← Retour aux offres

Mapping binary software artifacts onto the originating source code commit

Postée le 08 nov.

Lieu : MOUGINS · Contrat : Stage · Rémunération : depending on the length of the internship and your diploma. €

Société : SAP Labs France SAS

Founded in 1972, SAP has grown to become the world's leading provider of business software solutions. SAP is market leader in enterprise application software. The company is also the fastest-growing major database company. Globally, more than 77% of all business transactions worldwide touch an SAP software system. With more than 347.000 customers in more than 180 countries, SAP includes subsidiaries in all major countries. SAP is the world's largest inter-enterprise software company and the world's third-largest independent software supplier, overall. SAP solutions help enterprises of all sizes around the world to improve customer relationships, enhance partner collaboration and create efficiencies across their supply chains and business operations. SAP employs more than 98.600 people.
Security Research at SAP Labs France, Sophia Antipolis
Based at SAP Labs France Mougins, Security Research Sophia-Antipolis addresses the upcoming security needs, focusing on increased automation of the security life cycle and on providing innovative solutions for the security challenges in networked businesses, including cloud, services and mobile.

Description du poste

SAP business applications depend on open-source software (OSS) components, and it is paramount to ensure that such components are secure and do not contain vulnerabilities. Careful analysis is necessary to protect both SAP customers and SAP itself from any harm that can result from the use of insecure and vulnerable OSS.
One element supporting this goal is to use software tools to automate the analysis of OSS usage. SAP Security Research has developed a tool (https://github.com/SAP/vulnerability-assessment-tool) that scans Java and Python applications, identifies insecure OSS components, assesses the security risk in application-specific contexts, and proposes mitigation actions. This tool is regularly used by hundreds of development teams across SAP, and represents one important building block of SAP’s overall strategy regarding the secure use of OSS.

An important problem that we face when operating this tool is to determine the origin and content of an artifact, found among the dependencies of an application. While most vulnerability analysis methods work at the source-code level, at build time, the dependencies are available in binary format; hence the need to determine from which particular source code commit a binary artifact was built from.

This internship aims at developing a method to analyze and characterize binary artifacts (e.g., JAR packages) in order to determine the source code commit from which they were obtained. In practice, artifacts can be assembled out of code from different repositories; conversely, multiple artifacts could be obtained by the same commit (e.g., because each artifact includes only certain parts of the project, or because different build processes (compilers, compiler flags) where used to produce the artifact. Decompilation is not always possible or effective.

To address this problem, the student will devise a technique to characterize and uniquely identify binary artifacts, with a focus on the trade-off between efficiency and accuracy. As part of the internship, the student will implement and validate a tool to automatically map binary artifacts onto the commit(s) from which they were obtained.

We expect that 40% of time will be dedicated to research activities, and 60% to development.

Profil recherché

• University Level: Last year of MSc (or less if the student has a good profile)
• Solid foundations in CS and a passion for well-designed, cleanly implemented software
• Good knowledge of one or more of the following languages: Java, Python
• Experience with GIT
• Good command of the Linux shell and bash scripting
• Knowledge in (or interest in learning) machine learning basics is desirable
• Interest in experimental research
• Fluency in English (working language)
• Good oral and written communication skills

Voir le fichier joint

Pour postuler :

Please candidate by clicking on this link:

UPLOAD (all documents must be in English):
• Your CV
• Cover letter
• Any relevant documents