Please note that advertised projects are sample projects and prospective applicants are not required to apply to one of the advertised projects, but are welcome to discuss broader research interests with the academic named in the advert - and/or to apply with their own research proposal.
The Centre for Doctoral Training in Cyber Security for the Everyday at Royal Holloway University of London seeks to recruit 2 PhD students to examine how software evolution and its supply chains develop from a socio-technical perspective (PhD1) and develop a rating system for software quality by considering the heterogeneity of software (PhD2)
Software is remarkably heterogeneous. Large parts of software that we use today are sourced from a variety of open-source projects and libraries. These projects often exhibit varying levels of quality assurance and provenance, often with small teams that manage them. Recently such open-source libraries have come to prominence with the 2021 Log4J vulnerability, run by a small group of developers. Software quality and therefore, its safety and security, are heavily influenced by libraries supplied by third parties that a vendor relies on.
Software vendors try and perform rigorous checks to ensure high quality is maintained. However, third-party libraries evolve independently, often forcing vendors to play catch-up with the libraries that they use. These changes can include both optimisation of features as well as the distribution of security patches. Therefore, evolution of libraries has an aggregative effect on the quality of software that depend on these libraries, which can result in buggy, or even vulnerable, versions of software.
We would like to understand the factors that influence software evolution and their feedback loops by examining how the market and supply chain ecosystems impact software development, with an empirical focus on its impact upon software security. Across both PhD projects, there will be an examination of design of novel theories, techniques, and tools to help developers cope with evolution of libraries that they use in building software.
We are looking to recruit two PhD students who will work with each other.
PhD 1. The first student will examine how software evolution and its supply chains develop from a socio-technical perspective. It will deploy ethnographic methods, including participant observation as well as interviews. It is intended that the research will identify various supply chains and develop reasoning for current practice and future development. This will inform knowledge on the popularity of libraries and the impacts on the wider software industry if those libraries change.
PhD 2. The second PhD project will work closely with the first to develop a rating system for software quality by considering the heterogeneity of software. Where possible, this student would develop the techniques and tools to assist developers in changing their code to use newer versions of libraries. These techniques would be based on recent advances in Automated Program Repair. The deliverables for this project could include, but are not limited to, IDE plugins for auto-updating software or running a microservice where developers are able to upload their code and get an updated version back.
These projects would be in close collaboration with world-leading research groups as well as industry and government, creating unique opportunities for in-depth collaboration, such as through internships. Such collaborations would allow the selected candidate to gain valuable work experience, giving them unparalleled opportunities for making impact.
Informal enquiries are encouraged. Please contact Dr. Andrew Dwyer ([Email Address Removed]) for enquiries related to PhD 1 and Dr. Santanu Dash ([Email Address Removed]) for enquiries related to PhD 2.
Continue with Facebook
