We have an open PhD position in Bridging the Gap Between Mathematical Numbers and Software Systems. To fill this position, we are seeking an enthusiastic PhD candidate with a strong background in computer science, software engineering, mathematics, or closely related fields. Expertise in formal methods such as program reasoning, programming language semantics, model checking, theorem proving, or computational logic is essential.

Mathematical models, e.g., describing physical systems or cryptographic algorithms, rely on ideal numbers. For instance, mathematical integers are infinite and mathematical reals continuous and infinite. Computers work with finite approximations that are bounded (i.e., there is a smallest and largest number) and discrete. This “digital gap” between mathematical models and actual systems is a challenge when implementing safety-critical or security-critical systems: for example, autonomous aircraft or self-driving cars require high-precision representations of their position to avoid collisions. Hence, not considering the approximation of the approximative representation of numbers in computers can result in crashes that can endanger the life of humans. Moreover, many security-critical systems, not limited to cryptographic algorithms, rely on the correct handling of over- and underflows in integer computations. Actually, underflow- and overflow bugs are a root cause for a large number vulnerabilities exploited by cyber security criminal, e.g., for stealing digital currencies worth several billion of dollars. While this is not a new problem (e.g., already in 1982, an float conversion error in a trading systems at the Vancouver Stock Exchange resulted in a loss of several millions of US dollars), an integrated development method preventing such bugs is still not available.

This PhD project will address this challenge by developing a rigour approach for developing systems relying on precise representations of numbers, using the interactive theorem prover Isabelle/HOL. The PhD project can focus on

1. the formalisation of concrete representations of machine numbers (e.g., IEEE754, POSIT, Decimal Floating Point, Fixed Point Arithmetic), their (algebraic) properties, and relationship to abstract mathematical numbers;
2. the formalisation and verification of numerical or cryptographic algorithms, establishing a reusable verified library, or
3. the development of an end-to-end refinement approach from mathematical models to machine representations.

The PhD will be jointly supervised by Prof. Dr. Achim Brucker and Prof. Dr. Burkhart Wolff, leading to a joint degree from the University of Exeter and the University of Paris-Saclay.

Information about the programme can be found at

• https://www.exeter.ac.uk/study/pg-research/funding/phdfunding/paris-saclay/
• https://adum.fr/as/ed/voirproposition.pl?langue=en&matricule_prop=71068&site=PSaclay

All applications have to be made via the ADUM system: https://adum.fr/as/ed/voirproposition.pl?langue=en&matricule_prop=71068&site=PSaclay, latest on the 22nd of March 2026.

We have an exciting funded opportunity for a PhD on developing “Verification Environment for Distributed Systems Implemented in Go”. The main objectives are to define a formal semantics of Go and its CSP-inspired concurrency model in an interactive theorem prover (e.g., Isabelle/HOL) as well as developing a calculus for program verification. This is a unique opportunity to work in the intersection of theory and application and while doing so, contributing to improving the state of the art in software correctness and security.

A detailed description of the PhD proposal is available at:

• A Verification Environment for Distributed Systems Implemented in Go

Information about the funding and application process is available at:

• https://www.exeter.ac.uk/study/funding/award/?id=5477

Application deadline is the midnight GMT on 10th of February 2025.

Please reach out to me, if you have any questions.

I am happy to announce that Dr. Bethaina Touijer will join the Software Assurance & Security Research Team as a Postdoctoral Researcher.

Bethaina will work on developing formal methods for analysing business process logic, in particular in the context of enterprise sytems.

As part of a US funded project, we have an exciting opportunity for a PostDoc in the Security and Trust of Advanced Systems Group at the University of Exeter (UK) to work applying formal methods to enterprise systems:

We will use formal methods (e.g., model checking, SMT solving, interactive theorem proving), to analyze business-process-driven (enterprise) systems (e.g., business logic and workflows described a BPMN models). A particular focus will be the analysis of complex compositions of workflows within one organization as well as across multiple organizations.

In particular, we will develop novel techniques to detect faults and vulnerabilities (that can be exploited by both internal and external attackers) in complex business-process-driven systems, contributing to protecting critical workflows such as manufacturing or logistics.

In such environments, attackers can exploit such faults and vulnerabilities to cause all kinds of harm such as direct financial losses or causing the production of safety or security critical products to stop. Overall, the project aims to develop automated techniques for assessing the risk of business process or workflows as well as finding and mitigating such attacks.

This is a unique opportunity for somebody wanting to use/apply formal methods to the security of large enterprise systems.

More information and application details can be found at:

• https://jobs.exeter.ac.uk/hrpr_webrecruitment/wrd/run/etrec179gf.open?WVID=171839ediw&LANG=USA&VACANCY_ID=386422ijTy

Application deadline is the 18th of April 2024. Please contact me for more details.

We have an exciting opportunity for PhD study with myself and Prof. Burkhart Wolff from the Université Paris-Saclay on developing a formal semantics for Go(lang) in Isabelle/HOL.

This is part of a new ‘double PhD’ programme leading to a PhD award from the University of Exeter and the Université Paris-Saclay.

More information and application details can be found at:

• https://www.exeter.ac.uk/study/pg-research/funding/phdfunding/paris-saclay/
• https://adum.fr/as/ed/voirproposition.pl?site=adumR&matricule_prop=53822#version

Application deadline is the 31st of March 2024. Please contact us for more details.

I am happy to announce that Teddy Cameron-Burke will join the Software Assurance & Security Research Team as a PhD student.

Teddy got his BSc in Computer Science and Mathematics from the University of Exeter. In his BSc project, he formalized homomorphic encryption in Isabelle/HOL. Teddy will continue to work with Isabelle in his PhD project, focusing on developing novel verification approaches for domain-specific programming languages, e.g., for the development of cyber-physical systems.

Universities in the UK (and the discussion in this post is based, and most likely limited to, the UK academic sector) accept students with a UG (BSc) degree into their PhD programs. Thus, students in the UK often wonder about the differences between doing a postgraduate taught degree and a postgraduate research degree. But also if you have already your MSc finished (or are close to finishing it) and are considering applying for a PhD programme, it will be useful to understand the differences in the application and selection process.

One of important difference between a taught program and a research program is that a research program is an individual programme: it is all about you (and your supervisor). In contrast, a taught program is mass event (the “mass” can be relatively small, i.e., cohort sizes of postgraduate taught programs are often in the medium double-digit range). This has consequences on selecting the right university (or research group) and strategies for making your application successful.

Taught Postgraduate Programs §

Let’s start with looking at Taught Postgraduate Programs. When applying for an MSc programme, you are often one of hundredths applicants and decision if your application is successful or not, is often taken by a dedicated admissions team, based on your marks in your undergraduate studies, checking that you satisfy the admission criteria. Only in exceptional cases, when, for instance, you want to replace certain requirements (e.g., an undergraduate degree that teaches programming) by job experience (e.g., if you worked as a software developer), your application is read carefully by an academic.

Of course, you want to study at a university with a good reputation. But, most importantly, you want to learn the topics that really motivate you and that build the basis for your envisioned career path. Hence, carefully check the description of the programmes you are applying for (and for the modules offered) to avoid disappointments. For example, not every programme that has ``cybersecurity’’ in its title, will cover those areas of cybersecurity that you are interested in. This will also help you, if you are considering a PhD after your MSc: PhD supervisors consider it an advantage, if they have already supervised the M.Sc. Research Project of a student. And, if the M.Sc. Research Project and your PhD topic are aligned, it gives you a head-start for your PhD.

Research Postgraduate Programs §

While, in the following, I am focusing on PhD programmes, similar consideration are valid for the much less common degree “MSc by Research” (a one-year MSc degree that is purely based on an individual research project). A postgraduate research program, as the name suggests, focuses on research. There are usually only a few taught modules (e.g., in the UK it is very common that research students need to complete a module on research methodology). Hence, both the application process and the PhD studies are centered around you, our research topic, and your relationship to your PhD supervisor. This observation should guide both the selection of the best suitable supervisor and the documents that your application process

If you want to do a PhD in a certain topic (and, if you want to do a PhD, you should have an idea, in which area you want to do it), look out for potential supervisors that are knowledge in your area of interest, e.g., they have published papers that are, broadly speaking, relevant to your PhD topic. For example, even though I am doing a lot of research in cybersecurity, there are many areas of cybersecurity, I am not supervising students on, because I lack the necessary expertise.

In your application, you should demonstrate that the expertise of your future supervisor is useful for your PhD topic. Ideally, your application refers to one or several papers written by the research group you are applying at. In a certain way, the reputation of the university is less important (compared to a taught programme). Rather, try to understand if your research topic and your personality fits well into the research area and supervisory style of your week/month: some supervisors meet their PhD candidates at least weekly, others future supervisor. For example, how many supervisory meetings are planned per only every other week or less often. Similarly, some supervisors are more involved in the actual research than others. What is best for you, depends on your personal needs and your research topic. Some topics require a closer supervision than others. If accepted, you will need to work with this supervisor for the next 3 to 5 years. Also, at the end of your PhD, your individual work will be assessed both by the PhD committee and by future employers (that will also look at your publications and your PhD thesis).

Several fully funded PhD scholarships for UK applicants are available in the Security and Trust of Advanced Systems Group (Prof. Achim Brucker and Dr. Diego Marmsoler) at the Department of Computer Science of the University of Exeter, UK.

We are looking for enthusiastic and outstanding Computer Science or Mathematics students with a strong background in at least one of the following topics:

• safety or security of (software) systems,
• formal modelling or formal reasoning/verification,
• program analysis or program verification,
• language-based security
• semantics of programming languages,
• theorem proving, model checking,
• cryptographic protocols,
• distributed systems (e.g., blockchain),
• specification-based testing, and
• design and implementation of security architectures.

This award provides annual funding to cover UK tuition fees and a tax-free stipend. For students who pay UK tuition fees the award will cover the tuition fees in full, plus at least £15,009 per year tax-free stipend. The studentship will be awarded on the basis of merit for 3.5 years of full-time study.

Interested candidates should contact the potential supervisors Prof. Achim Brucker or Dr. Diego Marmsoler to discuss their application.

For more details, please consult the official advertisements:

• Compositional Verification of Smart Contracts in Isabelle
• Formal Verification for Safety- or Security-Critical Systems
• Software Engineering for Security- or Safety-Critical Systems
• Open Call

The closing date for applications is midnight on the 24th of January 2022.

I am happy to announce that Amy Stell will join the Software Assurance & Security Research Team as a PhD student.

Amy got her BSc in Computer Science from the University of Exeter. In her BSc project, she formalized neural networks in Isabelle/HOL, and she will continue to develop formal methods for improving the security, safety, and correctness of machine learning during her PHD studies.

A warm welcome to Dr Avik Chakraborti. Avik is joining the Security and Trust of Advanced Systems Group at the Department of Computer Science of the University of Exeter as a Lecturer in Cyber Security.

Avik is a world-renowned expert in applied cryptography. Our students will already meet him after Easter, when he starts teaching, as part of your MSc Cyber Security Analytics, the module on Security Assessment and Validation.

Two fully funded PhD scholarships for EU/UK applicants are available in the Security and Trust of Advanced Systems Group (Prof Achim Brucker or Dr Diego Marmsoler) at the Department of Computer Science of the University of Exeter, UK.

We are looking for enthusiastic and outstanding Computer Science or Mathematics students with a strong background in some of the following topics:

• safety or security of (software) systems,
• formal modelling or formal reasoning/verification,
• program analysis or program verification,
• language-based security
• semantics of programming languages,
• theorem proving, model checking,
• cryptographic protocols,
• distributed systems (e.g., blockchain),
• specification-based testing, and
• design and implementation of security architectures.

This award provides annual funding to cover UK/EU tuition fees and a tax-free stipend. For students who pay UK/EU tuition fees the award will cover the tuition fees in full, plus at least £15,009 per year tax-free stipend. The studentship will be awarded on the basis of merit for 3.5 years of full-time study.

For more details, please consult the official advertisement.

The closing date for applications is midnight on 1 May 2020. Project-specific queries should be directed to the supervisors, Prof Achim Brucker or Dr Diego Marmsoler.

As part of the expansion of the Department of Computer Science at the University of Exeter, we are recruiting for a Lecturer in Cybersecurity. The lecturer will be part of the newly formed Security and Trust of Advanced Systems Group.

We are looking for a candidate with an outstanding research record in any area related to cybersecurity (information security) such as (but not limited to):

• access control
• usable security
• software/application security
• formal methods for security
• language-based security/privacy
• secure programming
• information flow
• security protocols
• network security
• security of distributes systems
• human aspects of security
• hardware security
• security economics
• security-by-design
• applied cryptography
• privacy-enhancing technologies
• threat hunting, security analytics
• threat modelling
• forensics, reverse engineering
• trustworthy AI/ML
• security/penetration testing

You will have a PhD or equivalent in Cybersecurity, Computer Science, Mathematics, Engineering or a related area. Please refer to the job description for full details.

We understand security and safety entangled concepts: in most modern systems one cannot be achieved without the other. Hence, we encourage also candidates working in related domains such as safety, dependability, resilience, or reliability to apply.

Please apply by 8th of April 2020! See the [full announcement](https://jobs.exeter.ac.uk/hrpr_webrecruitment/wrd/run/ETREC107GF.open?VACANCY_ID=803965SHQd&WVID=381759 1jNg&LANG=USA) for all details.

After three and a half years in Sheffield, it is, again, time for new challenges. After starting the security group in Sheffield by both making the business case for a security group and being its first member, I am doing it again: I am building a new Cybersecurity Group in Exeter: This time as Professor and Head of Group.

Today, I am starting a “new life” as Full Professor (Chair for Cybersecurity) and Head of Group Cybersecurity Group (in creation) at the Computer Science Department at the University of Exeter (and, yes, there is a outdoor swimming pool next to my new office).

Personally, I plan to continue my research in both a deep understanding of theory and practice and, thus, being able to bridge the gap between theory and practice as well as between industry and academia. My team will continue to work on all kinds of aspects of developing secure, reliable, and resilient software (and hardware) systems.

On a wider perspective, the Cybersecurity Group will include several lecturer positions (the first offer has already been made, and the next call for applications will be out soon). The team will grow fast and support the already excellent and world-leading computer science department in Exeter with their security expertise in research and education.

Having worked for eight years in the global security team of SAP SE, I have a strong understanding of industrial needs and strengths. I am looking forward not only to collaborate with my new colleagues at the university, I am also looking forward to all kinds of collaborations with local industry in Devon, Cornwall, and elsewhere.

Let’s stay in touch and I am looking forward to collaborations opportunities with all of you – regardless if you are working in industry or academia and regardless if we already worked together or not!

Do you want to join a world-class computer science department and help us to establishment of an information and computer security research group? Then now is the right time to apply.

The Department Of Computer Science of the University of Exeter is currently hiring for a new cybersecurity group. The new lecturer will join a growing department and will contribute to a new research focus in cybersecurity.

This is a unique opportunity to join a new cybersecurity group as founding member and to influence its future development.

Application in all areas of cybersecurity are welcome, and we are particularly encouraging people working in the intersection of security and formal aspects (e.g., formal methods, verification, type systems, programming languages, logic) to apply. Please apply by 4th of April 2019!

I am happy to announce that Sakine Yalman will join the Software Assurance & Security Research Team as a PhD student.

Sakine got her MSc in Advanced Computer Science from The University of Sheffield. In her MSc thesis, she developed a static analysis tool for smart contracts for the Ethereum blockchain. In her PhD studies, she will focus on security and privacy aspects of cloud and edge computing.

Do you want to join a world-class computer science department and help us to establishment of an information and computer security research group? Then now is the right time to apply. We have three Lecturer/Senior Lecturer/Reader to fill.

The Department Of Computer Science at The University of Sheffield is currently hiring for a new Security of Advanced Systems Group. For more details, have a look at the detailed job brochure.

Application deadline is the 28th April 2017.

Do you want to join a world-class computer science department and lead the establishment of a information and computer security research group? Then now is the right time to apply.

The Department Of Computer Science at The University of Sheffield is hiring a Chair in Computer and Information Security. We are looking for a re-owned personality in all aspects of information security, cybersecurity, or computer security that is looking for new challenges. Joining The University of Sheffield provides a unique opportunity to build up a new group leveraging the existing expertise that go far beyond the research excellence of the fifth-best computer science department in the UK (according to REF 2014): collaboration opportunities are ranging from manufacturing (IoT, Industry 4.0) to social and political sciences.

Application deadline is the 27th July 2016.

I am happy to announce that Michael Herzberg will join the Software Assurance & Security Research Team as a PhD student.

Michael studied computer science at the Karlsruhe Institute of Technology (KIT) in Germany and finished his studies there with a thesis on “Static Code Analysis for Securing Cordova Application.” During his PhD studies, he will apply formal modeling and verification techniques to (software) vulnerabilities.