Overview - MSc Student Internship Position - Assisted Information Leak Incident Handling System
Computer Security Incident Response Teams (CSIRTs) are regularly confronted with information leaks which often include personal identifiable information (PII). CSIRTs usually inform the victims about the breach of their information such that they can take appropriate measures to recover from these leaks and to protect themselves against successive collateral damage originated by those. The process of contacting the victims is challenging. The victims are usually informed through trusted partners (such as their ISP) about the leaked information. The notification process is usually expensive and should not be abused. Unfortunately, the number of incidents regarding PII leaks are steadily increasing and PII leaks are frequently shared or traded. Hence, a common phenomenon is that leaked information emerges multiple times under various formats and by mechanically applying the process of notifying the trusted partners, in charge of informing the victims, is impractical and the respective teams are easily overwhelmed by redundant information.
The aim of this project is to develop a solution helping CSIRT operators to handle information leak incidents. Therefore, this project is an experimental software development project. The road map of the project is shown below. Regarding the internship the milestones 1 to 3 should be achieved.
- The candidate gets a CIRCL internal training related to the used technology in the internship and the internal development rules. The training is based on Linux operating systems, python development, the usage of GIT versioning system and the usage of Redis. The candidate is invited to respect the acquired development rules.
- The candidate gets a significant dataset of public unstructured leaked information. The unstructured information is text based.
- The candidate has to develop algorithms to detect PII in the unstructured information based on templates provided by CIRCL. The algorithms are developed together with CIRCL. The candidate should evaluate the developed algorithms on the dataset. The evaluation consists in an examination of the false positives.
- The candidate should design a data structure to handle the storage and
lookups of the extracted PII.
The following queries should be done.
- Standard set operations (set membership, set union, set intersection, set disjunction, cardinality) of PII.
- Function that returns the set of set of identifiers of unstructured information regarding a set of PIIs.
- The candidate should implement and test the designed data structure
- The candidate should implement a REST API to query the data structure
Qualification
- Must be a EU citizen with a valid work permit in Luxembourg
- Must be eligible for an MSc student internship in the field of information security and/or computer science
- Must have a high-level of ethic due to the nature of the work
- Must be fluent in English, Unix, Python and git
How To Apply
The application package must include the following:
- A resume in ASCII text format
- A motivation letter why you are interested in the internship
The package is to be sent to info(@)circl.lu indicating reference internship-datamining-01.
Application Deadline
Deadline for the application is the 15th March 2014. Applications received after the deadline will not be considered.
Classification of this document
TLP:WHITE information may be distributed without restriction, subject to copyright controls.