Job Description Security Researcher - 613470 

Description

 In this position, you will be part of the Security Research Lab (SRL) and engage in collaborative research projects at the Intel Security Institute (ISI) in TU-Darmstadt (Germany). The mission of SRL is to drive industry-leading research on cryptography, confidentiality, integrity, and anti-malware solutions. We expect ISI@TUD to become a top destination for research in Mobile and Embedded Security with focus on ecosystem-driven approaches. In collaboration with SRL and TU-Darmstadt staff, you will research, design and prototype hardware security components and protocols to deliver higher robustness and assurance on Intel mobile and embedded platforms.

Qualifications

Technical: The candidate should possess technical depth and research experience in the areas of OS and systems architecture. In addition, the candidate should possess in-depth knowledge of secure systems engineering. Familiarity with cryptography & related protocols, access control models, and secure OS is required. Technical breadth in the areas of Mobile and Embedded Systems architecture is a strong plus. Platform HW design experience will be a strong plus.

Communication: The candidate should have strong communication and interpersonal skills. In particular he/she should be self-motivated, show initiative, and drive closure of technical issues. He/she should be able to present complex issues with clarity to drive decisions.

Partnership/Networking: The candidate should be able to collaborate effectively with a diverse cross-organization team (comprising individuals from industry and academia). Prior experience and successful participation in cross-EU hardware security project is a strong plus.

Education: PhD (either Recent College Graduate or expected graduation in 2012).

Intel Unit: Intel Labs is the company’s world-class, industry leading research organization, responsible for driving Intel’s technology pipeline and creating new opportunities. The mission of Intel Labs is to deliver breakthrough technologies to fuel Intel’s growth. This includes identifying and exploring compelling new technologies and high risk opportunities ahead of business unit investment and demonstrating first-to-market technologies and innovative new usages for computing technology. Intel Labs engages the leading thinkers in academia and industry in addition to partnering closely with Intel business units.

In addition, the Darmstadt Technical University has also opening to join the Intel Institute. Details can be found at http://www.intel-mesid.tu-darmstadt.de/open-positions/.

On June 01, 2012, I plan to join Intel Research in order to co-lead the Intel-TU Darmstadt Security Institute for Mobile and Embedded Systems. Besides doing research on my own, my main mission as Chief Technologist is to align the research with the long-term vision and mid-term needs of Intel while managing the transfer of innovation from the center back into Intel’s products and services.

Secure Cloud Maintenance – Protecting workloads against insider attacks
Sören Bleikertz, Anil Kurmus, Zoltan A. Nagy, and Matthias Schunter
ASIACCS 2012: ACM Symposium on Information, Computer and Communications Security

The submission version can be found here.

Abstract

Malicious insiders are a substantial risk for today’s cloud computing infrastructures. A single malicious cloud administrator can eavesdrop or damage business-critical or personally identifiable information and computations of thousands of cloud customers. To protect cloud users against such insiders, we propose a novel approach that enables a security team to protect privacy and integrity of cloud users’ workloads against attacks by system administrators during operation and maintenance. We achieve this by managing the privileges of administrators during operation and maintenance while re-establishing the security of a compute node once administration is completed. By default, administrators’ access to cloud servers is disabled since cloud operation is automated. For manual maintenance operations, we propose five fine-grained privilege levels that balance the security objectives of cloud users with the operational requirements of cloud administrators. We demonstrate how existing cloud architectures need to be extended to incorporate our approach.We prototyped our management approach using the OpenStack cloud platform. Policy enforcement has been prototyped by leveraging SELinux type enforcement in the KVM compute nodes, in order to demonstrate the practical feasibility of our approach.

The ACM Symposium on Cloud Computing 2012 is the third in a new series of symposia that brings together researchers, developers, users, and practitioners interested in cloud computing. Co-sponsored by the ACM Special Interest Groups on Management of Data (SIGMOD) and on Operating Systems (SIGOPS), SoCC 2012 will take place from October 14th-17th in San Jose, CA. For the first time, ACM SoCC 2012 is being held independently, recognizing the growing research fertility and societal/commercial importance of cloud computing. (SoCC was previously held in conjunction with the SIGMOD and SOSP).

Important dates are:

• The meeting has been kicked off by by John Leibowitz (chairman of the US Federal Trade Commission; transcript)
• Dr. Carl-Christian Buhr from the cabinet of Neelie Kroes introduced the EU perspective and brought this video message on Do Not Track from Neelie Kroes
• The Art 29 group formally send Rob van Eijk as their delegate to our team
• Members from the FTC as well as the EC attended large portions of the meeting.
• We achieved wide attendance including (but not limited to) Adobe, Apple, CDT, Google, Microsoft, Mozilla, NAI, Opera, Paypal, W3C, and Yahoo.

We made substantial progress, have discussed and assigned all open issues (and closed many), and are now working on creating the corresponding text.

We were impressed by the wide coverage and the open and collaborative atmosphere that allowed us to achieve this progress.

More information can be found at the W3C Blog.

• Architecture and design of clouds and data centers for dependability
• Faults, failure diagnosis, and recovery issues in clouds and data centers
• Dependability challenges and solutions for cloud users and cloud providers
• Dependability and security of virtual machine and multicore technology
• Dependability metrics, analysis, and evaluation for clouds and data centers
• Assured services, protocols and standards for clouds
• Dependability benchmarking and measurements in clouds and data centers
• Security and privacy issues in clouds and data centers
• Sustainability issues and energy management in clouds/data centers
• Trust, policy management and regulatory compliance issues

IMPORTANT DATES

• Paper submission: Mar. 15, 2012
• Acceptance notification: Apr. 15, 2012
• Camera-ready version: May. 01, 2012
• Workshop: June 25, 2012

The full Call for Papers can be found at http://www.cse.ust.hk/DCDV2012/cfp.html

Christian Cachin, Matthias Schunter: A Cloud You Can Trust -
How to ensure that cloud computing’s problems—data breaches, leaks, service outages—don’t obscure its virtues, IEEE Spektrum, December 2011, pp 28-51.

Read it online at
http://spectrum.ieee.org/computing/networks/a-cloud-you-can-trust/0

Important Dates

TRUST 2012 is an international conference on the technical and soci-economic aspects of trustworthy infrastructures. It provides an excellent interdisciplinary forum for researchers, practitioners, and decision makers to explore new ideas and discuss experiences in building, designing, using and understanding trustworthy computing systems.

Important dates are

• Submission due: 15 February 2012
• Notification: 25 March 2012
• Camera ready: 09 April 2012
• Conference: 13-15 June 2012

“To address rising concerns about privacy on the Web, W3C publishes today two first drafts for standards that allow users to express preferences about online tracking:

• Tracking Preference Expression (DNT), which defines mechanisms for users to express cross-site tracking preferences and for sites to indicate whether they honor these preferences.
• Tracking Compliance and Scope Specification, which defines the meaning of a “Do Not Track” preference and sets out practices for websites to comply with this preference.

These documents are the early work of a broad set of stakeholders in the W3C Tracking Protection Working Group, including browser vendors, content providers, advertisers, search engines, and experts in policy, privacy, and consumer protection. W3C invites review of these early drafts, expected to become standards by mid-2012. Read the full press release and testimonials and learn more about Privacy.”