coq-club AT inria.fr
Subject: The Coq mailing list
List archive
[Coq-Club] Postdoc and research engineer positions in Semantics and Verification for Secure Systems Software
Chronological Thread
- From: Peter Sewell <Peter.Sewell AT cl.cam.ac.uk>
- To: coq-club AT inria.fr
- Subject: [Coq-Club] Postdoc and research engineer positions in Semantics and Verification for Secure Systems Software
- Date: Wed, 9 Dec 2020 18:12:11 +0000
- Authentication-results: mail2-smtp-roc.national.inria.fr; spf=None smtp.pra=Peter.Sewell AT cl.cam.ac.uk; spf=Pass smtp.mailfrom=p.m.sewell AT googlemail.com; spf=None smtp.helo=postmaster AT mail-lf1-f54.google.com
- Ironport-phdr: 9a23:os7ZixKMxQvnlK7v/tmcpTZWNBhigK39O0sv0rFitYgeIvrxwZ3uMQTl6Ol3ixeRBMOHsq0C0rWG+P25EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCe/bL9oMRm7rwbcusYWjId/N6081gbHrnxUdupM2GhmP0iTnxHy5sex+J5s7SFdsO8/+sBDTKv3Yb02QaRXAzo6PW814tbrtQTYQguU+nQcSGQWnQFWDAXD8Rr3Q43+sir+tup6xSmaIcj7Rq06VDi+86tmTgLjhSEaPDA77W7XkNR9g61BoByhqRJxwJPabp+JO/dlZKzRYckXSHBdUspNVSFMBJ63YYsVD+oGOOZVt5PzqEUSrRSgHwmnGf7hxSFGh3Do2a061/kqHAbc0gM+A9IBrm7UoM/oOqgMX+G60q3IzTHYYvxK3Tfx8pTHfQokof2WR71/bdDdyVQsFw7ciFibtIPqMS+P2OsXr2ib8/RvVfipi2M/qAx/oiWjy8UyhofJmo8bxV/K+yp9zYg7JdC1Vkp2bMCqHZZNty+XN4p7T8EsTW12uCs0xL0ItJ2lcSQWyJopyBjSYOGJfYiP5xLsTueRITFgiX15Yr2/ggy+/lK8xeHmS8m001BHpTdGnNnUrn0ByQDf58ydRvZ+/kqtwyuD2gHR5+1eIU05mqzWIIM7zLEqjJocq0HDEzf2mEroiK+WcV0p+u2y5OTmZrXqv5ucN4Fphg3nPKQjmsOyDf43MggJWGib9uC826P58ULlR7VKi+U6kqjfsJ/EOcQWvrC1DxNR34o56BuyDy2q3MkZkHQFNl5IeB2Kg5DsO17UIfD4Cfm/g06rkDdu3/3GJqftApDXInjYjrjgc6hy60pYyAcowtBf4JVUCr4FIP3tX0/+rt3YDhsjPwOoxObnDc1x1pkCVmKXHq+ZLKTSvEeU6eIoOumAfZMauDLgK/c+/PPuln84mVoFfaazx5cXaXa4Hu5nI0qDe3bsjM0BQi82uV81S/Wvg1mfWxZSYWyzVuQy/GIBBZqiHLvEE7ignLGbmhy2AZBSYkhNDhaHGHKufo7CRvRfRjiVJ5pZnyAJT/CaRpAs0RXm4Df317d9aNHZ5SAcsbro0J5+7uiVnBp06D8iXJfV6H2EU2whxjBAfDQxxq0q+RUgmGfG6rBxhrljLfIW5/5NVV1nZ5vVzug/D96rHwycIpGGT1GpRtjgCjY0HIpoko0+Jn1lEtDntSjtmi+jArsbjbuOXcJm/aXb0Hz8Is98zzDN06xz1gB6EPsKDnWvg+tEzyaWH5TAyhnLnKLsfq0ZmifGsnqAnzKD
Postdoc and research engineer positions in Semantics and Verification for Secure Systems Software
Advert: http://www.jobs.cam.ac.uk/job/28012/
Closing date: 13 January 2021
Are you interested in developing and applying semantics and verification techniques to radically improve the foundations and security of mainstream computer systems? We are looking for postdoctoral researchers and research assistants to do exactly that, in a wide range of topics.
In recent years, working with Arm, IBM, RISC-V International, the CHERI team, the C and C++ standards committees, and others, we have shown how one can develop and use authoritative semantics for full-scale architecture and language definitions, including instruction-set architectures of ARMv8-A, RISC-V, and CHERI in our Sail metalanguage (https://www.cl.cam.ac.uk/~pes20/sail/), our Cerberus C semantics (https://www.cl.cam.ac.uk/~pes20/cerberus/), and relaxed-memory concurrency models at the architecture and C/C++ language levels. These use a combination of semantic definitions made executable as test oracles, test generation, symbolic execution, and mechanised proof; they have resolved many questions about what these fundamental abstractions are or should be; and they can enable both lightweight formal engineering and full verification of key parts of real systems.
We now aim to build above this in two related projects, for CHERI and Arm system software.
(1) CHERI verification. CHERI (https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-941.pdf, https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/) extends conventional hardware Instruction-Set Architectures (ISAs) with new architectural features, using capabilities, to enable fine-grained memory protection and highly scalable software compartmentalization. The CHERI project is led by Robert Watson, Simon Moore, and Peter Sewell at the University of Cambridge and Peter Neumann at SRI International. CHERI allows historically memory-unsafe programming languages such as C and C++ to be adapted to protect against many currently widely exploited security vulnerabilities, and enables the fine-grained decomposition of operating-system (OS) and application code, to limit the effects of security vulnerabilities. CHERI is a hardware/software/semantics co-design project, bringing together computer architecture, systems software, security, and semantics.
In October 2019, Arm announced Morello (https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/cheri-morello.html), an experimental CHERI-extended, multicore, superscalar ARMv8-A processor, System-on-Chip (SoC), and prototype board. Morello is a part of the UKRI £187M Digital Security by Design Challenge (DSbD), supported by the UK Industrial Strategy Challenge Fund, including a commitment of over £50M by Arm. Morello will support industrial-scale evaluation of CHERI, with a view to mass-market adoption - which would transform the security landscape.
We have previously developed rigorous engineering methods (https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/cheri-formal.html) to precisely define the CHERI ISA, for CHERI-MIPS and CHERI-RISC-V variants, and to prove (in Isabelle) that they satisfy key intended security properties (https://www.cl.cam.ac.uk/users/pes20/cheri-formal.pdf). We are now collaborating with Arm and researchers at the University of Edinburgh to do the same for the full Morello CHERI ARMv8 ISA, building on our Sail ARMv8-A ISA semantics, and to study the semantics and security of higher-level languages and system software above CHERI, building also on our Cerberus C semantics (https://www.cl.cam.ac.uk/~pes20/cerberus/). Morello and this verification aim to improve the security of all Arm mobile device software.
(2) Arm system software verification. This ongoing project, in collaboration with Google and with researchers at MPI-SWS, Radboud, SNU, and Aarhus, aims to establish correctness and security properties of key hypervisor system software above the ARMv8-A ISA semantics mentioned above, integrated with the ARMv8-A concurrency architecture (including both the previous "user-mode" models and the system concurrency semantics, being developed in collaboration with Arm) (https://www.cl.cam.ac.uk/~pes20/armv8-mca/). The Cambridge work is led by Peter Sewell, Neel Krishnaswami, and Robert Watson. Here too, there is the prospect of the resulting system being very widely deployed.
We are looking for postdocs and research assistants to contribute to all aspects of both projects. You should have a strong background in semantics and verification, the motivation and flexibility to develop practical ways to use them at scale for real systems, and experience in one or more of:
- interactive theorem proving, in Coq and/or Isabelle (we use both)
- program logics (especially separation logics and Iris)
- relaxed-memory concurrency
- low-level system software
- programming language semantics and type systems
- program analysis
- model checking
- computer security
- functional programming
We are also seeking candidates with a research engineering focus, to assist in the development of robust and widely usable tools based on the above. For this, you should have experience in functional programming, especially OCaml.
For more details of our recent work, see (https://www.cl.cam.ac.uk/~pes20/), and especially the REMS (https://www.cl.cam.ac.uk/~pes20/rems/index.html) and CHERI (https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/) projects, which are both lively and effective collaborations.
The positions are available to start as soon as possible. For candidates with substantial relevant expertise, we may be able to appoint at the Senior Research Associate level.
Research Assistant (without PhD): £26,715-£30,942, Research Associate (with PhD): £32,816-£40,322, or Senior Research Associate: £41,526-£52,559. Appointment to Senior Research Associate will be considered for exceptional candidates.
Fixed-term: The funds for these posts are available for 2 years in the first instance.
Further details may be obtained from Prof. Peter Sewell, email Peter.Sewell AT cl.cam.ac.uk
You will need to upload a full curriculum vitae (CV) and a covering letter outlining your interests, potential contributions to the project, and relevant past experience; both in pdf format. You should also include the contact details for 2 referees who will be able to promptly provide letters if requested. If you upload any additional documents which haven't been requested we will not be able to consider these as part of your application.
Due to the current circumstances, there may be a possibility for remote working in the first instance. Please contact the HR Manager to discuss the finer details.
Please quote reference NR25056 on your application and in any correspondence about this vacancy.
Apply online: http://hrsystems.admin.cam.ac.uk/recruit-ui/apply/NR25056
The University actively supports equality, diversity and inclusion and encourages applications from all sections of society.
The University has a responsibility to ensure that all employees are eligible to live and work in the UK.
Advert: http://www.jobs.cam.ac.uk/job/28012/
Closing date: 13 January 2021
Are you interested in developing and applying semantics and verification techniques to radically improve the foundations and security of mainstream computer systems? We are looking for postdoctoral researchers and research assistants to do exactly that, in a wide range of topics.
In recent years, working with Arm, IBM, RISC-V International, the CHERI team, the C and C++ standards committees, and others, we have shown how one can develop and use authoritative semantics for full-scale architecture and language definitions, including instruction-set architectures of ARMv8-A, RISC-V, and CHERI in our Sail metalanguage (https://www.cl.cam.ac.uk/~pes20/sail/), our Cerberus C semantics (https://www.cl.cam.ac.uk/~pes20/cerberus/), and relaxed-memory concurrency models at the architecture and C/C++ language levels. These use a combination of semantic definitions made executable as test oracles, test generation, symbolic execution, and mechanised proof; they have resolved many questions about what these fundamental abstractions are or should be; and they can enable both lightweight formal engineering and full verification of key parts of real systems.
We now aim to build above this in two related projects, for CHERI and Arm system software.
(1) CHERI verification. CHERI (https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-941.pdf, https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/) extends conventional hardware Instruction-Set Architectures (ISAs) with new architectural features, using capabilities, to enable fine-grained memory protection and highly scalable software compartmentalization. The CHERI project is led by Robert Watson, Simon Moore, and Peter Sewell at the University of Cambridge and Peter Neumann at SRI International. CHERI allows historically memory-unsafe programming languages such as C and C++ to be adapted to protect against many currently widely exploited security vulnerabilities, and enables the fine-grained decomposition of operating-system (OS) and application code, to limit the effects of security vulnerabilities. CHERI is a hardware/software/semantics co-design project, bringing together computer architecture, systems software, security, and semantics.
In October 2019, Arm announced Morello (https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/cheri-morello.html), an experimental CHERI-extended, multicore, superscalar ARMv8-A processor, System-on-Chip (SoC), and prototype board. Morello is a part of the UKRI £187M Digital Security by Design Challenge (DSbD), supported by the UK Industrial Strategy Challenge Fund, including a commitment of over £50M by Arm. Morello will support industrial-scale evaluation of CHERI, with a view to mass-market adoption - which would transform the security landscape.
We have previously developed rigorous engineering methods (https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/cheri-formal.html) to precisely define the CHERI ISA, for CHERI-MIPS and CHERI-RISC-V variants, and to prove (in Isabelle) that they satisfy key intended security properties (https://www.cl.cam.ac.uk/users/pes20/cheri-formal.pdf). We are now collaborating with Arm and researchers at the University of Edinburgh to do the same for the full Morello CHERI ARMv8 ISA, building on our Sail ARMv8-A ISA semantics, and to study the semantics and security of higher-level languages and system software above CHERI, building also on our Cerberus C semantics (https://www.cl.cam.ac.uk/~pes20/cerberus/). Morello and this verification aim to improve the security of all Arm mobile device software.
(2) Arm system software verification. This ongoing project, in collaboration with Google and with researchers at MPI-SWS, Radboud, SNU, and Aarhus, aims to establish correctness and security properties of key hypervisor system software above the ARMv8-A ISA semantics mentioned above, integrated with the ARMv8-A concurrency architecture (including both the previous "user-mode" models and the system concurrency semantics, being developed in collaboration with Arm) (https://www.cl.cam.ac.uk/~pes20/armv8-mca/). The Cambridge work is led by Peter Sewell, Neel Krishnaswami, and Robert Watson. Here too, there is the prospect of the resulting system being very widely deployed.
We are looking for postdocs and research assistants to contribute to all aspects of both projects. You should have a strong background in semantics and verification, the motivation and flexibility to develop practical ways to use them at scale for real systems, and experience in one or more of:
- interactive theorem proving, in Coq and/or Isabelle (we use both)
- program logics (especially separation logics and Iris)
- relaxed-memory concurrency
- low-level system software
- programming language semantics and type systems
- program analysis
- model checking
- computer security
- functional programming
We are also seeking candidates with a research engineering focus, to assist in the development of robust and widely usable tools based on the above. For this, you should have experience in functional programming, especially OCaml.
For more details of our recent work, see (https://www.cl.cam.ac.uk/~pes20/), and especially the REMS (https://www.cl.cam.ac.uk/~pes20/rems/index.html) and CHERI (https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/) projects, which are both lively and effective collaborations.
The positions are available to start as soon as possible. For candidates with substantial relevant expertise, we may be able to appoint at the Senior Research Associate level.
Research Assistant (without PhD): £26,715-£30,942, Research Associate (with PhD): £32,816-£40,322, or Senior Research Associate: £41,526-£52,559. Appointment to Senior Research Associate will be considered for exceptional candidates.
Fixed-term: The funds for these posts are available for 2 years in the first instance.
Further details may be obtained from Prof. Peter Sewell, email Peter.Sewell AT cl.cam.ac.uk
You will need to upload a full curriculum vitae (CV) and a covering letter outlining your interests, potential contributions to the project, and relevant past experience; both in pdf format. You should also include the contact details for 2 referees who will be able to promptly provide letters if requested. If you upload any additional documents which haven't been requested we will not be able to consider these as part of your application.
Due to the current circumstances, there may be a possibility for remote working in the first instance. Please contact the HR Manager to discuss the finer details.
Please quote reference NR25056 on your application and in any correspondence about this vacancy.
Apply online: http://hrsystems.admin.cam.ac.uk/recruit-ui/apply/NR25056
The University actively supports equality, diversity and inclusion and encourages applications from all sections of society.
The University has a responsibility to ensure that all employees are eligible to live and work in the UK.
- [Coq-Club] Postdoc and research engineer positions in Semantics and Verification for Secure Systems Software, Peter Sewell, 12/09/2020
Archive powered by MHonArc 2.6.19+.