A 4 months summer intern position is open in the Advanced Processor Technologies research group of the Computer Science Department at the University of Manchester in the UK, in the domain of systems software security. A particular focus of the position is low-level kernel development in embedded systems equipped with a CPU that does not integrate a memory management unit (noMMU scenarios).
Job Description
The successful candidate will join a sponsored research project targeting software security on small, cost-effective embedded devices. Today these platforms face serious security threats such as supply chain attacks or data leaks. This is particularly concerning given how widespread and security-critical these devices are: they are used for controlling vital computer systems in many domains, such as critical infrastructure and equipment, automotive and transport, IoT, consumer electronics, etc.
The approach we take in this project involves the use of software compartmentalisation, a software security practice that consists in breaking down an application into isolated pieces of software (compartments) that cannot easily interfere with each other: in the case an attacker exploits a vulnerability to compromise a compartment, the damage they can cause will be limited to that compartment. This is a powerful security practice, which has proven its capacity at addressing many of the security threats faced by modern computer systems.
Efficient compartmentalisation is hard to achieve for the devices we target in this project. This is due in a large part to two reasons, that relate to the fundamental characteristics of these embedded platforms. First, their lack of advanced memory management hardware (MMU) makes that they cannot support the main software abstraction easing the design and retrofitting of compartmentalisation in production applications: multiprocessing. Second, the resource-hungry nature of existing approaches at compartmentalisation is incompatible with the reduced processing power and limited amounts of memory characterising small embedded devices.
Responsibilities
To tackle these issues, the successful candidate will be tasked to contribute to the development of a specialised operating system called MicrOS, enabling easy and resource-efficient compartmentalisation for such embedded devices. MicrOS emulates transparently the multiprocessing abstraction without requiring an MMU, leveraging the CHERI hardware extensions available for the RISC-V architecture to support compartmentalisation in an easy to design/retrofit fashion, securely, and with low memory and processing power requirements.
To further reduce the CPU/memory resource consumption of software compartmentalised in MicrOS, the successful candidate will also be tasked to study in depth the memory allocation and access behaviour of a series of representative embedded applications. From these insights they will derive guidelines and semi-automated techniques helping to break down monolithic software into compartments in a way that minimises the memory and CPU overhead stemming from compartmentalisation, while still maintaining strong security guarantees.
Qualifications
Computer science or computer engineering undergraduate students with a background in systems software and/or systems security are sought.
What you will get in return
- Fantastic market leading Pension scheme
- Excellent employee health and wellbeing services including an Employee Assistance Programme
- Exceptional starting annual leave entitlement, plus bank holidays
- Additional paid closure over the Christmas period
- Local and national discounts at a range of major retailers
As an equal opportunities employer we welcome applicants from all sections of the community regardless of age, sex, gender (or gender identity), ethnicity, disability, sexual orientation and transgender status. All appointments are made on merit.
Our University is positive about flexible working.
Hybrid working arrangements may be considered.
Please note this role is not eligible for sponsorship under the Skilled Worker route of the Points Based System. Candidates will need to be able to demonstrate their right to work in the UK in order to be eligible to take up the post.
Sectors
Locations
Sectors
Locations
A 4 months summer intern position is open in the Advanced Processor Technologies research group of the Computer Science Department at the University of Manchester in the UK, in the domain of systems software security. A particular focus of the position is low-level kernel development in embedded systems equipped with a CPU that does not integrate a memory management unit (noMMU scenarios).
Job Description
The successful candidate will join a sponsored research project targeting software security on small, cost-effective embedded devices. Today these platforms face serious security threats such as supply chain attacks or data leaks. This is particularly concerning given how widespread and security-critical these devices are: they are used for controlling vital computer systems in many domains, such as critical infrastructure and equipment, automotive and transport, IoT, consumer electronics, etc.
The approach we take in this project involves the use of software compartmentalisation, a software security practice that consists in breaking down an application into isolated pieces of software (compartments) that cannot easily interfere with each other: in the case an attacker exploits a vulnerability to compromise a compartment, the damage they can cause will be limited to that compartment. This is a powerful security practice, which has proven its capacity at addressing many of the security threats faced by modern computer systems.
Efficient compartmentalisation is hard to achieve for the devices we target in this project. This is due in a large part to two reasons, that relate to the fundamental characteristics of these embedded platforms. First, their lack of advanced memory management hardware (MMU) makes that they cannot support the main software abstraction easing the design and retrofitting of compartmentalisation in production applications: multiprocessing. Second, the resource-hungry nature of existing approaches at compartmentalisation is incompatible with the reduced processing power and limited amounts of memory characterising small embedded devices.
Responsibilities
To tackle these issues, the successful candidate will be tasked to contribute to the development of a specialised operating system called MicrOS, enabling easy and resource-efficient compartmentalisation for such embedded devices. MicrOS emulates transparently the multiprocessing abstraction without requiring an MMU, leveraging the CHERI hardware extensions available for the RISC-V architecture to support compartmentalisation in an easy to design/retrofit fashion, securely, and with low memory and processing power requirements.
To further reduce the CPU/memory resource consumption of software compartmentalised in MicrOS, the successful candidate will also be tasked to study in depth the memory allocation and access behaviour of a series of representative embedded applications. From these insights they will derive guidelines and semi-automated techniques helping to break down monolithic software into compartments in a way that minimises the memory and CPU overhead stemming from compartmentalisation, while still maintaining strong security guarantees.
Qualifications
Computer science or computer engineering undergraduate students with a background in systems software and/or systems security are sought.
What you will get in return
- Fantastic market leading Pension scheme
- Excellent employee health and wellbeing services including an Employee Assistance Programme
- Exceptional starting annual leave entitlement, plus bank holidays
- Additional paid closure over the Christmas period
- Local and national discounts at a range of major retailers
As an equal opportunities employer we welcome applicants from all sections of the community regardless of age, sex, gender (or gender identity), ethnicity, disability, sexual orientation and transgender status. All appointments are made on merit.
Our University is positive about flexible working.
Hybrid working arrangements may be considered.
Please note this role is not eligible for sponsorship under the Skilled Worker route of the Points Based System. Candidates will need to be able to demonstrate their right to work in the UK in order to be eligible to take up the post.
