Annonce non disponible
Annonce non disponible
Ce produit n'est plus disponible à la vente.
Cloud Active Defense Strategies Simulation and Evaluation F/M
0,00 €
Annonce N°130264Publié le 16/02/2022 à 04:21
Description
WHAT WE OFFER Our company culture is focused on helping our employees
enable innovation by building breakthroughs together. How? We focus
every day on building the foundation for tomorrow and creating a
workplace that embraces differences, values flexibility, and is
aligned to our purpose-driven and future-focused work. We offer a
highly collaborative, caring team environment with a strong focus on
learning and development, recognition for your individual
contributions, and a variety of benefit options for you to choose
from. Apply now! ABOUT US (TEAM) Maintaining security is a constantly
shifting task, and we need to respond with continuous learning and
research. The portfolio of SAP Security Research contains those topics
that we believe are most important for SAP’s security future.
SAP’s vision to secure business is built on 3 ideals:
Zero-Vulnerability, to harden the software by eliminating
vulnerabilities, Defensible Application, to enable the software to
identify and prevent attacks, and Zero-Knowledge, to make any theft of
data useless through encryption. Considering these aspects, SAP
Security Research covers the following focal areas: Anonymization for
Big Data, Secure Internet of Things, Software security analysis,
Open-source analysis, Deceptive application, Applied cryptography,
Quantum technology, and Machine Learning as enabler for the next
generation of security. PURPOSE AND OBJECTIVES This internship is
based in the SAP Labs France Research Lab, in Sophia-Antipolis. The
work will be performed in the context of the Research Program
“Security research”, under the “Active Defense” topic. This
topic aims at deceiving, confusing and misdirecting adversaries, to
undermine their exploitation capabilities. While previous
‘‘Capture The Flag“ or “Red Teaming“ experiments show that
deception is effective in attack detection, it remains difficult to
come up with an experimentation framework that will allow to do
rigorous and repeatable tests to find the optimal deception
parameters. For this, a recent approach has been to utilize the
CyberBattleSIm framework developed by Microsoft based on the OpenAI
gym interface [1]. This project allows to simulate an enterprise
network environment and provides abstraction of various network and
security concepts. Researchers proposed to modify CyberBattleSIm, to
add the abstractions of deception concepts and experiment with the
number and location of deceptive elements [2]. However, CyberBattleSim
mainly simulates a network environment where the ‘nodes are
computing elements and the edges are connections between nodes“.
Thus, it mainly allows to experiment with network-layer deception. The
goal of this internship is first to assess the applicability, and
second, to adapt CyberBattleSim to cloud infrastructure and
application-layer deception. Ideally, this would allow us to simulate
the possible attack vectors that are identified during an application
threat modeling exercise, and to measure the effectiveness of
deception on such attacks. EXPECTATIONS AND TASKS Some of the tasks to
be addressed include: * Getting familiar with state-of-the-art
research on deception * Getting familiar with the OpenAI gym and
CyberBattleSim frameworks * Understanding the abstractions provided by
CyberBattleSim * Getting familiar with the cloud architecture and
cloud application environment at SAP, e.g SAP’s Business Technology
Platform * Finding ways to abstract and simulate web/cloud application
components in CyberBattleSim * Finding ways to abstract and simulate
application layer deceptive elements in CyberBattleSim * Implementing
a prototype with these abstractions that would allow to experiment
with the location, enticingness, and number of deceptive elements.
Note that, as this is mainly a research project, the tasks and
expectations can be updated during the course of the internship,
depending on the research process and findings. We expect that 60% of
time of the intern will be dedicated to research and 40% to
development activities. [1] Microsoft Defender Research Team.
CyberBattleSim. https://github.com/microsoft/cyberbattlesim, 2021. [2]
Walter, E., Ferguson-Walter, K., Ridley, A. Incorporating Deception
into CyberBattleSim for Autonomous Defense. IJCAI-21 1st International
Workshop on Adaptive Cyber Defense, 2021. PROFILE/EDUCATION/SKILLS AND
COMPETENCIES * University Level: Last year of MSc in Computer Science
or beyond * Good knowledge of Machine Learning techniques (in
particular, Reinforcement Learning) * Good knowledge of Python *
Familiarity with OpenAI gym is a plus * Familiarity with web
application and/or cloud security is a plus * Previous projects that
rely on simulation and abstraction are a plus * Familiarity with
academic research is a plus * Fluency in English (working language) *
Abilities in organizing meetings and contacting people * Good oral and
written communication skills * Capacity to write documents in English,
ability to synthesize PROFESSIONAL EXPERIENCE * None required We are
SAP SAP innovations help more than 400,000 customers worldwide work
together more efficiently and use business insight more effectively.
Originally known for leadership in enterprise resource planning (ERP)
software, SAP has evolved to become a market leader in end-to-end
business application software and related services for database,
analytics, intelligent technologies, and experience management. As a
cloud company with 200 million users and more than 100,000 employees
worldwide, we are purpose-driven and future-focused, with a highly
collaborative team ethic and commitment to personal development.
Whether connecting global industries, people, or platforms, we help
ensure every challenge gets the solution it deserves. At SAP, we build
breakthroughs, together. Our inclusion promise SAP’s culture of
inclusion, focus on health and well-being, and flexible working models
help ensure that everyone – regardless of background – feels
included and can run at their best. At SAP, we believe we are made
stronger by the unique capabilities and qualities that each person
brings to our company, and we invest in our employees to inspire
confidence and help everyone realize their full potential. We
ultimately believe in unleashing all talent and creating a better and
more equitable world. SAP is proud to be an equal opportunity
workplace and is an affirmative action employer. We are committed to
the values of Equal Employment Opportunity and provide accessibility
accommodations to applicants with physical and/or mental disabilities.
If you are interested in applying for employment with SAP and are in
need of accommodation or special assistance to navigate our website or
to complete your application, please send an e-mail with your request
to Recruiting Operations Team: Americas: Careers.NorthAmerica@sap.com
or Careers.LatinAmerica@sap.com, APJ: Careers.APJ@sap.com, EMEA:
Careers@sap.com. EOE AA M/F/Vet/Disability: Qualified applicants will
receive consideration for employment without regard to their age,
race, religion, national origin, ethnicity, age, gender (including
pregnancy, childbirth, et al), sexual orientation, gender identity or
expression, protected veteran status, or disability. Successful
candidates might be required to undergo a background verification with
an external vendor. Requisition ID:320265 | Work Area: Software-Design
and Development | Expected Travel: 0 - 10% | Career Status: Student |
Employment Type: Intern |