Call for Applications: Three-Year Funded Doctoral Positions
In cooperation with TÜV Austria, the newly founded Safety and Security in Industry Research Lab is looking for four excellent candidates (Deadline: March 19).
Cyber-physical production systems (CPPS) need suitable networked architectures that take into account and combine safety (operation of the system must not pose any danger) and security (protection against unauthorized manipulation). As part of the newly founded “TÜV AUSTRIA Safety and Security in Industry Research Lab” (SafeSecLab), several related research questions are addressed within the framework of dissertation projects (3 years funding) at TU Wien.
The PhD topic “SafeSecSystem Modeling” will investigate approaches for modeling secure system architectures relevant in the industrial environment with particular attention to functional safety and resilience. Research questions include the identification of attack vectors for assets to be protected (such as devices or plants) w.r.t. data sources and data sinks, taking into consideration machine-to-machine communication aspects and IT/OT convergence. Methods from IT threat modeling and safety modeling are to be re-visited, revised, adapted and brought in line with the reference architecture model “Industry 4.0”. Ultimately, a catalog of protection measures supported by a toolchain is to be devised to evaluate existing (and future) CPPS.
Safety and Security Integrated IT/OT Architecture
The goal of the PhD topic is the design of a “Safety and Security integrated IT/OT architecture” which enables a safe yet secure integration of the different levels of the automation pyramid. Relevant topics for the project address the integration or embedding of legacy components, network security (network segmentation, challenges of ad-hoc networking), hierarchical security architectures (defense in depth), security/safety versus real-time requirements, challenges of limited resources in automation systems, scalability and resilience as well as the management of keys and certificates. Derived from this, reference architecture and recommendations for their implementation are to be developed and implemented as a prototype.
Information Security Risk Management
This PhD topic focuses on information security risk management in industrial control systems. Existing approaches typically rely on static system models which quickly lose their relevance due to plant modifications or changes in the threat landscape. Such an approach is time-consuming and can lead to incorrect risk estimations. This project, by contrast, aims to continuously collect data from various sources inside the CPPS (e.g., sensors, network traffic), automatically build system models, and identify and assess cyber risks. Also, this project strives to develop methods to evaluate the consequences of successful exploits and to select effective countermeasures.
Security Properties of Hardware Designs
In CPPS, hardware platforms performing malicious functions can be a serious threat to reliable and safe operation. The goal of this project is to design and/or develop a verification method to evaluate the security properties of hardware designs. Research questions address the detection of unauthorized information flows (e.g. based on hardware Trojans) and the definition of appropriate security policies. A toolset for modeling and detection of malicious hardware shall be developed that can later be used as a basis for a workflow guiding secure hardware design and assessment.
- Academic master degree in computer science/informatics, electrical engineering or information technology
- Interest in research in security and safety
- Excellent knowledge of English
- Ability to work in a team, collaborate effectively with other PhDs, interest in interdisciplinary work
Additional Project Requirements
PhD1, PhD2, PhD5
Knowledge in information technology with a focus on (distributed) automation, industrial control systems, industrial communication systems, embedded systems, and safety & security
Knowledge of specification, design, and verification of digital hardware systems and related hardware description languages (Verilog, SystemVerilog, VHDL) and handling of EDA software (especially Yosys); knowledge of formal verification techniques; programming skills (C ++, Python)
How to Apply
Interested applicants submit their documents through TU Wien’s Career Platform. Deadline: March 19, 2020.