This page lists the internship projects currently available in the Center for Cybersecurity of Fondazione Bruno Kessler (FBK).
Procedure
- Application: submit your application for the internship project you are interested in using the designated online form and providing the required information. Make sure to apply before the specified deadline. You are advised not to apply to more than two projects at the same time.
- Selection: project supervisors will review the applications and choose the most suitable candidate. If needed, they may request an oral interview during the selection process. Each project is evaluated independently.
- Results: once the selection process is complete, all applicants (both selected and not selected) will be notified of the outcome for the specific project.
For general inquiries, you can email internships-cs@fbk.eu. If you have specific questions about a project, please reach out to the project supervisor directly.
Please note that applications sent via email will not be considered.
Projects are listed starting with those that have the earliest submission deadlines.
Cryptography Bill of Materials (CBOM) ALEPH CLEANSE
ID: p-2024-cleanse-4
Published on: Tuesday, 17 December 2024
Deadline for Applications: Thursday, 16 January 2025 at 23:59
Description:
Discovering, managing, and reporting on cryptographic assets is a critical step for the transition to quantum-safe systems and applications [0]. The Open Worldwide Application Security Project (OWASP) [1] proposes a standard to represent Cryptography Bill of Materials (CBOM) [2], useful to describe cryptographic assets and their dependencies in a Software Supply Chain Security (SSCS) context. A CBOM is useful to understand the assets, their dependencies and the compliance with regulations, and a key enabler of cryptographic agility to secure critical systems against quantum computing threats.
Type: Internship + Thesis
Levels: BSc, MSc
Supervisors: Alessandro Tomasi (altomasi@fbk.eu), Pietro De Matteis (pdematteis@fbk.eu)
Prerequisites:
- Practical knowledge of Java is essential; practical knowledge of docker would be useful.
- Basic understanding of cybersecurity principles.
- Basic knowledge of cryptography from cryptography-related courses.
Objectives: The research questions to cover with the internship are:
- CBOM Compliance: starting from an open-source tool proposed by IBM for compliance [3], study how the tool works, what are the policies used to evaluate the compliance, and how to extend these compliance policies.
- CBOM Creation: study how a CBOM is created for proprietary software and Third-Party dependencies.
- CBOM Composition: study how the CBOM is composed and how to use and integrate a Third-Party CBOM.
Topics: Cryptography Bill of Materials, Cryptographic compliance, Quantum-resistant cryptography
Notes: Doing both internship and thesis is recommended but not required (i.e., only internship may be acceptable).
References: