La Caixa Scholarship
Doctoral Fellowships “la Caixa” INPhINIT
The doctoral fellowship programme INPhINIT “la Caixa” is devoted to attracting talented Early-Stage Researchers—of any nationality—who wish to pursue doctoral studies in Portuguese and Spanish territory. They are sponsored by ”la Caixa” Foundation, it is aimed at supporting the best scientific talent and fostering innovative and high-quality research in Portugal and Spain by recruiting outstanding international students and offering them an attractive and competitive environment for conducting research of excellence.
35 PhD fellowships for early-stage researchers of any nationality to pursue their PhD studies in Portuguese research units like LASIGE, accredited as “excellent” according to the evaluation of the Fundação de Ciência e Tecnologia, and research centres accredited with the Spanish Seal of Excellence Severo Ochoa, María de Maeztu or Health Institute Carlos III. This frame is addressed exclusively to PhD research projects on STEM disciplines, which includes Computer Science and Engineering.
You can get more detailed information about the programme here.
The Navigators Group of LASIGE has three open projects that you can apply to, while submitting your proposal to the INPhINIT “la Caixa” programme.
Deep learning for vulnerability discovery in web applications represented in intermediate languages
Web applications are the most common vehicle for accessing services and resources in enterprises. However, they often contain vulnerabilities that can be exploited remotely, causing serious damage to organizations and allowing private user information retrieval. Essential services, such as banking and healthcare, demand trustworthy applications, and so it is crucial that they are programmed with security in mind, preventing successful attacks that can disturb and/or interrupt their operation.
Despite the advances made in web application security, companies have not been able to decrease substantially the number of vulnerabilities reported annually. A key factor that explains this observation is the growth in complexity leveraged by semantic aspects of different languages that can integrate an application, which complicate the analysis of tools that inspect the programs while searching for flaws. A way to circumvent such complexity is to perform the analysis in an intermediate language representation of the web application.
In the project, we investigate techniques for analyzing the source code of web applications represented in an intermediate language with the goal of discovering vulnerabilities and then remove automatically the errors found by applying patches to the source code, i.e., performing code correction. This way, we plan to use techniques from the code analysis area, such as static and dynamic analysis, and from the artificial intelligence area, focusing on deep learning and natural language processing (NLP). Recently, we have applied a few of these techniques to specific scenarios with promising results, but in the project, we intend to extend them to build tools that are highly accurate and scalable to large code-bases, with the final aim of improving the security of the web. These tools will englobe both identification and correction of vulnerabilities, being the correction a promising and challenging research area.
Job position description:
The student will be involved in the various tasks required for building a successful tool for the discovery and correction of vulnerabilities, from the design of the solution until its evaluation with real web applications. In more detail:
- Investigate different classes of flaws that might affect web applications
- Build a dataset of applications that contain representative vulnerabilities, either on a programming language and an intermediate language representation
- Research alternative techniques that could be employed to locate the flaws
- Study machine learning methods that could be used to find the vulnerabilities
- Research methods that could be applied to correct the code for removing flaws
- Build a tool based on the investigated techniques
- Test and evaluate the tool with relevant web applications and report discovered vulnerabilities to developers, giving to them a possible correction of their code
The project is developed with members of the Navigators group of the LASIGE research lab. Several members of the group (and lab) are involved in research activities that aim to enhance the correctness of applications in general, with fruitful and outstanding results in the past. The work is defined in the context of several European consortia and collaborations with other teams are envisioned.
Advisors: Professors Nuno Ferreira Neves (email@example.com) and Ibéria Medeiros (firstname.lastname@example.org)
Machine learning tools for improving data quality and dependability in IoT applications
Current scalable systems and processes produce increasing amounts of data generated by an ever-growing number of sensors and activities. To handle these large amounts of data, Internet-of-Things (IoT) platforms can be used to efficiently take care of automating several processes, from collecting to storing and providing access to these data.
However, these platforms neglect quality assurance mechanisms to avoid data quality degradation, e.g., due to sensor faults causing drift or outliers, time-variability of processes, communication failures, to mention a few. Additionally, they do not leverage from statistical and machine learning tools to go beyond the provision of raw data to provide meaningful insights on the system or process features, e.g., forecasts, pattern matching, or event classification, thus benefitting decision-making procedures and services that depend on the data.
This proposal aims to develop a scalable generic framework and configurable platform for data dependability and knowledge extraction on IoT contexts, clearly separating generalizable methodologies from mechanisms to ease configuration and adaptation to specific application fields. Case studies on energy efficiency and flexibility management in buildings and environmental monitoring will demonstrate the generic nature and the adaptability of the proposed framework and platform.
Job position description: The student will be involved in the various tasks required for developing the generic framework, including the design of the underlying machine-learning-based solutions for failure detection and data processing, the definition of an architectural solution enabling the deployment of these solutions in multiple application scenarios, the definition of methods to ease configuration tasks, and the implementation and validation of these solutions and methods in the scope of multiple use cases.
The project is developed with members of the Navigators group of the LASIGE research lab. Several members of the group (and lab) are involved in research activities aimed at achieving increased dependability, adaptability and performance, with fruitful and outstanding results in the past. In particular, the project is aligned with the goals of the AQUAMON project (PTDC/CCI-COM/30142/2017 from Fundação para a Ciência e a Tecnologia), aimed at developing a platform for dependable monitoring with WSNs in water environments, and the CSESI Hub, a collaborative laboratory on Smart Energy Services Innovation Hub, also financed by the Fundação para a Ciência e a Tecnologia.
Advisors: Professors António Casimiro (email@example.com) and Pedro Ferreira (firstname.lastname@example.org)
Secure cloud-based services to support cooperative autonomous driving functions
Autonomous and intelligent driving systems are emerging technologies whose development still presents many challenges to meet the needed safety requirements, especially without compromising utility.
In LASIGE and in the context of its research line in Cyber-Physical Systems, we have been exploiting Vehicular-to-Vehicular (V2V) and Vehicular-to-Infrastructure (V2I) communications as an approach to enrich the perception of autonomous vehicles and to perform safe maneuvering in a cooperative way. Vehicular cooperation does not replace autonomous functions but creates opportunities to perform these functions in a more efficient way. V2V communication is used to execute fault tolerant agreement protocols, while V2I communication provides the basis for exploiting cloud-based resources and services to improve perception and support cooperation. For instance, a membership service is essential in the execution of an agreement protocol, as it provides knowledge on the relevant vehicles that must be involved in the protocol execution. These services, besides being fault-tolerant and scalable, must also be secure and trustworthy.
In this work proposal, the objective is to address security requirements on the exchange of V2V and V2I information and on the design and development of cloud-based services to support vehicular cooperation. The solutions to be designed and developed must prevent or mitigate the effects of malicious attacks aimed at compromising these services, information exchange and, ultimately, vehicular safety. The work will require the design, development and evaluation of system solutions, architectures, mechanisms and protocols aimed to support effective, safe and secure cooperation between autonomous vehicles.
Job position description: The student will be involved in the various tasks required for developing the needed solutions, from design to implementation and validation. The first step in the work will be to model the target system with respect to the actors to be considered (e.g., vehicles, road-side units, infrastructure servers, etc.), the relevant interactions between them, the considered attacks vectors and their translation into possible faults, and other aspects of the system like synchrony or resource availability. Relevant abstractions must also be defined, as needed to simplify the problem without loosing generality. Then, the set of services supported by V2I communication that will have to be secured must be defined. Besides membership, which is necessary for cooperation, other services may also be relevant in the context of automated driving, like road and traffic information services, software update services, etc. Depending on the considered services, a set of relevant interaction models and associated functional requirements will have to be identified. Then, the challenge will be to design the solutions (including architecture and protocols) to not only address these functional requirements, but to ensure that security requirements are satisfied in the presence of the considered attacks. Besides typical solutions for authentication and enforcement of secure communication, intrusion tolerance techniques will have to be explored on the server side, investigating and finding appropriate tradeoffs between protocol complexity, scalability and achievable security. The work will also involve the implementation and validation of the developed solutions, for instance deploying them in public clouds and using available V2I technologies (if possible, the goal is to use 5G for network access).
The project is developed with members of the Navigators group of the LASIGE research lab. Several members of the group (and lab) are involved in research activities related to autonomous cooperative vehicles and to security in distributed systems. In particular, the goals of this work proposal are aligned with the objectives of the EU H2020 project Admorph - Towards Adaptively Morphing Embedded Systems, which starts in January 2020.
Advisors: Professors António Casimiro (email@example.com) and Bernardo Ferreira (firstname.lastname@example.org)