PhD/Researcher position: Privacy Engineering through Source Code Analysis

DistriNet is a leading research group specializing in secure and distributed software, embedded in the KU Leuven Department of Computer Science. With over 100 researchers, including 15 full-time professors, the group excels in systems-centric, application-driven research, often collaborating closely with industry. DistriNet's expertise has led to the creation of multiple spin-off companies. The group focuses on Secure Software and Systems, encompassing applications, services, middleware and systems, infrastructures, methods, and tools. Their research is applied to innovative case studies in e-health, industry 4.0, e-finance, e-media, and e-government.
Are you passionate about privacy and enjoy diving into code? Join our team as a privacy researcher and contribute to driving innovative solutions that leverage source code for privacy threat modeling analysis. As a PhD candidate in this research track, you’ll play a crucial role in advancing privacy engineering practices. You will explore, investigate, and analyze techniques for architectural reconstruction to create the relevant models for privacy threat analysis. Your work will have an impact on cost-effective development practices, as well as enable seamless integration with contemporary development practices and CI/CD automation.

Website unit

Project

Threat modeling is a crucial element of the “shift-left” approach, which emphasizes addressing cybersecurity and privacy issues early in the development process for both new and existing digital systems and services. LINDDUN (https://linddun.org/) is an acclaimed privacy threat modeling approach that builds on 10+ years of research experience within DistriNet. As a member of the research team focused on security & privacy threat modeling and threat mitigation, you will contribute to the advancement, validation, and creation of tooling related to the LINDDUN Privacy Threat Modeling framework. The available work and results from the LINDDUN project serve as a major steppingstone for your work.
Within our research group, a team of researchers is dedicated to privacy threat analysis using the LINDDUN framework. We actively address challenges related to privacy analysis and risk assessment, as well as privacy-by-design throughout the software development life cycle. We apply our findings through case studies across innovative and challenging application domains, such as e-health, industry 4.0, e-finance, e-media, e-government and the Internet-of-Things, with active participation in European and Flemish research projects. Given that many software projects start from existing codebases, there is a strong need to integrate and consider this pre-existing context in future privacy (and security) threat analyses.
However, architectural documentation is frequently lacking, leading to a large upfront cost to recreate this documentation for use in threat modeling. This research track tackles this challenge by investigating and leveraging source code analysis to address this problem.

Profile

You share our concern for privacy and interest in privacy engineering, and you have:

• a master in computer science (or equivalent)
• affinity for model-based analysis
• an analytical mind and capability of design-centric thinking
• technical/practical implementation skills
• and fluent English written and oral communication skills

Offer

Interested?

For more information please contact Prof. dr. ir. Wouter Joosen, tel.: +32 16 32 76 53, mail: wouter.joosen@kuleuven.be or dr. ir. Laurens Sion, tel.: +32 16 37 39 52, mail: laurens.sion@kuleuven.be.

KU Leuven strives for an inclusive, respectful and socially safe environment. We embrace diversity among individuals and groups as an asset. Open dialogue and differences in perspective are essential for an ambitious research and educational environment. In our commitment to equal opportunity, we recognize the consequences of historical inequalities. We do not accept any form of discrimination based on, but not limited to, gender identity and expression, sexual orientation, age, ethnic or national background, skin colour, religious and philosophical diversity, neurodivergence, employment disability, health, or socioeconomic status. For questions about accessibility or support offered, we are happy to assist you at this email address.