The goal of this PhD research is to explore the questions above from a technical angle. The project will focus on providing comprehensive insight into the attack surface at the network level of cloud providers and their users.
The Centrum voor Veiligheid en Digitalisering (Centre for Safety and Digitalisation, CVD) is a knowledge institute in which companies and public organisations are collaborating on questions related to this theme. In this context, the University of Twente, Saxion University of Applied Sciences, and the Police Academy of the Netherlands are setting up a joint research program around this time. The research program is centered around the 3 focus areas of the CVD: critical data & infrastructure, actionable intelligence and cyberresilience.
For each research line, we are looking for two PhD students to work on this theme. The PhD students will work in a multidisciplinary fashion, in close collaboration with each other, and with the supervision teams with members from the different CVD partners.
About the Project
Over the past decade, the trend in both the public sector and industry has been to outsource ICT to the cloud. While cost savings are often used as a rationale for outsourcing, another argument that is frequently used is that the cloud improves security. The reasoning behind this is twofold. First, cloud service providers are typically thought to have skilled staff trained in good security practices. Second, cloud providers often have a vastly distributed, highly connected network infrastructure, making them more resilient in the face of outages and denial-of-service attacks.
Yet many examples of cloud outages, often due to attacks, call into question whether outsourcing to the cloud really improves security. In this project our goal therefore is to answer two questions: 1) did the cloud make use more secure? and 2) can we provide specific security guidance to support cloud outsourcing strategies?
The goal of this PhD research is to explore the questions above from a technical angle. The project will focus on providing comprehensive insight into the attack surface at the network level of cloud providers and their users. We will use a measurement-based approach, leveraging large scale datasets about the Internet, both our own data (e.g. OpenINTEL1, a large-scale dataset of active DNS measurements) and datasets from our long-term collaborators, such as CAIDA2 in the US (BGPStream , Network Telescope) and Saarland University in Germany (AmpPot. We will use this data to study the network infrastructure outside and within cloud environments to structurally map vulnerabilities to attacks as well as to identify security anti-patterns, where the way cloud services are managed or used introduce a weak point that attackers can target.
YOUR PROFILE
- You have, or will shortly acquire a MSc degree in computer science, or a related field; applications from students who are about to finish their MSc degree studies will be considered as well;
- You are interested in the domain of cybersecurity;
- You are curious and interested in learning how things work and how to make them better;
- You have a good team spirit and like to work in an internationally oriented environment;
- You are proficient in English (verbal and written).
OUR OFFER
- As a PhD student at UT, you will be appointed to a full-time position for four years, with a qualifier in the first year, within a very stimulating and exciting scientific environment;
- The University and partner institutes offer a dynamic ecosystem with enthusiastic colleagues;
- Your salary and associated conditions are in accordance with the collective labour agreement for Dutch universities (CAO-NU);
- You will receive a gross monthly salary ranging from € 2.443,- (first year) to € 3.122,- (fourth year);
- There are excellent benefits including a holiday allowance of 8% of the gross annual salary, an end-of-year bonus of 8.3%, and a solid pension scheme;
- A family-friendly institution that offers parental leave (both paid and unpaid);
- You will have a training programme as part of the Twente Graduate School where you and your supervisors will determine a plan for a suitable education and supervision;
- Part of this training programme will be filled by trainings developed especially by the CVD partners;
- We encourage a high degree of responsibility and independence, while collaborating with close colleagues, researchers and other staff.
INFORMATION AND APPLICATION
Are you interested in this position? Please send your application via the ‘Apply now’ button below before June 1, 2022, and include:
- A motivation letter
- A detailed CV
- A transcript of your grades
- Names of 2 or 3 people that we can contact for additional information
It is allowed to apply for multiple positions.
For more information regarding this position, you are welcome to contact Anna Sperotto, a.sperotto@utwente.nl