Location: San Francisco, USA
If you’re looking for an internship that lives on the bleeding edge of new technology, a place you can work with an all-star team of experienced security experts, and overall just save the world, then you’ve discovered the correct internship description! Riscure Inc. is looking for graduate and post-graduate students that are passionate about security and want to get their hands dirty with some exciting challenges in the world of security R&D. Being in San Francisco means we have the privilege of being exposed to the most exciting technical developments in the world, and we intend to leverage that privilege for some serious leveling up of colleagues and interns alike.
Here are some projects we want to do with you this year:
Exploring FI software countermeasures
The Challenge – FI countermeasures for software have been published in our paper. We have little data that can be publicly shared on the effectiveness of these countermeasures, and on various strategies to prevent compilers from optimizing out these countermeasures.
- Duration – 2-4 months
- Background info(optional) – Whitepaper on Side Channel Patterns
- Research Question – For each countermeasure, what is the effectiveness and the best strategy of avoiding removal by compiler optimization?
- Project output – The outcome of this project is a report that describes each countermeasure, how the countermeasure affects fault resistance on our test platform Pinata, and best strategies to avoid compiler removal of that countermeasure.
- Main: BSc or equivalenAssembly, C, experimentation, report writing, LLVM internals
- Optional: fault injection concepts, CPU inner workings
Leveraging program analysis techniques for code review
The Challenge – Many program analysis techniques exist; static code checks, symbolic/concolic execution, taint tracking, dynamic instrumentation, etc. In our work we manually work with these kinds of tools, but this does not enable scaling.
- Duration – 4-6 months
- Research Question – How can we leverage existing program analysis techniques such that they can be used from inside an IDE in a code review flow?
- Project output – Report giving an overview of existing techniques and their different applications. For several techniques, a prototype implementation inside an IDE.
- Skills needed
- Main: MSc or equivalent, C, experimentation, report writing, symbolic execution, static code analysis
- Optional: Assembly, human/computer interaction, Eclipse
Send your resume and motivation letter to firstname.lastname@example.org. If you have any hardware project, source code, academic thesis, whitepaper, or anything else that is relevant and that you’re proud of, don’t hesitate send a to link to it as well.
We are an equal opportunity employer, and do not discriminate based of race, nationality, gender identity, sexual orientation, disability status, veteran status, age, or any other legally applicable characteristics. Being a diverse, multi-national company is one of the things that makes us strong, and we don’t intend to change any time soon.