PhD Studentship: Firmware Binary Code Analysis for Vulnerability Detection Towards Cyber Security of IoT (supported by Toshiba Research Europe)

The project:

Internet of Things (IoT) constitutes a variety of devices, ranging from tiny sensors and actuators to programmable controllers that drive critical infrastructure such as water, power, through to general purpose mobile devices in the home, work or city environment. Irrespective of the type of a device, software code, the so-called firmware, remains a common component across all of them and it is (anecdotally) believed that such code is not updated frequently, thereby leaving bugs in code forever. A side effect of having such a heterogeneous computing environment is the variety of “compiled” code running on such a diverse set of devices. This poses a challenge for developing automatic program analysis techniques to cope with the syntactically different looking code.

In this project, we aim to investigate techniques that are tailored towards analysing binary code by stripping off syntactical differences. The project is open in the sense that one can investigate static as well as dynamic program analysis techniques, for example abstract interpretation, fuzzing etc. There is a particular focus on investigating the application of machine learning (ML) based approaches, e.g., natural language processing (NLP), to find similar code patterns. NLP-based techniques are known to work with languages with very different syntactical structure. One aspect is to map assembly code-based representation of compiled code in a form suitable for applying NLP. In short, the project will allow one to explore techniques to analyse binary code – your own creativity is the limit!

You will have either a strong background and interest in software program analysis or ML and AI with a keen desire, ability and willingness to learn either approaches.

As a part of its EPSRC CDT in cyber security PhD programme, you will have the opportunity to be part of an immersive training experience, in a cohort of the cyber security leaders of the future. This PhD studentship will be conducted in partnership with Toshiba Research Europe Limited.

How to apply:

Please make an online application online for this project at http://www.bris.ac.uk/pg-howtoapply. Please select <Computer Science> on the Programme Choice page. You will be prompted to enter details of the studentship in the Funding and Research Details sections of the form.

Candidate requirements:  (SCEEM requirements-Do not amend)

PhD applicants must hold/achieve a minimum of a Master degree (or international equivalent) in a relevant discipline. Applicants without a Master qualification may be considered on an exceptional basis, provided they hold a first-class undergraduate degree. Please note, acceptance will also depend on evidence of readiness to pursue a research degree.

Funding:

This is a fully funded 4-year studentship covering:

  • Minimum £18,500 tax-free stipend per year for living expenses;
  • Tuition fees at UK/EU student rates;
  • Equipment and travel allowance to support research related activities.

For EPSRC funding, students must meet the EPSRC residency requirements.

Contacts:

Informal enquires please contact Prof Awais Rashid ([email protected])

General enquiries please contact [email protected]