Job id: 067745. Salary: £41,386 - £48,414 per annum, including London Weighting Allowance.
Posted: 24 May 2023. Closing date: 12 June 2023.
Business unit: Natural, Mathematical & Engineering Sci. Department: Informatics.
Contact details: Laurence Tratt. email@example.com
Location: Strand Campus. Category: Research.
This Research Associate position in software security will work to enhance web browser security by utilising CHERI compartmentalisation techniques. The aim of this work is to show how a real world web browser such as Chrome can take advantage of the CHERI security model.
Web browsers are systemically important but present a large attack surface due to their scale and complexity: they are a magnet for attackers, with frequent published attacks. Chrome already splits itself into processes but we want to explore how to take that further with more fine-grained compartments: what are the trade-offs in doing so? Using CHERI will make intra-compartment communication much faster, so how can we take advantage of this when considering where to put compartment boundaries?
To find out more about CHERI in general, please look at www.cl.cam.ac.uk/research/security/ctsrd/cheri/ or Arm’s implementation of CHERI “Morello” www.arm.com/architecture/cpu/morello.
This position straddles both research and software engineering: it will suit candidates who are interested in working on real-world software that has the potential for major long-term impact. There is also considerable scope for experimentation: CHERI compartmentalisation is a new area, so this position will suit candidates who enjoy exploring new areas.
The successful candidate will join a friendly research team with existing CHERI skills and direct access to Morello hardware.
This post will be offered on a full-time, fixed term contract until 31 December 2024.
- Conduct software security research into development browser compartmentalisation
- Investigate performance consequences of compartmentalisation
- Investigate security consequences of compartmentalisation
The above list of responsibilities may not be exhaustive, and the post holder will be required to undertake such tasks and responsibilities as may reasonably be expected within the scope and grading of the post.
Skills, knowledge, and experience
1. Excellent programming / software engineering skills (e.g. in a language such as C, C++, Java, or Rust)
2. Research experience and/or experience working with large code bases
3. PhD in a related field
4. Excellent communication skills
5. Good time management and organizational skills
6. Be able to effectively and productively work as part of a team
1. Open-source development experience
2. Security experience
Please note that this is a PhD level role but candidates who have submitted their thesis and are awaiting award of their PhDs will be considered. In these circumstances the appointment will be made at Grade 5, spine point 30 with the title of Research Assistant. Upon confirmation of the award of the PhD, the job title will become Research Associate and the salary will increase to Grade 6.