Security Control Specification and Formalization in an existing Vulnerability Management Tool
ABG-127502 | Stage master 2 / Ingénieur | 5 mois | 554,40 € |
10/12/2024 |
- Informatique
Établissement recruteur
The Institut de Recherche en Informatique de Toulouse (IRIT), established in 1990, is a Joint Research Unit (UMR 5505) of the Centre National de la Recherche Scientifique (CNRS), the Institut National Polytechnique de Toulouse (Toulouse INP), the Université Toulouse 3 Paul Sabatier (UT3), the Université Toulouse Capitole (UT Capitole) and the Université Toulouse Jean Jaurès (UT2J).
IRIT is one of the largest UMR at the national level, is one of the pillars of research in Occitanie with its 600 members, permanent and non-permanent, and about 100 external collaborators. Due to its multi-tutorial nature (CNRS, Toulouse Universities), its scientific impact and its interactions with other fields, the laboratory constitutes one of the structuring forces of the IT landscape and its applications in the digital world, both at regional and national level.
Through its cutting-edge work and dynamics, our unit has been able to define its identity and acquire undeniable visibility, while positioning itself at the heart of changes in local structures: University of Toulouse, as well as the various mechanisms resulting from future investments (LabEx CIMI, IRT Saint-Exupéry, SAT TTT, 3IA ANITI).
Description
The goal of this internship is to explore and develop methodologies for specifying and formalizing security controls and include them into an already-existing vulnerability management tool. As cybersecurity threats become more sophisticated, ensuring that systems are protected requires not only identifying vulnerabilities but also defining and enforcing security controls that mitigate these risks. The research focuses on integrating security controls into the tool during the architecture design, improving the ability of tools to automatically enforce security measures and ensuring that these controls are formalized to be consistent and measurable.
The challenge lies in defining security controls clearly, ensuring they are formalized in a way that makes them enforceable, and integrating them into the existing vulnerability management tool in a way that allows for automatic reasoning.
Internship Objectives:
Security Control Specification:
Investigate existing security frameworks (such as NIST SP 800-53, CISA Controls, ISO 27001) to define security control categories and create specifications.
Develop a set of security controls targeting common vulnerabilities (e.g., network vulnerabilities, misconfigurations, outdated software).
Ensure that the controls are clear, actionable, and measurable to support vulnerability management
Profil
M2 or equivalent students in Software engineering, or cybersecurity or formal methods
Prise de fonction
Vous avez déjà un compte ?
Nouvel utilisateur ?
Vous souhaitez recevoir nos infolettres ?
Découvrez nos adhérents
- Ifremer
- Tecknowmetrix
- ONERA - The French Aerospace Lab
- CESI
- Institut de Radioprotection et de Sureté Nucléaire - IRSN - Siège
- ADEME
- CASDEN
- ANRT
- Généthon
- MabDesign
- Aérocentre, Pôle d'excellence régional
- Nokia Bell Labs France
- MabDesign
- Groupe AFNOR - Association française de normalisation
- PhDOOC
- TotalEnergies
- SUEZ
- Laboratoire National de Métrologie et d'Essais - LNE
- Institut Sup'biotech de Paris