This page lists the internship projects currently available in the Center for Cybersecurity of Fondazione Bruno Kessler (FBK).
Procedure
- Application: submit your application for the internship project you are interested in using the designated online form and providing the required information. Make sure to apply before the specified deadline. You are advised not to apply to more than two projects at the same time.
- Selection: project supervisors will review the applications and choose the most suitable candidate. If needed, they may request an oral interview during the selection process. Each project is evaluated independently.
- Results: once the selection process is complete, all applicants (both selected and not selected) will be notified of the outcome for the specific project.
For general inquiries, you can email internships-cs@fbk.eu. If you have specific questions about a project, please reach out to the project supervisor directly.
Please note that applications sent via email will not be considered.
Projects are listed starting with those that have the earliest submission deadlines.
AI, Secure Software Engineering and DevSecOps for Cloud Native Applications CLEANSE SaFEWaRe
ID: p-2025-safeware-1
Published on: Monday, 12 May 2025
Deadline for Applications: Thursday, 12 June 2025 at 23:59
Description:
Software Systems are continuously and rapidly evolving, requiring engineers to address increasingly new complex and multi-dimensional aspects. These include for example the integration of Artificial Intelligence (AI), compliance with new and evolving EU Regulations (e.g., EU AI Act, NIS2, GDPR, etc.), and ensuring that systems are secure, ethical and trustworthy.
To meet these demands, current practices in Secure Software Engineering and DevSecOps (Development, Security, and Operations) must be extended to address these new challenges. Especially when considering DevSecOps for Cloud Native Applications, where the attack surface spans multiple layers (e.g., code, container, deployment, orchestrator, etc.). "The purpose and intent of DevSecOps is to build on the mindset that everyone is responsible for security with the goal of safely distributing security decisions at speed and scale to those who hold the highest level of context without sacrificing the safety required", describes Shannon Lietz, co-author of the "DevSecOps Manifesto".
DevSecOps is an approach to automate the integration of cybersecurity processes at every phase of the software development lifecycle, from initial design through integration, testing, deployment, and software delivery. It represents a natural and necessary evolution in the way development organizations approach security. For Cloud Native Applications, security regards multiple levels (code, container, deployment, orchestrator, etc.) and the approach to introduce security should consider all of them.
Type: Internship + Thesis
Levels: BSc, MSc
Supervisors: Pietro De Matteis (pdematteis@fbk.eu), Luca Piras (l.piras@fbk.eu)
Prerequisites: At least two of the following:
- Programming Languages (e.g., Java, C++, Rust)
- Programming Frameworks (e.g., Spring, Ionic)
- Software security background
- Configuration and Administration of Systems
- Cloud-Native Applications
- Cloud Computing Services (e.g., AWS, Azure)
- Service Oriented Architectures
- Service Orchestration
- Dockers and Kubernetes
Objectives: In this context, one or more of the following activities can be carried on:
- Securing and Monitoring Software Supply Chain in SDLC
- Development of novel techniques for Secure Software Engineering
- Application of AI to DevSecOps as a support for configuration, diagnosing, resolving problems or compliance with Regulations (EU AI Act, NIS2, GDPR, NIST, etc.)
- Development of Trustworthy and Transparent Software Systems
Topics: Cloud Native Applications, DevSecOps, Software Supply Chain, Threat Modeling, AI, Secure Software Engineering, Privacy, Security, Trust
Notes:
- We offer curricular internship (no allowance).
- Multiple positions available. Doing both internship and thesis is recommended but not required (i.e., only internship may be acceptable).
- Exceptional work may lead to co-authored publications in International Conferences or Journals, with support and guidance from academic supervisors.
Validation of post-quantum algorithms in OpenSSL ALEPH ST
ID: p-2025-st-5
Published on: Friday, 11 April 2025
Deadline for Applications: Friday, 9 May 2025 at 23:59 Sunday, 15 June 2025 at 23:59 (extended)
Description:
OpenSSL is a software library initially released in 1998 that implements SSL and TLS protocols. Its usage provides secure communications over networks, and it has steadily become the de facto standard for the integration of TLS in webservers. With its latest release (v3.5), OpenSSL has deployed three PQC algorithms: ML-KEM (FIPS 203) for key exchange, ML-DSA (FIPS 204) and SLH-DSA (FIPS 205) as signature methods.
The primary objective of this internship is to compare the algorithms’ implementation and validate the design choices performed during the design phase, investigating for common implementation flaws and possible side-channel attacks.
Type: Internship + Thesis
Level: MSc
Supervisors: Riccardo Longo (rlongo@fbk.eu), Salvatore Manfredi (smanfredi@fbk.eu)
Time frame: The internship period will begin in the middle of July, or later if preferred.
Prerequisites:
- Experience with C
- Basic knowledge of the TLS protocol (e.g. Intro2CNS or Networking course)
- Advanced Programming of Cryptographic Methods course (or equivalent)
Objectives: Use the NIST reference implementations to validate the PQC algorithms implemented in OpenSSL
Topics: Post-quantum cryptography, OpenSSL, TLS, Implementation validation
References: