The University About us...
The University of Luxembourg is an international research university
with a distinctly multilingual and interdisciplinary character. The
University was founded in 2003 and counts more than 6,700 students and more
than 2,000 employees from around the world. The University's faculties and
interdisciplinary centres focus on research in the areas of Computer Science
and ICT Security, Materials Science, European and International Law, Finance
and Financial Innovation, Education, Contemporary and Digital History. In
addition, the University focuses on cross-disciplinary research in the areas
of Data Modelling and Simulation as well as Health and System Biomedicine.
Times Higher Education ranks the University of Luxembourg #3 worldwide for
its “international outlook,” #20 in the Young University Ranking 2021 and
among the top 250 universities worldwide.
The Faculty of Science, Technology and Medicine (FSTM) contributes
multidisciplinary expertise in the fields of Mathematics , Physics ,
Engineering , Computer Science , Life Sciences and Medicine.
Through its dual mission of teaching and research, the FSTM seeks to generate
and disseminate knowledge and train new generations of responsible citizens,
in order to better understand, explain and advance society and environment we
The University of Luxembourg invites applications to the vacancy in the
Department of Computer Science (https:// dcs.uni.lu).
In this proposed PhD thesis topic, we aim to develop the first account
ecosystem management and security analysis tool. To achieve this, we must
solve foundational research questions and develop efficient algorithms as
outlined below. The developed algorithms will be implemented into a fully
The candidate's tasks include:
Assistance with teaching classes in security
Conducting research publishable in reputable international venues
Writing of progress reports and presentations towards thesis
Work constructively towards goals set by supervisors
The candidate should be prepared to engage in the project ``Semi-Controlled
Distributed Account Management'' described below. The project is within the
Security and Trust of Software System (SaToSS) research group led by Prof
Description of proposed PhD thesis topic...
The use of a password manager is a current best practice that many users and
organisations follow. Password managers facilitate the generation and
maintenance of unique, complex and random passwords and thus help prevent
account compromise due to weak or reused passwords. However, with the rising
number of apps, online accounts, smart devices and authentication methods, we
are facing many new threats that are not related to passwords. For example, we
must now also worry about misconfigured apps, third-party access permissions
to accounts, vulnerabilities of devices, and security incidents at service
Moreover, our apps, accounts, and devices are interconnected: An email app on
a smartphone provides access to the email account to anyone who can unlock the
smartphone. If, say, the smartphone user's groceries account supports password
resetting by email, then the user's groceries account, too, can be accessed by
anyone who can unlock the smartphone. There are many other such connections
due to multi-factor, single sign-on, and other authentication methods. We
refer to this collection of apps, devices, accounts, and authentication
methods as an account ecosystem.
The interconnected nature of items in an account ecosystem means that for any
security incident involving one item, there are potential ramifications for
every other item in an account ecosystem. In our user study of 20 young to
middle aged adults, they reported on average 43 items in their account
ecosystems that were in active use. The complexity of account ecosystems is
expected to further increase significantly with new services, such as Open
Banking, connecting our existing accounts with new third-party account
services, and new items, such as wearable devices, smart home appliances, car
infotainment systems connecting to our existing devices such as smartphones,
home routers, and introducing new apps and cloud services to control them.
Yet, there is no tool that helps managing our account ecosystems and no simple
way to assess the risks to the integrity and availability of items in our
account ecosystem. Indeed, it is precisely the lack of such a tool at the
larger scale of an organisation's account ecosystem that leaves many
institutions blind to the possible attack paths that ransomware attacks have
What we expect from you…
The candidate must have a master degree and outstanding qualifications in
computer science, mathematics or a related discipline.
The candidate should have excellent spoken and written communication skills.
The candidate should be prepared to integrate into the SaToSS research group,
led by Prof Sjouke Mauw, which maintains excellent communication between all
A large and dynamic research group with an exciting international
Training in scientific and transferable skills; participation in schools,
conferences and workshops
The University of Luxembourg offers highly competitive salaries and is an
equal opportunity employer
Contract Type: Fixed Term Contract 36 Month, extendable to 48 months
Work Hours: Full Time 40.0 Hours per Week
Starting date: As soon as possible
Topics in security, privacy and formal methods
Student and employee status
Job Reference: UOL04429
How to apply...
Applications written in English should be submitted online and include:
Detailed curriculum vitae, including your contact address, work experience
Letter of motivation. This is essential and must clearly state how the
experience and interests of the candidate are related to the PhD topic
advertised. Generic applications that are not tailored to the group and
topic will not be considered
Degree certificates and transcript of all grades from university-level
Contact information for 2-3 referees
Early submission is highly encouraged as the applications are processed in
order of reception. Applications by email will not be considered, but we
encourage applicants to contact the research group with questions.
The University of Luxembourg embraces inclusion and diversity as key values.
We are fully committed to removing any discriminatory barrier related to
gender, and not only, in recruitment and career progression of our staff.
In return you will get…
Multilingual and international character. Modern institution with a
personal atmosphere. Staff coming from 90 countries. Member of the
“University of the Greater Region” (UniGR).
A modern and dynamic university. High-quality equipment. Close ties to
the business world and to the Luxembourg labour market. A unique urban
site with excellent infrastructure.
A partner for society and industry. Cooperation with European
institutions, innovative companies, the Financial Centre and with numerous
non-academic partners such as ministries, local governments, associations,
Find out more about the University
Addresses, maps & routes to the various sites of the University