We have one fully-funded open position to work for 2 years as a postdoc in the SECUBIC project, on analyzing and fuzzing binaries to prevent backdoors and other supply-chain attacks. .
TITLE - Binary analysis to prevent supply-chain attacks.
TOPIC - Infrastructure appliances (like routers or CCTV systems) are equipped with computer code in binary format ensuring their operation. This code may embed up to thousands of pre-existing software components, whose (open source) code was openly available on the Internet. This opens the door to so-called supply-chain attacks, like backdoor attacks. The SECUBIC project aims at increasing the detection capabilities of such vulnerabilities. As a part of this effort, you will push further our existing work on the matter (ICSE’25) and develop new fuzzing and static analysis techniques to prevent supply-chain attacks.
KEYWORDS - software supply-chain security, backdoors, fuzzing, static analysis, binary analysis
SUPERVISION - Supervision will be provided by Michaël Marcozzi. The postdoc will involve interactions with the other members of the SECUBIC project and their teams: Sébastien Bardin, Jean-Yves Marion and Stefano Zacchiroli.
HOSTING - You will be hosted in the BINSEC team, part of the CEA List institute of Université Paris-Saclay, located in the Paris-Saclay research cluster.
To apply, please check out the detailed application procedure and job info.
When to apply - As soon as possible! We process applications as soon as they arrive (depending on our own availability ^^), so don’t be too late.