Télécom Paris, part of the Polytechnic Insitute of Paris, is one of France’s top 5 general engineering schools. The mainspring of Télécom Paris is to train, imagine and undertake to design digital models, technologies and solutions for a society and economy that respect people and their environment.

We are looking for a Post-doctoral Fellow in software engineering and cybersecurity. You will join the INFRES Department in ACES team. As part of the SECUBIC project, the ACES team of Télécom Paris develops techniques and tools that leverage Software Heritage, the largest archive of source code in the world, as knowledge base about open source software to improve the state of the art of binary software composition analysis (SCA).

SCIENTIFIC CONTEXT

Many everyday objects (like phones, routers, public transport vehicles, CCTV, etc.) are equipped with computer code in binary format ensuring their operation. At the same time, the reuse of off-the-shelf software components is a massive and widespread practice in computer program development. Therefore, software operating everyday objects may embed up to thousands of pre-existing software components, whose (open source) code was openly available on the Internet. These pre-existing components can implement various and potentially sensitive features, such as cryptography, data management or internet communication. Such a bloated software supply chain opens the door to specific attacks against the binaries included in everyday objects, such as exploiting known vulnerabilities or purposefully injecting vulnerabilities into pre-existing components.

When the user of an everyday object wants to ensure that its operating binary is not vulnerable to such attacks, they must use generic vulnerability detection techniques on the entire binary code. This requires considerable effort and is highly likely to miss many of the vulnerabilities. By replacing these generic techniques with a new approach dedicated to finding vulnerabilities caused by the software supply chain, the SECUBIC project aims at increasing the detection capabilities of such vulnerabilities enough to enable their exhaustive neutralization (or exploitation, from an attacker’s point of view), in reasonable time and budget. The result of the project will be a set of software tools implementing this dedicated approach and an evaluation of their effectiveness, notably on binary code coming from industrial and institutional partners.

Other information :
Application deadline: August 31, 2025
Job type : 30 months fixed-term contract
Full job description here

Please apply at : https://institutminestelecom.recruitee.com/l/en/o/post-doctorante-ou-post-doctorant-en-genie-logiciel-et-cybersecurite-cdd-de-30-mois-2-5