or Master’s degree from a top-tier, research-oriented institutions of higher education in a subject relevant to our research
- You should have an outstanding academic record (at or near top of your class)
- You’re proficient in spoken and written English
- You have strong letters of recommendation from your academic advisors
Ali Abbasi's group's main aim is to design defense mechanisms and break existing embedded systems to improve their security. We combine deep technical insights of both firmware and hardware to build novel analysis techniques, allowing us to tackle hard-to-test and previously unknown attack surfaces. We also design and implement new methods to protect embedded systems against various classes of attacks, both on the hardware and firmware level.
For hardware security-oriented Ph.D. positions, we are looking for candidates with a strong interest in:
Hardware-assisted security testing and hardware vulnerabilities
Side-channel attacks (e.g., power analysis and instruction-level side channel profiling)
FPGA programming and system building at the board-level around customized circuits
RISC-V and ideally one of its open source designs
Computer architecture design, simulation, and performance evaluation
For software security-oriented Ph.D. positions, we are looking for candidates with solid programming skills in low-level languages like C/C++/Rust/Assembly and in-depth knowledge of operating systems. The candidate should also be interested in at least one of the following topics:
Firmware reverse engineering and/or exploit development
Automated software testing (e.g., fuzzing), especially with an interest in hardware/software-assisted firmware testing
Space assets security (e.g., in-orbit satellite systems security)
Security of Industrial Control Systems (ICS), Electronic Control Units (ECUs), or mobile basebands
For both types of positions, actively playing CTFs, having a public track record of vulnerability research, or building open-source security analysis tooling is a plus. A person with an offensive security mindset will enjoy the work in our group.
Andreas Zeller's group creates tools and techniques that help developers build better software - by automatically testing, analyzing and debugging its code and its development process. His group focuses on software analysis, notably software testing and debugging. Their research projects involve generating software tests, automated debugging and repair, analyzing mobile systems, analyzing user interfaces and more. Essentially, their research focuses on the following questions:
How can we systematically test complex software systems?
How can we accurately determine and characterize input formats?
How can we explain causes and circumstances of software failures?
Andreas' solutions typically apply and combine several techniques including dynamic analysis, static analysis, specification mining, test generation, natural language processing, machine learning, constraint solving and formal languages.
In 2023, Andreas received an ERC Advanced Grant of 2.5 million EUR for the project “Semantics of Software Systems” (S3) on massice generaion of tests and oracles for software. Check out the grant proposal!
Since 2022, most of Andreas' projects focus on semantic fuzzing and debugging, centered around our all-new ISLa specification language and input generator.
Since 2021, Andreas' Debugging Book presents and implements techniques for automated debugging and repair, and The Fuzzing Book introduces test generation (“fuzzing”) techniques. Both books are interactive – you can execute and edit the code right in your browser.
In all this, we are looking for solutions that make a splash in academia and industry and that stand the test of time – Andreas holds no less than seven 10-year impact paper awards. If you'd like to go where no one has gone before, contact us.
Christian Rossow's group's research focuses on system and network security; network security spans practical protocol analyzing, network fuzzing, DDoS attacks and defenses, attack attribution, and traffic analysis. Our system security research is concerned about designing secure networked/distributed systems using novel trusted computing primitives (e.g., Intel TDX, AMD SEV, ARM Realms) or networking harward (e.g., P4-programmable switches, SmartNICs). Either way, our primary focus is practical high-impact research, aiming to present our results at the leading conferences in our field.
We can offer you an excellent working environment on the campus of TU Dortmund, strong individual supervision, interesting and cutting-edge research topics, and world-wide collaborations. You qualify for a PhD position if you (are about to) have an excellent degree at the MSc level. We expect enthusiasm and creativity from you, and (at least) a basic background in security.
Krikamol Muandet's group's research aims at understanding the principles that enable autonomous agents to learn from past experience and interact succesfully with complex environments, and to use this understanding to design new learning algorithms. The research theme spans the following areas:
Prediction: How do we design ML algorithms that can cope with distrbutional shifts? The topics of interest are domain adaption (DA), domain generalization (DG), out-of-distribution (OOD) generalization, and robustness. Kernel methods, kernel mean embedding of distributions and applications thereof are our mathematical arsenal to tackle these problems.
Causation: How do we leverage cause-effect relationships in improving ML models, and conversely how do we use sophisticated ML methods to aid causal inference in complex environments? Topics of interest are unobserved confounders in causal inference, spurious correlation in machine learning, distributional treatment effects, counterfactual inference, and algorithmic decision making. Natural experiments and quasi-experimental designs such as instrumental variable (IV), proxy variables, and regression discontinuity design (RDD) offers tools to address these problems.
Regulation: How do we regulate the deployment of ML models in heterogeneous environments to ensure the democratic use of AI? Topics of interest are feedback loops and strategic behavior. To gain a better understanding of these problems, we will be adopting techniques from algorithmic game theory, mechanism design, social choice theory, and other related sub-fields of economics.
Mridula Singh's group's research focuses on enabling secure communication, positioning, and combining sensor modalities for autonomous systems. The technologies of interest are CANBus, UWB, WiFi, 5G, LEO, and GNSS. Example research topics will include:
Exploring security vulnerabilities of the communication technologies mainly at the physical and logical layer
Secure sensor fusion
Designing secure positioning architecture for 5G
Secure time synchronization
Priyanka Golia's group's central focus revolves around the integration of formal methods and artificial intelligence to find the right balance between trustworthiness and scalability in designing, developing and testing automated systems. Some of their research areas include:
- Automated Synthesis and Repair
- Constraints Solving, Constraints Sampling and Counting
- Interpretable Models
- Knowledge Representation and Reasoning
Robert Künneman's group's goal is to bring guarantees obtained in abstract models for TLS etc. down to the implementation level. With monitoring, we can make programs crash if they violate those guarantees. With fuzzing, we can find out if they do that before they reach the user. We plan to closely collaborate with LORIA, Nancy as part of the French-German-Center for Cybersecurity, offering the option to be co-supervised and experience the rich research environment provided by both LORIA and CISPA. The ideal candidate has a knack for formal modelling and (computational) logic, but also an interest to explore program analysis techniques like fuzzing and symbolic execution.
Sebastian Stich's group's research focuses on distributed algorithms (such as federated and decentralized learning), algorithms for differentially private, robust, and fair machine learning, and on distributed artificial intelligence (see also www.sstich.ch for past and current research). It will be a plus if the student is motivated to work on theoretical challenges that arise in practical application in the fields of biology and health (e.g., structured, or multimodal data, low sample sizes, etc.). Within this project, the student will have the opportunity to collaborate with partners within the Helmholtz AI unit.
Requirements: The candidate is expected to have an excellent degree at the MSc level in mathematics, statistics, computer science or a related discipline. A solid mathematical foundation (e.g. probability theory, statistics, calculus, and linear algebra) is a must, experience in optimization, machine learning, data science or with a ML framework such as e.g. PyTorch, is a plus.
Sven Bugiel’s group focuses on system security with a strong focus on mobile and embedded platforms. This includes hardware-based security, trusted computing technology, and the intersection with usable security.
We are searching for motivated and skilled Ph.D. students. These are currently our areas of interest:
- Developing, extending, and integrating hardware primitives for secure and trusted computing (e.g., TALUS, simTPM), where we are looking especially into RISC-V, Intel TDX, ARM CCA, and TPM
- Intersection between mobile system security and usable security (e.g., Android rationales, Android system analysis)
- Compartmentalization of software and implementation of secure architecture principles, in particular with object capabilities (DroidCap) or new sandboxing solutions (A11y sandboxes)
- The intersection between authentication and system security and usability (e.g., FIDO2/WebAuthn or UX of 2FA)
The positions are not project-bound and allow much freedom in choosing the research projects! Thus, we also welcome new angles and directions and, in fact, expect new researchers to bring in their own ideas. More details can be found at https://trust.cispa.saarland/jobs/
Dr. Swen Jacob's group conducts research into formal techniques for obtaining provably correct systems, with a focus on component-based systems with a parametric number of components, and complex properties including security and real-time guarantees. The techniques encompass formal verification, automatic synthesis/repair, as well as learning of systems and their properties. The mission of the group is to make it easier to obtain systems with reliable correctness guarantees.
A candidate for this position must have a strong theoretical background, with experience and a keen interest in formal methods such as model checking, formal synthesis, or related topics. Experience in distributed systems, automated reasoning, or techniques for learning formal languages is a plus.
Wouter Luek's group's interest is addressing — if possible — societal challenges through the careful design of new privacy-friendly systems. To do so, we create new applied cryptographic primitives and system’s building blocks such as anonymous communication systems. We also analyse and improve existing systems.
A familiarity with in security/privacy in general, and training in either applied cryptography or systems is recommended. But we welcome applications by qualified students from other areas as long as you have an interest in privacy and technology. For more information about the open positions, please refer to this page: https://wouterlueks.nl/positions/. For more information about Wouter and his research, see: https://wouterlueks.nl/.
Within the group of Xiao Zhang, possible topics include foundations of adversarial machine learning, topics in trustworthy machine learning including robustness, privacy, interpretability and fairness, their applications in computer vision, neural language processing and cybersecurity, and many more. Besides computer scientists, we strongly encourage students from other scientific fields such as math and statistics to apply.
Qualified candidates who wish to pursue a doctoral degree in a research area covered by CISPA faculty may apply at any time. We will accept applications throughout the year for exceptionally strong candidates. Admitted applicants will have an opportunity to visit the center and its partner institutions and interact with faculty and students before making their decision. Admitted students are advised by CISPA faculty. All doctoral researchers at CISPA will be a member of a graduate program at our partnering degree-granting universities. For example, PhD Students in Saarbrücken are part of the Saarbrücken Graduate School of Computer Science at Saarland University, with whom we have a long-standing close collaboration.
CISPA is committed to increasing the representation of women, minorities, and individuals with disability in Computer Science. In accordance with the Equal Opportunity Plan, CISPA aims at increasing the number of women in Computer Science, and explicitly encourages women to apply. Applications of severely disabled candidates with equivalent qualifications will be given priority. In general, we welcome applications regardless of gender, nationality, ethnic and social origin, religion/belief, disability, age, sexual orientation and identity.
In case of interest in working at CISPA, please press the "Apply now" button at the end of the page. Please upload your documents in PDF format on our application platform. Applications via email cannot be accepted.
For any questions regarding the application process, please contact us at email@example.com.
CISPA Helmholtz Center for Information Security is a German national Science Institution within the Helmholtz Association and provides a unique work environment that offers the advantage of a university department and a research laboratory alike. CISPA's mission is to rethink the digitized world of the future from the ground on up an make it safer through innovative cutting-edge research. CISPA is committed to the highest international academic standards. We offer a world-class research environment that grants extensive resources to a wide range of researchers and constitutes an attractive destination for the best talents and scientists from all countries. CISPA provides a highly international and diverse working environment, currently hosting researchers of over 40 nationalities.
CISPA headquarter is located in Saarbrücken, in the tri-border area of Germany, France and Luxembourg. The CISPA campus is located close to Saarland University, which is known for its excellence in Computer Science, the Max Planck Institute for Informatics, the Max Planck Institute for Software Systems, and the German Research Center for Artificial Intelligence (DFKI).
For more information about CISPA, see https://cispa.de/en