Job Information
- Organisation/Company
- INESC ID
- Research Field
- Engineering » Computer engineering
- Researcher Profile
- First Stage Researcher (R1)
- Country
- Portugal
- Application Deadline
- Type of Contract
- Other
- Job Status
- Other
- Is the job funded through the EU Research Framework Programme?
- European Union / Next Generation EU
- Reference Number
- PT Smart Retail–RefªC6632206063-00466847-BI|2024/529
- Is the Job related to staff position within a Research Infrastructure?
- No
Offer Description
Public notice for research grant
|
Detection of Denial-of-Wallet Vulnerabilities in Cloud-hosted Smart Retail Services
BI|2024/529
INESC-ID - Instituto de Engenharia de Sistemas e Computadores, Investigação e Desenvolvimento em Lisboa is a R&D institute dedicated to advanced research and development in the fields of Information Technologies, Electronics, Communications, and Energy. INESC-ID has participated in more than 50 research projects funded by the European Union and more than 190 funded by national entities. Until today, our researchers have published more than 700 papers in international journal papers, more than 3000 papers in international conferences, and have registered 15 patents and/or brands.
1 | RESEARCH GRANT TYPE
ONE (1) research grant for candidates with BSc degree with reference number BI|2024/529 is now available under the scope of project PT Smart Retail – Refª C6632206063-00466847, funded by Recovery and Resilience Plan (RRP) https://recuperarportugal.gov.pt/ and by european funds Next Generation EU, under the following conditions:
2 | DURATION
SIX (6) months, starting in May 2024
- Renewable, if the candidate is enrolled in a MSc program - art. 6º, n.4 b)
https://files.dre.pt/2s/2019/12/241000000/0009100105.pdf
subject to suitable performance within the period of the project, not exceeding the maximum period set by FCT for such grants – 2 years (included contract renewals)
- Renewable, if the candidate is enrolled in a non-degree programme – art. 6º, n. 4 a)
https://files.dre.pt/2s/2019/12/241000000/0009100105.pdf
subject to suitable performance within the period of the project, not exceeding the maximum period set by FCT for such grants – 1 year (included contract renewals)
3 | LEGISLATION
A fellowship contract will be celebrated according to:
- Law 40/2004 of 18th of August (Scientific Research Fellow Status) and its successive amendments, including the amendments introduced by the Decree Law n. 123/2019 of 28 th of August
https://dre.pt/web/guest/legislacao-consolidada/-/lc/124281176/201912061112/73740605/diploma/indice?lcq=estatuto+do+bolseiro,
- Regulations for Research Grants of the Foundation for Science and Technology in force https://files.dre.pt/2s/2019/12/241000000/0009100105.pdf
- INESC-ID Lisboa Grant Regulations
https://www.inesc-id.pt/scholarship-regulations/
- Recovery and Resilience Plan (RRP)
https://recuperarportugal.gov.pt/
The fellowship contract is awarded on an exclusive dedication basis – art. 5 of Scientific Research Fellow Status and art. 16 of Regulations for Research Grants of the Foundation for Science and Technology.
4 | MONTHLY AMOUNT
The monthly amount of the grant 990,98€ is in accordance with the values stipulated in the “Regulations for Research Grants of the Foundation for Science and Technology” in force https://www.fct.pt/wp-content/uploads/2024/02/Tabela-de-Valores-SMM_atualizacao-2024.pdf and shall be rendered through a monthly bank transfer to an account held by the grantee.
5 | OBJECTIVES/WORKPLAN
The goal of this project is to contribute to the development of advanced security and privacy-preserving technologies for smart-retail stores. Specifically, this project aims to study an emerging class of vulnerabilities named Denial of Wallet (DoW) attacks. In this type of attack, attackers can exploit vulnerabilities in cloud-hosted services that can trigger excessive resource usage, such as external APIs or public storage, resulting in financial damage to smart retail actors that rely on the cloud for hosting their web applications. Considering these attacks, this project has the following main goals: (1) Design and implement DoWGuard, a novel detection tool for DoW vulnerabilities in cloud applications; (2) Extend the existing static analysis techniques to include the ability to reason about economic sinks and interactions with cloud APIs. (3) Define and specify queries within DoWGuard to accurately identify DoW vulnerability patterns. (4) Integrate DoWGuard into the CI/CD toolchain, providing developers with immediate feedback on potential DoW vulnerabilities during the development lifecycle. (5) Evaluate DoWGuard's effectiveness by applying it to real-world cloud applications. The expected outcome of this project includes both a report of the analyzed solutions and a software prototype of the implemented solution.
6 | SCIENTIFIC SUPERVISION
The activity will be supervised by Nuno Miguel Carvalho Santos, Associate Professor at Instituto Superior Técnico and Researcher at INESC-ID.
INESC ID will integrate the grantee in the research team of the scientific advisor
7 | ADMISSION REQUIREMENTS
The candidates should have a BSc degree in Operating Systems and Architectures, or related areas.
By the grant start date, the candidate must be enrolled in
- a MSc programme – art. 6º, n.1
https://files.dre.pt/2s/2019/12/241000000/0009100105.pdf
or
- a non-degree programme – art. 6º, n. 2
https://files.dre.pt/2s/2019/12/241000000/0009100105.pdf
Preferential factors:
- The candidate must be enrolled in a master’s degree in Computer Engineering or Computer Science. This project requires extensive expertise across multiple fields, namely software security, serverless cloud, and static analysis.
- Preference will be given to candidates with experience in Amazon AWS Lambda or equivalent serverless platforms.
- Portuguese, full professional proficiency
- English, full professional proficiency
8 | EVALUATION CRITERIA AND COMMITTEE
The selection will be according to the following criteria:
- 20% - proficiency in at least one programming language
- 40% - track record in computer science/engineering courses, especially in security and distributed systems
- 40% - experience (and/or interest) in serverless cloud services and static vulnerability analysis
The jury may also decide not to assign the scholarship, if none of candidates meets the required conditions
Jury | Name | Professional Status | Institutions |
President | Nuno Miguel Carvalho Santos | Researcher / Associate Professor | INESC-ID / IST |
Member | João Nuno de Oliveira e Silva | Researcher / Assistant Professor | INESC-ID / IST |
Member | João Pedro Faria Mendonça Barreto | Researcher / Associate Professor | INESC-ID / IST |
Member Substitute | João Coelho Garcia | Researcher / Assistant Professor | INESC-ID / IST |
Member Substitute | Miguel Ângelo Marques de Matos | Researcher / Assistant Professor | INESC-ID / IST |
9 | COMPLAIN AND APPEAL DEADLINES AND PROCEDURES
The jury has the faculty not to select a candidate who does not prove the requirements mentioned in required education Level and research experience
The admitted and excluded candidates will be notified by email of the final ranking list, including the copy of the Preliminary Report of the jury.
Prior Hearing and Deadline for Final Decision: After being notified, candidates have 10 working days to submit, if applicable, a formal rebuttal.
After that period, the jury notifies the candidates of the Final Report.
Excluded applicants may complain about the jury's final report for 15 working days after notification or appeal the jury's decision to the INESC ID Board of Directors for 30 working days after notification.
According to the Portuguese Law, a disabled candidate has a preference when in equal classification, which prevails over any other legal preference. Candidates must declare their respective degree of disability, the type of disability and the means of communication / expression to be used in the selection process, under the law.
10 | FORMALISATION OF APPLICATIONS
|
| ||
|
|
| |
10.1 | Single copy of official academic degree certificate in the required education level |
| |
|
a) In the application submission, the candidates from portuguese education institutions may replace the copy of official academic degree certificate by a declaration of honour stating that they have the required academic degree. |
| |
|
| ||
| b) In the application submission, the candidates from foreigner education institutions may replace the copy of official academic degree certificate by a declaration of honour stating that they have the required academic degree. |
| |
|
For more information about diploma recognition: https://www.dges.gov.pt/en/pagina/degree-and-diploma-recognition
|
| |
10.2 | Detailed list of grades (pdf form); |
| |
|
|
| |
10.3 | Proof of enrolment required on 7 a) or 7 b) (pdf form); |
| |
|
In the application submission, the candidates may replace the proof of enrolment by a declaration of honour stating that they are/will be enrolled required in 7 a) or 7 b) |
| |
|
| ||
|
|
| |
10.4 | Detailed curriculum vitae (pdf form); |
| |
|
|
| |
10.5 | Motivation letter explaining the interest in the position (pdf form); |
| |
|
|
| |
11 | Application Dates
From |
| To |
23-04-2024 |
| 09-05-2024 |
Requirements
- Research Field
- Engineering » Computer engineering
- Education Level
- Bachelor Degree or equivalent
The goal of this project is to contribute to the development of advanced security and privacy-preserving technologies for smart-retail stores. Specifically, this project aims to study an emerging class of vulnerabilities named Denial of Wallet (DoW) attacks. In this type of attack, attackers can exploit vulnerabilities in cloud-hosted services that can trigger excessive resource usage, such as external APIs or public storage, resulting in financial damage to smart retail actors that rely on the cloud for hosting their web applications. Considering these attacks, this project has the following main goals: (1) Design and implement DoWGuard, a novel detection tool for DoW vulnerabilities in cloud applications; (2) Extend the existing static analysis techniques to include the ability to reason about economic sinks and interactions with cloud APIs. (3) Define and specify queries within DoWGuard to accurately identify DoW vulnerability patterns. (4) Integrate DoWGuard into the CI/CD toolchain, providing developers with immediate feedback on potential DoW vulnerabilities during the development lifecycle. (5) Evaluate DoWGuard's effectiveness by applying it to real-world cloud applications. The expected outcome of this project includes both a report of the analyzed solutions and a software prototype of the implemented solution.
The candidates should have a BSc degree in Operating Systems and Architectures, or related areas.
By the grant start date, the candidate must be enrolled in
- a MSc programme – art. 6º, n.1
https://files.dre.pt/2s/2019/12/241000000/0009100105.pdf
or
- a non-degree programme – art. 6º, n. 2
- Languages
- ENGLISH
- Level
- Good
- Languages
- PORTUGUESE
- Level
- Good
Additional Information
The monthly amount of the grant 990,98€ is in accordance with the values stipulated in the “Regulations for Research Grants of the Foundation for Science and Technology” in force https://www.fct.pt/wp-content/uploads/2024/02/Tabela-de-Valores-SMM_atualizacao-2024.pdf and shall be rendered through a monthly bank transfer to an account held by the grantee.
The candidates should have a BSc degree in Operating Systems and Architectures, or related areas.
By the grant start date, the candidate must be enrolled in
- a MSc programme – art. 6º, n.1
https://files.dre.pt/2s/2019/12/241000000/0009100105.pdf
or
- a non-degree programme – art. 6º, n. 2
https://files.dre.pt/2s/2019/12/241000000/0009100105.pdf
Preferential factors:
- The candidate must be enrolled in a master’s degree in Computer Engineering or Computer Science. This project requires extensive expertise across multiple fields, namely software security, serverless cloud, and static analysis.
- Preference will be given to candidates with experience in Amazon AWS Lambda or equivalent serverless platforms.
- Portuguese, full professional proficiency
- English, full professional proficiency
The selection will be according to the following criteria:
- 20% - proficiency in at least one programming language
- 40% - track record in computer science/engineering courses, especially in security and distributed systems
- 40% - experience (and/or interest) in serverless cloud services and static vulnerability analysis
The jury may also decide not to assign the scholarship, if none of candidates meets the required conditions
a) In the application submission, the candidates from portuguese education institutions may replace the copy of official academic degree certificate by a declaration of honour stating that they have the required academic degree. |
|
|
|
b) In the application submission, the candidates from foreigner education institutions may replace the copy of official academic degree certificate by a declaration of honour stating that they have the required academic degree. |
|
For more information about diploma recognition: https://www.dges.gov.pt/en/pagina/degree-and-diploma-recognition
|
|
Work Location(s)
- Number of offers available
- 1
- Company/Institute
- INESC ID
- Country
- Portugal
- State/Province
- Lisbon
- City
- Lisbon
- Postal Code
- 1000-029
- Street
- Rua Alves Redol, 9
- Geofield
Where to apply
- rh@inesc-id.pt
Contact
- State/Province
- Lisboa
- City
- Lisboa
- Website
- Street
- Rua Alves Redol, 9
- Postal Code
- 1000-029
- rh@inesc-id.pt