Skip to main content
Logo of EURAXESS
English
Romania
Ukraine flag

Job offer

  • JOB
  • France
  • EXPIRES SOON
  • inria
  • Posted on: 15 February 2025

PhD Position F/M [Campagne Allocation Région 2025] Automatic Generation of Attack Chains for Detecting and Preventing Software Vulnerability (F/M)

Apply now
15 Feb 2025

Job Information

Organisation/Company
Inria, the French national research institute for the digital sciences
Research Field
Computer science
Researcher Profile
First Stage Researcher (R1)
Country
France
Application Deadline
Type of Contract
Temporary
Job Status
Full-time
Hours Per Week
38.5
Offer Starting Date
Is the job funded through the EU Research Framework Programme?
Not funded by a EU programme
Reference Number
2025-08654
Is the Job related to staff position within a Research Infrastructure?
No

Offer Description

Within the framework of a partnership (you can choose between)

  • not applicable

The goal is to develop methods, techniques and tools to prevent deserialization attacks in applications.


Is regular travel foreseen for this post ? No

Assignments :
The recruited person will be taken to: (1) develop a modular approach to vulnerability analysis, (2) build a tool dedicated to the automatic generation of attack chains via fuzzing and mutation and (3) study the history and semantics of code changes for the understanding of attacks. Prototypes will be developed in the Pharo language.

For a better knowledge of the proposed research subject :
A state of the art, bibliography and scientific references are available at the following URL, do not hesitate to log in: 

https://www.inria.fr/fr/evref.

 

Collaboration :

The recruited person will be in connection with the members of the EVREF team who have skills in software analysis and software quality to meet the challenges defined in this thesis.

Responsibilities :

The person recruited is responsible for: 

  • Conducting original research related to the problem of vulnerability detection within the framework of this thesis.
  • Performing scientific monitoring to stay up to date with advancements in the field of software analysis for vulnerability detection.
  • Carrying out simulations and analyses of existing software attacks to define their behavior.
  • Writing scientific papers and present work at national and international conferences.
  • Collaborating with other researchers in the EVREF team and take part in team and GL working group meetings in the laboratory.
  • Participating in team meetings and activities (including EVREF Sprints and presentations).
  • Writing and defending thesis in front of a jury at the end of this research work.

Steering/Management :


The person recruited will be in charge of:

  • Managing his/her research project by planning the various stages of the thesis topic and meeting deadlines.
  • Coordinating collaborations with other researchers in the software security field and with the EVREF team's  industrial partner Berger-Levrault.
  • Leading weekly follow-up meetings with supervisors.
  • Contributing to the writing of deliverables and scientific papers.

Main activities :

  • study of the state of the art in software attacks, static/dynamic analysis techniques and fuzzing
  • analysis of existing attacks and extraction of their behavior
  • definition of attack model
  • design and evaluation of a tool-based approach for detecting and preventing attack (using the Pharo language (www.pharo.org))
  • writing deliverables and reports

Additional activities :

  • validation of the proposed approach by analyzing existing attacks and referring to attack catalogs and databases (Mitre, NVD, etc.)
  • qualitative/quantitative experimentation of the developed prototype 
  • dissemination of results to security communities at national (e.g. GDR days) and international level in top venues (conferences, journals, etc.)

Where to apply

Website
https://jobs.inria.fr/public/classic/en/offres/2025-08654

Requirements

Skills/Qualifications

Technical skills and level required : Object programming, static code analysis 

Languages : French, English

Relational skills :

  • Ability to work as part of a team: collaboration and interaction with EVREF team members and researchers in Software Engineering working groups.
  • Oral and written communication skills: present work in meetings, conferences and articles.
  • Adaptability and active listening skills: incorporating feedback from supervisors and colleagues to develop research.
  • Ability to communicate results to a variety of audiences.
  • Exchanges with researchers from industrial partner Berger-Levrault.
     

Other valued appreciated : ability to organize thematic days on software security for the team and the host laboratory.

Specific Requirements

There you can provide a "broad outline" of the collaborator you are looking for what you consider to be necessary and sufficient, and which may combine :

  • Strong experience in code analysis and programming.

  • Good knowledge of software security research methodologies.

  • Expertise in Object-oriented programming languages. Knowledge of Pharo is an asset for this position.

  • Research experience (via a research internship or Master's project, or a scientific publication) is a plus.

  • Good level of English.

This section enables the more formal list of skills to be completed and 'lightened' (reduced) :

  • Analytical and rigorous thinking.
  • Autonomy and ability to take initiative.
  • Good written and oral communication skills in English and French.
  • Aptitude for teamwork and collaboration with other researchers in the thesis domain and the Pharo programming language industry consortium (https://consortium.pharo.org).
  • Scientific curiosity and motivation for research.
Languages
FRENCH
Level
Basic
Languages
ENGLISH
Level
Good

Additional Information

Benefits
  • Subsidized meals
  • Partial reimbursement of public transport costs
  • Leave: 7 weeks of annual leave + 10 extra days off due to RTT (statutory reduction in working hours) + possibility of exceptional leave (sick children, moving home, etc.)
  • Possibility of teleworking and flexible organization of working hours
  • Professional equipment available (videoconferencing, loan of computer equipment, etc.)
  • Social, cultural and sports events and activities
  • Access to vocational training
  • Social security coverage

2200 € monthly gross salary from October to December 2025

2300 € monthly gross salary after January 1st 2026

Selection process

Please send your CV and cover letter.

Website for additional job details

Work Location(s)

Number of offers available
1
Company/Institute
Inria
Country
France
City
Villeneuve d'Ascq
Geofield

Contact

City
LE CHESNAY CEDEX
Website
Street
Domaine de Voluceau - Rocquencourt
Postal Code
78153
Apply now
Share this page