Seite 1 von 1

Student Job at Fraunhofer SIT

Verfasst: 17. Sep 2015 10:06
von lisa.nguyen
The Secure Software Engineering Group of Fraunhofer SIT is looking for a Student Assistant.

Job description:
In order to resolve security flaws in applications, organizations must be able to identify the broadest possible array of potentially exploitable vulnerabilities. One of the primary methods to accomplish this is static analysis. While static source code analyzers can locate more types of vulnerabilities than any other method, they also output hundreds, if not thousands of findings, among which are a good number of false positives (warnings given by the tool that are not actual security flaws). Reducing the number of false positives is a gain of time and proves useful for the developers who have to process the list of warnings afterwards.

False positives are often created by the tools’ limitations, so called over-approximations. When the tool encounters those limitations while scanning a program, it produces incorrect data flows which result in false positives. Your task will be to identify such data flows using machine learning and graph pattern recognition.

The tasks of the student would be to:
(1) Create a library of known over-approximations
(2) Explore how to recognize such over-approximations in order to determine an analysis’ weaknesses
(3) Classify warnings that might correspond to unknown patterns to complete the library

Skills required:
Ideal candidates should have a good understanding of the Java language and good software design skills. Prior knowledge of static analysis is helpful, but not absolutely necessary.

Contact:
lisa.nguyen@sit.fraunhofer.de

Re: Student Job at Fraunhofer SIT

Verfasst: 21. Okt 2015 12:20
von lisa.nguyen
The position is no longer available.