Postes à pourvoir
Poste MCF Génie Logiciel, Systèmes d'Informations, Sécurité
L'Université Grenoble Alpes ouvre un poste de Maître de Conférences au 1er septembre 2017 sur un profil "Génie Logiciel, Systèmes d'Information et Sécurité"
Les équipes d'accueil sont Adele, Ctrl-A, Sigma et Vasco du laboratoire LIG.
Le poste est largement ouvert.
Contacts : direction de l'UFR IM2AG (Christine Verdier), direction du LIG (Eric Gaussier)
Poste d'ingénieur informaticien en CDD (12 à 18 mois)
L’équipe VASCO recherche un ingénieur informaticien pour la conception et le développement des outils du projet ANR MODMED. Ce projet définit un DSL (Domain Specific Language) de spécification de traces adapté aux Systèmes Cyber-Physiques Médicaux.
Le poste est vacant et à pourvoir dès que possible pour une durée de 12 à 18 mois qui se terminera fin septembre 2018. Il prendra la forme d’un CDD de l’Université Grenoble Alpes.
Contact : Yves Ledru
VASCO stands for "VAlidation of Software Systems, Components and Objects". VASCO’s research is in the field of software engineering and applied formal methods. It is member of the "Software and Information System Engineering" axis of the LIG, and shares with several teams of this axis the conviction that software engineering tools must be based on models.
The evolution of Software Systems towards more openness, interconnection and integration has significantly raised the stakes for security issues as well as safety. Safety analysis and testing must deal with systems with high levels of interactions with other systems and external resources and components. The fast changing and adaptive nature of threats and attacks on information systems that have become more pervasive raises new challenges, because existing techniques can become obsolescent in such a context. The security challenges have motivated most research activities of the VASCO team during the past period. These research efforts focus on security testing and modelling.
Testing plays a central role in our research, which must face several challenges of testing, especially in the context of open environments: difficulty to control the environment’s behaviour, incomplete models of the environment and of the application under test. Since less can be assumed on the environment, it becomes necessary to perform more tests to increase confidence. This leads to classical challenges of testing: automating test generation, controlling the size of the test suite, and automation of the test oracle. During the past period, the VASCO team was active on each of these challenges. We used fuzzing techniques and combinatorial testing for test generation. We proposed several reduction techniques to control the size of the test suite. We took advantage of monitoring rechniques to automate the test oracle, and studied trace analysis to perform fault localisation.
Models also play a significant role in our research. Models can provide an oracle for tests, or can be the basis for test generation. They also provide an abstraction of the system under validation, which can be explored to find security breaches and potential attacks. Therefore, our models address both functional/behavioural and security aspects of the system under validation. In the past period, we have conducted research on model inference to construct a model from an existing system, which will then be explored by model-checking. We also studied the use of simulation and testing to validate a security policy described as a B specification.
During the past five years, the team has participated to 2 european projects (ITEA/Diamonds and FP7/SPaCIoS) and 2 national (ANR) projects (Selkis and TASCCC), all dedicated to various facets of security. Our skills in security testing and modelling are also applicable to address safety, as demonstrated in the FUI IO32 project, where passive testing was associated to techniques for understanding traces. Our expertise in monitoring techniques gave rise to the Weave Droid project, which performs code injection in Android applications without source code.
These research efforts fit in the “Software and Information System
Engineering” axis of the LIG, where we share with several teams of
this axis the conviction that software engineering tools must be
based on models. They are related to the “Security, safety, reliability”,
“Embedded Systems” challenges of LIG scientific programme and the
PILSI project. They contribute to the “Sustainable ambiant computing”
project of the LIG by its contributions to safety, security and software
quality. Moreover the team is part of the SCCyPhy action of Persyval-lab,
dedicated to various aspects of security.
Amira Radhouani presents her PhD work