This page lists the internship projects currently available in the Center for Cybersecurity of Fondazione Bruno Kessler (FBK). Please note that these are curricular internship projects (which does not include financial compensation) intended specifically for bachelor’s and master’s university students, and not employment contracts. Please refer to jobs.fbk.eu/ for job offers and open positions.
Procedure
- Application: submit your application for the internship project you are interested in using the designated online form and providing the required information. Make sure to apply before the specified deadline. You are advised not to apply to more than two projects at the same time.
- Selection: project supervisors will review the applications and choose the most suitable candidate. If needed, they may request an oral interview during the selection process. Each project is evaluated independently.
- Results: once the selection process is complete, all applicants (both selected and not selected) will be notified of the outcome for the specific project.
For general inquiries, you can email internships-cs@fbk.eu. If you have specific questions about a project, please reach out to the project supervisor directly.
Please note that applications sent via email will not be considered.
Projects are listed starting with those that have the earliest submission deadlines.
Automated Privacy Assessment of OpenID Connect Parties ST
ID: p-2026-st-3
Published on: Wednesday, 4 March 2026
Deadline for Applications: Friday, 3 April 2026 at 23:59
Description:
OpenID Connect (OIDC) has shown to need a set of privacy best current practices (BCPs), since only a handful of guidelines can be found in this regard. In 2023 and 2026, we provided a set of BCPs to fill that gap (Sassetti et al.), as well as an assessment of the privacy posture of several OIDC Providers (OPs). The results have shown that only a few OPs provide high baseline privacy, whereas many others implement only bare minimum requirements. Currently, the privacy posture checks are limited to OPs. As a result, the privacy practices of RPs and users remain uninvestigated.
As a new line of work, we plan on extending the automated assessment of the privacy posture of OPs to RPs and users. First, we are going to develop a browser plugin that automatically draws a privacy profile of RPs based on the BCPs that are put in use. Then, we are going to set up an experiment with normal users to survey their privacy practices.
Type: Internship + Thesis
Levels: BSc, MSc
Supervisors: Gianluca Sassetti (gsassetti@fbk.eu), Amir Sharif (asharif@fbk.eu)
Prerequisites:
- Basic understanding of cybersecurity and privacy principles
- Basic coding skills
- Knowledge of the OpenID Connect protocol is a plus (soft-requirement)
- Strong analytical and problem-solving skills
Objectives:
- Extend the survey to RPs, and possibly to a large enough number of RPs that it can provide a meaningful snapshot of the state of the art for OIDC parties.
- Extend the survey to users to understand their behaviour when presented with indicators of privacy posture.
- Draw a set of lessons learned that can tell us what is the optimal way to implement privacy indicators. We plan on providing feedback to OPs and RPs so that they can include those considerations in their software development lifecycle and improve the overall privacy of the OIDC ecosystem.
Topics: OpenID Connect, Privacy, Best Current Practices