Open PhD position in Formal Methods for Information Security

Ph.D. Research Project at ETH Zurich on
Formal Methods for Federated Identity Management
Prof. David Basin, ETH Zurich

The Information Security Group carries out research on methods and tools for the analysis and construction of safe and secure systems. This includes methods for specifying systems, developing systems in correctness-preserving ways, and verifying or testing existing systems and infrastructures. Our goal is not only to build and analyze novel systems and security solutions, but also to develop better methods and tools for system engineering and quality assurance activities.

We have an open Ph.D. research position on “Formal Methods for Federated Identity Management”. We seek to hire a researcher who will carry out research on the formal analysis of federated identity management systems, like SAML and OAuth 2.0. The project’s main objectives are to distill requirements and designs for “next generation federated identity management” and to bring current verification tools, in particular our Tamarin prover, up to the level where such protocols can be automatically analyzed on a realistic scale with respect to both security and privacy properties.

The project, which will be carried out together with partners at Zurich Kantonal Bank (ZKB), will run for approximately 3 years and provide the possibility of carrying out a Ph.D. during this period. As part of this project, the researcher will spend time with ZKB learning about the systems under consideration and state-of-the-art approaches to their design and analysis.

The ideal candidate for this position is an enthusiastic, outstanding researcher with a strong background and interest in one or more of the following areas:

  • formal methods or mathematical logic,
  • information security or cryptography,
  • automated security protocol verification tools

  • Candidates with a strong theoretical background in related areas are also encouraged to apply. ETH Zurich regulations require PhD candidates to hold a Master’s or equivalent degree (e.g. Diplom). The project, which is funded by the Zurich Information Security Center, and will be supervised by Prof. David Basin together with Dr. Ralf Sasse.

    The Ph.D. student will be a paid employee of ETH Zurich. Salary and employment conditions are attractive. ETH Zurich regulations require doctoral students to hold a Master’s or equivalent degree (e.g. Diplom).

    Zurich is a diverse and multicultural city, which is consistently rated among the best cities in the world in which to live. We favor the same sort of diversity that defines Zurich’s cultural makeup and encourage anyone matching the profile above to apply, regardless of where you are from.

    Applications should include a curriculum vitae, a brief description of research interests, transcripts of grades, 2-3 letters of recommendation from teachers or employers, and, if possible, the Master’s or Bachelor’s thesis and publications. Applications and informal inquiries should be sent to Ralf Sasse at the following email address:

    ETH Zurich specifically encourages women to apply with a view towards increasing the proportion of female researchers.