Home page
 
Post research opportunities
Find the ideal candidate
List of registered organisations
   
 
Post your CV
Find research opportunities
Practical information
Foreign Researchers Guide
Useful links
 
List and locate Portuguese Mobility Centres .
 
Portuguese research landscape
Find out how research is organised in Portugal.
Portuguese research policy
Find out about research policy in Portugal.
Women in science
Find out about the situation of women scientists.
 
Unique identifier: d579067e-4cd3-4db6-962d-6bac8298270b

1. Descrição do cargo/posição/bolsa
1. Job description

Job:
One research grant with reference number BI|2020/089 is now available under the scope of project SECURITYAWARE: FINE-GRAINED APPROACH TO DETECT AND PATCH VULNERABILITIES, CMU/TIC/0064/2019, funded by FCT – FUNDAÇÃO PARA A CIÊNCIA E A TECNOLOGIA

Job/Fellowship Reference: One research grant with reference number BI|2020/089 is now available under the scope of project SECURITYAWARE: FINE-GRAINED APPROACH TO DETECT AND PATCH VULNERABILITIES, CMU/TIC/0064/2019, funded by FCT – FUNDAÇÃO PARA A CIÊNCIA E A TECNOLOGIA

Main research field: Engineering

Sub research field:

Job summary:

1) Obtain a benchmark offering real vulnerabilities test cases to study the approaches developed in the context of the project (task T1).

2) Study the performance of static analysis tools using the benchmark obtained in task T1 (task T2). This is to understand which of them are more efficient and which of them may be complementary. Through this process, this task will label several warnings as false positives or not. Furthermore, based on the labels, develop a method to prioritise warnings. There is already some research in alert prioritization using labeled warnings has input. After collecting the data and studying the tools, the team plans to explore solutions to several different problems of static analysis.

3) Explore the combination of a set of tools studied in task T2 (task T3). The goal is to explore and design a unified technique that intelligently will combine the different techniques to report more warnings. Following CodeAware’s vision, the researcher will also explore how to improve software engineers’ CI experience dealing with high numbers of warnings, understanding the problems and customizing their own analysis in terms of tooling, types of vulnerabilities and files. We will also explore novel approaches to rank warnings. This will provide more efficient rankings of warnings that can pave the way to other research fields such as Automated Program Repair field. Following CodeAware’s vision, the team plans to explore how to design customized, intelligent notifications system that will take into consideration the warnings rankings and the security engineers experience, roles and availability. Exploring visualizations and ways of dealing with the different types of warnings will also be studied in this research project.



Job description:

Public notice for research grant

SecurityAware: Fine-grained approach to detect and patch vulnerabilities

CMU/TIC/0064/2019

 

INESC-ID - Instituto de Engenharia de Sistemas e Computadores, Investigação e Desenvolvimento em Lisboa is a R&D institute dedicated to advanced research and development in the fields of Information Technologies, Electronics, Communications, and Energy. INESC-ID has participated in more than 50 research projects funded by the European Union and more than 190 funded by national entities. Until today, our researchers have published more than 700 papers in international journal papers, more than 3000 papers in international conferences, and have registered 15 patents and/or brands.

1 4 RESEARCH GRANT TYPE

One research grant with reference number BI|2020/089 is now available under the scope of project SecurityAware: Fine-grained approach to detect and patch vulnerabilities, CMU/TIC/0064/2019, funded by FCT – Fundação para a Ciência e a Tecnologia and under the following conditions:

2 4 DURATION

6 months, starting in January 2021

-     Renewable, if the candidate is enrolled in a PhD program -  art. 6º, n.4 c)

(https://www.fct.pt/apoios/bolsas/docs/RegulamentoBolsasFCT2019.pdf )

subject to suitable performance within the period of the project, not exceeding the maximum period set by FCT for such grants –4 years (included contract renewals)

 

-     Renewable, if the candidate is enrolled in a non-degree programme – art. 6º, n. 4 a)

(https://www.fct.pt/apoios/bolsas/docs/RegulamentoBolsasFCT2019.pdf )

subject to suitable performance within the period of the project, not exceeding the maximum period set by FCT for such grants – 1 year (included contract renewals)

 

3 4 LEGISLATION

A fellowship contract will be celebrated according to:

1.        Law 40/2004 of 18th of August (Scientific Research Fellow Status) and its successive amendments, including the amendments introduced by the Decree Law n. 123/2019 of 28 th of August 
https://dre.pt/web/guest/legislacao-consolidada/-/lc/124281176/201912061112/73740605/diploma/indice?lcq=estatuto+do+bolseiro,

2.        Regulations for Research Grants of the Foundation for Science and Technology in force  (https://www.fct.pt/apoios/bolsas/docs/RegulamentoBolsasFCT2019.pdf )

3.        INESC-ID Lisboa Grant Regulations

https://www.inesc-id.pt/scholarship-regulations/

The fellowship contract is awarded on an exclusive dedication basis – art. 5 of Scientific Research Fellow Status and art. 16 of Regulations for Research Grants of the Foundation for Science and Technology.

4 4 MONTLY AMOUNT

The monthly amount of the grant 1 074,64 s in accordance with the values stipulated in the “Regulations for Research Grants of the Foundation for Science and Technology” in force (https://www.fct.pt/apoios/bolsas/docs/Tabela_Valores_SMM_LOE_2020.pdf) and shall be rendered through a monthly bank transfer to an account held by the grantee

5 4 OBJECTIVES/WORKPLAN

1) Obtain a benchmark offering real vulnerabilities test cases to study the approaches developed in the context of the project (task T1).

2) Study the performance of static analysis tools using the benchmark obtained in task T1 (task T2). This is to understand which of them are more efficient and which of them may be complementary. Through this process, this task will label several warnings as false positives or not. Furthermore, based on the labels, develop a method to prioritise warnings. There is already some research in alert prioritization using labeled warnings has input. After collecting the data and studying the tools, the team plans to explore solutions to several different problems of static analysis.

3) Explore the combination of a set of tools studied in task T2 (task T3). The goal is to explore and design a unified technique that intelligently will combine the different techniques to report more warnings. Following CodeAware’s vision, the researcher will also explore how to improve software engineers’ CI experience dealing with high numbers of warnings, understanding the problems and customizing their own analysis in terms of tooling, types of vulnerabilities and files. We will also explore novel approaches to rank warnings. This will provide more efficient rankings of warnings that can pave the way to other research fields such as Automated Program Repair field. Following CodeAware’s vision, the team plans to explore how to design customized, intelligent notifications system that will take into consideration the warnings rankings and the security engineers experience, roles and availability. Exploring visualizations and ways of dealing with the different types of warnings will also be studied in this research project.

6 4 SCIENTIFIC SUPERVISION

The activity will be supervised by Rui Filipe Lima Maranhão de Abreu, Full Professor at Tecnico, ULisboa and researcher at INESC-ID.

INESC ID will integrate the grantee in the research team of the scientific advisor

7 4 ELIGIBILITY CONDITIONS

The candidates should have an MSc in Computer science, engineering or related area or equivalent scientific areas.

 

By the grant start date, the candidate must be enrolled in

a)        a PhD programme art. 6º, n.1
(https://www.fct.pt/apoios/bolsas/docs/RegulamentoBolsasFCT2019.pdf)

or

b)       a non-degree programme – art. 6º, n. 2
(
https://www.fct.pt/apoios/bolsas/docs/RegulamentoBolsasFCT2019.pdf )

 

Preferential factors:

Preference will be given to candidates who have strong knowledge in software engineer (in particular, approaches and techniques related to software quality) as well as software security.

Required language skills: proficiency in English.

8 4 EVALUATION CRITERIA AND COMMITEE

The selection will be according to the following criteria:

                                 I.             (Academic record of the candidate – 50%

                                II.            Interest for the following areas of research: Software Engineering – 25%

                              III.            Interest for the following areas of research: security-oriented static analysis of software systems and program repair– 25%

         I.             

The jury may also decide not to assign the scholarship, if none of candidates meets the required conditions

Jury

name

Professional Status

Institutions

 

 

 

 

 

President

Maria Inês Camarate de Campos Lynce de Faria

Associate Professor

INESC ID | Tecnico Ulisboa

Member

Vasco Miguel Gomes Nunes Manquinho

Associate Professor

INESC ID | Tecnico Ulisboa

Member

João Fernando Peixoto Ferreira

Assistant Professor

INESC ID | Tecnico Ulisboa

Substitute member

José Faustino Fragoso Femenin dos Santos

Assistant Professor

INESC ID | Tecnico Ulisboa

Substitute member

Pedro Tiago Gonçalves Monteiro

Assistant Professor

INESC ID | Tecnico Ulisboa








9 4 COMPLAIN AND APPEAL DEADLINES AND PROCEDURES

The jury has the faculty not to select a candidate who does not prove the requirements mentioned in required education Level and research experience

 

The admitted and excluded candidates will be notified by email of the final ranking list, including the copy of the Preliminary Report of the jury.

 

Prior Hearing and Deadline for Final Decision: After being notified, candidates have 10 working days to submit, if applicable, a formal rebuttal.

 

After that period, the jury notifies the candidates of the Final Report.

 

Excluded applicants may complain about the jury's final report for 15 working days after notification or appeal the jury's decision to the INESC ID Board of Directors for 30 working days after notification.

 

According to the Portuguese Law, a disabled candidate has a preference when in equal classification, which prevails over any other legal preference. Candidates must declare their respective degree of disability, the type of disability and the means of communication / expression to be used in the selection process, under the law.

10 4 FORMALISATION OF APPLICATIONS

Applications are formalised by sending an email to rh@inesc-id.pt with the documents stated bellow and in pdf form. 

The application email should clearly state the reference of the research grant and project.

 

 

 

 

 

 

1

Single copy of official academic degree certificate in the required education level  

 

 

 

a) In the application submission, the candidates from portuguese education institutions may replace this document by a declaration of honour stating that they have the required academic degree.

 

 

It is mandatory for the approval of the fellowship contract that the selected candidate presents a single copy of the official academic degree certificate, required in education level

 

 

b) In the application submission, the candidates from foreigner education institutions may replace this document by a declaration of honour stating that they have the required academic degree.

 

 

 

It is mandatory for the approval of the fellowship contract that the selected candidate presents a single copy of the official diploma recognition, required in education level

 

 

 

For more information about diploma recognition please press here

 

 

 

 

2

Detailed list of grades (pdf form);

 

 

 

 

3

Proof of enrolment required on  7 a) or 7 b) (pdf form);

 

 

 

In the application submission, the candidates may replace this document by a declaration of honour stating that they are/will be enrolled required in  7 a) or 7 b)

 

 

It is mandatory for the approval of the fellowship contract that the selected candidate presents an official  copy of the enrolment, required in 7 a) or 7 b)

 

 

 

4

Detailed curriculum vitae (pdf form);

 

 

 

 

5

Motivation letter explaining the interest in the position (pdf form);

 

 

 

 

6

Name of two personal references (pdf form).

 






 

Application Dates

 

From

 

To

 

30-11-2020

 

15-12-2021

 

 

 




Vacant posts: 1

Type of contract: Information not available

Job country: Portugal

Job city: Lisbon

Job company/institute: INESC-ID


Application deadline: 15 Dezembro 2020
(The Application's deadline must be confirmed on the Job Description)

2. Dados de contactos da organização
2. Organization contact data

Empty
3. Habilitações académicas
3. Required education Level


Empty
4. Línguas exigidas
4. Required languages


Empty
5. Experiência exigida em investigação
5. Required research experience


Empty