Thesis: Finding vulnerabilities in the implementation of an Open Source RAN protocol by fuzz testing

Rekryterare
Ericsson
Plats
Göteborg, SE
Annonserat
den 19 oktober 2021
Stängs
den 11 november 2021
Ref:
608703-en_US
Kategori
Övriga jobb
Anställningsform
Tillsvidare
Sysselsättning
Heltid
As the tech firm that created the mobile world, and with more than 54,000 patents to our name, we've made it our business to make a mark. When joining our team at Ericsson you are empowered to learn, lead and perform at your best, shaping the future of technology. This is a place where you're welcomed as your own perfectly unique self, and celebrated for the skills, talent, and perspective you bring to the team. Are you in?

Come, and be where it begins.

Our Exciting Opportunity

Background

The telecom industry is moving towards open designs and open networking protocols, where once equipment could be expected to be delivered and integrated by the same manufacturer now a radio access network (RAN) could consist of equipment delivered by different vendors.

This places even higher requirements on integration- and security testing since malicious actors may now to a greater extent try to exploit the implementations.

Fuzz testing is a well-known industry practice that can be used to randomize input to a program and find bugs and vulnerabilities that may be very difficult to find using other methods. Today there exist commercial tools that can perform fuzz testing for widespread protocols such as SSL/TLS and NETCONF, but for our lesser-known protocol, no such tool exists.

The thesis

In this thesis, we want to create a fuzz testing tool to explore what bugs can be found that would be difficult to find using unit testing or manual system verification.

The students can base their fuzzing tool on an already existing in-house simulator of this protocol.

Questions to answer
  • What type of fuzzer is best used for this protocol?
  • How effective is fuzzing compared to traditional system verification?
  • Depending on the outcome of using the tool can suggestions be made on how to improve the protocol to make it less susceptible to attacks?
  • How should a tool like this be designed to make sure it can be effectively maintained and used for future protocol versions?


Qualifications

  • Student in the 2nd year of your master program with a background in software engineering or computer science
  • Knowledge of C++ programming language


What´s in it for you?

Here at Ericsson, our culture is built on over a century of courageous decisions. With us, you will no longer be dreaming of what the future holds - you will be redefining it! You won't develop for the status quo, but will build what replaces it. Joining us is a way to move your career in any direction you want; with hundreds of career opportunities in locations all over the world, in a place where co-creation and collaboration are embedded into the walls. You will find yourself in a speak-up environment where empathy and humanness serve as cornerstones for how we work, and where work-life balance is a priority. Welcome to an inclusive, global company where your opportunity to make an impact is endless!

What happens once you apply?

To prepare yourself for next steps, please explore here: https://www.ericsson.com/en/careers/job-opportunities/hiring-process

Location for this role: Gothenburg, Sweden

Recruiter: Sylwia.Kwiecien@ericsson.com

Last day to apply: 10th November

Kindly note that we cannot process applications sent via email.

Ericsson provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetics.

Ericsson complies with applicable country, state and all local laws governing nondiscrimination in employment in every location across the world in which the company has facilities. In addition, Ericsson supports the UN Guiding Principles for Business and Human Rights and the United Nations Global Compact.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, training and development.

Ericsson expressly prohibits any form of workplace harassment based on race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetic information.

Primary country and city: Sweden (SE) || || Göteborg || [[mfield2]]

Req ID: 608703

Liknande jobb

Liknande jobb