On occasion your messaging provider will divert emails to your junk folders, so we encourage you to check your junk folder for emails from us. You can prevent emails from us being sent to junk by adding donotreply-jobs@surrey.ac.uk to your contacts list.     Please take the opportunity to regularly check the status of your application by logging into our system.  If you have any queries, our contact details can be found in the ‘contact us’ section of our site.


Job opportunities

View All Vacancies

PhD Studentship – Verifiable Cryptography and Trusted Hardware

Department of Computer Science

Location:  Guildford
Post Type:  Full Time
Advert Placed:  Thursday 31 August 2017
Closing Date:  Wednesday 31 January 2018
Reference:  068717

PhD Studentship – Verifiable Cryptography and Trusted Hardware

Supervisory team: Dr François Dupressoir, Prof Steve Schneider (University of Surrey co-supervisors), and Dr Santiago Zanella-Béguelin (Microsoft Research co-supervisor).

Duration of Studentship: 4 years

Stipend: A stipend of £20,000 per annum, tax-free, subject to residence status (see below). University fees are also covered by the studentship.

Eligibility: The studentship will be funded by Microsoft Research and EPSRC through Microsoft’s PhD Scholarship Programme (https://www.microsoft.com/en-us/research/academic-program/phd-scholarship-europe-middle-east-africa). The standard EPSRC eligibility rules (https://www.epsrc.ac.uk/skills/students/help/eligibility/) apply, including some residence requirements. Normally, to be eligible for the studentship, the student must have no restrictions on how long they can stay in the UK and have been ordinarily resident in the UK for at least 3 years prior to the start of the studentship (with some further constraint regarding residence for education).

Vacancy Information: The student will be registered with the University of Surrey and join a team of researchers at the Surrey Centre for Cyber Security (http://www.surrey.ac.uk/sccs), one of only 14 UK government-recognised Academic Centres of Excellence in Cyber Security Research (ACE-CSR, https://www.ncsc.gov.uk/articles/academic-centres-excellence-cyber-security-research). The student will be co-supervised by Dr François Dupressoir (http://www.surrey.ac.uk/cs/people/francois_dupressoir) and Prof Steve Schneider (https://www.surrey.ac.uk/cs/people/steve_schneider), with support from Dr Santiago Zanella-Béguelin (https://www.microsoft.com/en-us/research/people/santiago/) as Microsoft Research supervisor.

The student will be based in the Department of Computer Science at the University of Surrey, UK.

Studentship description:
Providing and Verifying Security on Compromised Platforms

Recent years have seen tremendous progress in the development of formal techniques and tools for the development of software systems that are and remain correct and secure against traditional network-based adversaries. This recent progress is a significant step towards establishing trust in the security of computer systems and digital infrastructure in the presence of misbehaving state-level actors (that may, for example, tamper with standards and software or compromise service providers), as it supports the production of independently-verifiable evidence of the security of a system.

However, the threat models considered so far have necessarily been limited to network-based adversaries. This does not take into account the growing number of security-critical systems—including consumer appliances, but also infrastructure—that are deployed without physical security, giving a determined adversary a lot more capabilities through physical access. For example, such an adversary could observe physical side-channels (timing, power consumption) that leak information about the data being manipulated by a device, or could perform fault attacks to tamper with the very execution of the system.

Establishing trust in the presence of these more powerful threats often requires the use of trusted hardware—small, tamper-resistant hardware tokens that serve as roots of trust to bootstrap digital security in adversarial physical environments. However, the precise security guarantees expected of such roots of trust (for example, Trusted Platform Modules (TPM), Intel® SGX, or Arm Trustzone) are still not fully understood, and they are often difficult for developers of hardware or software appliances to use effectively to bootstrap security. This difficulty comes in part from their complexity, but also from the fact that application developers are often assumed to understand security—including security against side-channel and physical attacks. This assumption is, in practice, often wrong.

In this project, the student will, in collaboration with supervisors and a growing team of researchers, investigate all aspects of these roots of trust from a formal point of view. This will involve:

-       Understanding and formalising the security properties of these roots of trust in powerful adversary models;

-       Developing and applying techniques and tools to prove that given implementations of such roots of trust do indeed provide these security properties;

-       Developing techniques and tools that make it easier for application developers to check that their use of their chosen root of trust provides them with the level of security they expect. Application domains of relevance to the Department include electronic voting, automotive and transport security, and electronic health.


The student may focus in-depth on one or two of these aspects, or more superficially cover all three.

Person Specification:


-       Bachelor degree in Computer Science or similar discipline (UK equivalent of 2:1 classification or above)

-       An interest in verification techniques (from type systems to interactive proof assistants) or in provable security

-       Some programming experience

-       An understanding of the foundations of computer science and programming languages

-       A demonstrated ability to think and work independently

-       Strong verbal and written communication skills in English


-       Master’s degree in a STEM discipline (UK equivalent of Merit classification or above)

-       Experience with higher order logic and formal verification in practice

-       An understanding of cryptography and computer security

-       A basic understanding of electronic engineering

Application: The formal application process requires the submission of a CV (preferably no longer than 2 pages), the name of two referees, and copies of degree certificates and transcripts from all university-level courses taken. More information on how to apply can be found by clicking on the ‘Apply Online’ button at the following address: http://www.surrey.ac.uk/postgraduate/computer-science-phd. There is further information about PhD roles in the Department of Computer Science at the following link https://www.surrey.ac.uk/department-computer-science/study/postgraduate-research/funding.

In addition to the above, as part of their application, the candidate is also required to upload a cover letter explaining their interests and expected contributions to the project and detailing any previous research experience (including examples of previous project work).

Application enquiries:Dr François Dupressoir, f.dupressoir@surrey.ac.uk

Closing Date: October 30 2017. Applications will be considered as they arrive and may close earlier if the right candidate is identified.

Email details to a friend

Get updates


Athena Swan Bronze Award