Positions: 6

Research Grant (BI)

  • BI|2026/880 Projet SALVE – refª 2024.14936.PEX

    Type of position: Research Grant (BI)
    Duration: 5 months
    Deadline to apply: 4216-05-30
    Description

    ONE (1) research grant for students with BSc degree with reference number BI|2026/880 under the scope of the Projet SALVE: Securing Artificial Language Models Against Vulnerability Encoding (2024.14936.PEX),  funded by Fundação para a Ciência e a Tecnologia, is available under the following conditions:

    OBJECTIVES | FUNCTIONS 

    This task evaluates the impact of controlled code perturbations on the classification stability and robustness of Large Language Models (LLMs) in distinguishing secure from insecure JavaScript code. The student will design and implement a systematic evaluation pipeline to assess model behavior under perturbation-induced variations. The work plan includes:

    Evaluation Pipeline Development (Month 1) Implement a scalable evaluation framework using local LLM infrastructure (e.g., Ollama, LMStudio). Integrate multiple LLMs for comparative evaluation. Automate classification experiments across original and perturbed datasets. Classification Shift Analysis (Month 2) Measure classification changes between original and perturbed code variants. Identify perturbations that cause label flips (secure ↔ insecure).

    Quantify: Misclassification rate, Stability rate, False positive rate, False negative rate

     

    Robustness Assessment (Month 3-4) Define robustness metrics for security classification consistency. Evaluate resilience to obfuscation, control-flow changes, and API variations.

    Compare robustness performance across different models.

     

    Misclassification Characterization (Month 4-5) Construct an augmented misclassification dataset containing: original and perturbed variants, model predictions, correct labels, perturbation type

    Analyze patterns in failure cases.

     

    Exploratory Explainability Analysis (Optional) Investigate whether explainability tools can help identify model reliance on superficial features. Analyze whether models rely on syntax-level heuristics versus security-relevant semantics.

    All experimental artifacts, code, and results will be released in an open-source repository. The selected candidate will be integrated into a research team with established expertise in software security, program analysis, and AI-driven code intelligence, with a track record of collaboration with leading technology companies and publications in top-tier international conferences and journals.


    Contact email: bolsas@inesc-id.pt

  • BI|2026/882 Projet SALVE – refª 2024.14936.PEX

    Type of position: Research Grant (BI)
    Duration: 6 months
    Deadline to apply: 2026-12-31
    Description

    ONE (1) research grant for students with BSc degree with reference number BI|2026/882 under the scope of the Projet SALVE: Securing Artificial Language Models Against Vulnerability Encoding (2024.14936.PEX),  funded by Fundação para a Ciência e a Tecnologia, is available under the following conditions:

    OBJECTIVES | FUNCTIONS 

    This task aims to develop an automated and scalable framework for the continuous improvement of security-aware Large Language Models (LLMs), integrating dataset expansion, evaluation, incremental fine-tuning, and security-aware code generation validation. The student will build an integrated pipeline that reuses artifacts developed in previous tasks and ensures systematic model improvement over time. The work plan includes:

    Automated Dataset Expansion (Month 1) Implement mechanisms to collect and track secure and insecure JavaScript code from open-source repositories. Identify and label security-related commits using diff-based analysis. Integrate synthetic data generation (e.g., AST-based vulnerability injection) to increase dataset diversity. Continuous Model Evaluation (Month 2) Implement automated evaluation of security classification performance on expanded datasets. Measure classification accuracy, precision, recall, and robustness over time. Track performance differentials across evaluation cycles. Incremental Fine-Tuning and Feedback Integration (Month 3) Implement periodic fine-tuning of selected models using curated secure–insecure code pairs. Integrate adaptive feedback mechanisms based on misclassification analysis. Ensure reproducibility and version control of model updates. Security-Aware Code Generation Testing (Month 4) Integrate static analysis tools (e.g., Semgrep, CodeQL) to assess generated code. Measure vulnerability density (e.g., vulnerabilities per 100 lines of code). Compare improvements across pipeline iterations. Validation and Framework Assessment (Month 5-6) Conduct two full validation cycles in the final four months. Measure improvements in: Security classification accuracy Robustness to adversarial modifications Reduction of AI-generated vulnerabilities

    All artifacts will be released as open-source and documented for reproducibility. The selected candidate will be integrated into a research team with established expertise in software security, program analysis, and AI-driven code intelligence, with a track record of collaboration with leading technology companies and publications in top-tier international conferences and journals.


    Contact email: bolsas@inesc-id.pt

  • BI|2026/881 Projet SALVE – refª 2024.14936.PEX

    Type of position: Research Grant (BI)
    Duration: 6 months
    Deadline to apply: 2026-09-30
    Description

    ONE (1) research grant for students with MSc degree with reference number BI|2026/881 under the scope of the Projet SALVE: Securing Artificial Language Models Against Vulnerability Encoding (2024.14936.PEX),  funded by Fundação para a Ciência e a Tecnologia, is available under the following conditions:

    OBJECTIVES | FUNCTIONS 

    This task aims to enhance the ability of Large Language Models (LLMs) to distinguish secure from insecure JavaScript code using contrastive learning with a tailored security-aware loss function. The student will fine-tune selected models using secure-insecure code pairs derived from Tasks 1 and 2 and evaluate improvements in classification stability and security-aware code generation.

    The work plan includes:

    (Month 1) Implement contrastive learning fine-tuning using a tailored Multiple Negatives Ranking Loss (MNRL) formulation. (Month 2) Design and integrate a security penalty term to balance false positives and false negatives. (Month 3) Analyze embedding-space separation using cosine similarity and alternative visualization techniques. (Month 4) Evaluate improvements in classification metrics (accuracy, precision, recall, F1, FNR, FPR). (Month 4) Compare fine-tuned models against baseline models without contrastive learning. (Month 5) Assess secure-by-default code generation using static analysis tools (e.g., Semgrep, CodeQL), measuring vulnerabilities per 100 lines of generated code. (Month 6) Ensure reproducibility and open-source release of training and evaluation pipelines.

    The selected candidate will be integrated into a research team with established expertise in software security, program analysis, and AI-driven code intelligence, with a track record of collaboration with leading technology companies and publications in top-tier international conferences and journals


    Contact email: bolsas@inesc-id.pt

  • BI|2026/883-Projet HIITS – refª 2024.16976.PEX

    Type of position: Research Grant (BI)
    Duration: 4 months
    Deadline to apply: 2026-04-13
    Description

    ONE (1) research grant for students with BSc degree and enrolled in a Master programme with reference number BI|2026/883 under the scope of the Projet HIITS with the refª  2024.16976.PEX),  funded by Fundação para a Ciência e a Tecnologia, is available under the following conditions:

    OBJECTIVES | FUNCTIONS 

    The main objective of this grant is the initial exploration of haptic feedback devices and the creation of a control API.

    Specific tasks include:

    - Initial exploration of force feedback interaction in immersive environments.

    - Design and implementation of a control API for haptic devices to facilitate further research and development.

    - Integration of vibration and force modulation models into the interactive application.


    Contact email: bolsas@inesc-id.pt

  • BI|2026/879 Projet SALVE – refª 2024.14936.PEX

    Type of position: Research Grant (BI)
    Duration: 6 months
    Deadline to apply: 2026-04-08
    Description

    ONE (1) research grant for students with MSc degree with reference number BI|2026/879 under the scope of the Projet SALVE: Securing Artificial Language Models Against Vulnerability Encoding (2024.14936.PEX),  funded by Fundação para a Ciência e a Tecnologia, is available under the following conditions:

    OBJECTIVES | FUNCTIONS 

    This task establishes the foundational dataset and perturbation framework for the project. The PhD student will refine, formalize, and extend an existing perturbation methodology to construct a principled, security-aware dataset of real-world vulnerable and secure JavaScript code. The work plan includes:

    1. Systematic Mining of Real-World Vulnerabilities (Month 1)

    - Extract vulnerable and patched JavaScript code from open-source repositories and vulnerability databases, leveraging and extending the team’s existing vulnerability-mining tooling to ensure precise commit-level alignment and reproducibility.

    2. Formalization and Extension of Security-Preserving Perturbations (Month 2-3)

    - Collect/define and systematize existing perturbation strategies.

    - Define transformation classes that preserve both semantic behavior and security properties.

    - Design a principled perturbation taxonomy covering:

    Syntax-level variations Control-flow transformations API-level substitutions Obfuscation and encoding strategies

    - Identify and resolve transformation edge cases that may alter security properties.

    3. Design of a Reproducible Perturbation Framework (Month 4-5)

    Implement AST-based source-to-source transformations.

    Ensure extensibility and modularity of the perturbation engine.

    Provide formal documentation of transformation operators and constraints.

    Establish reproducible pipelines for dataset generation.

    4. Quality Assurance and Dataset Standardization (Month 5-6)

    - Validate that perturbed samples preserve original vulnerability status.

    - Remove transformations that inadvertently introduce or remove vulnerabilities.

    - Structure and document the dataset to serve as the canonical foundation for subsequent project tasks.

    This task will result in a rigorously designed and extensible perturbation framework and a high-quality curated dataset forming the basis for later validation and robustness studies. The selected candidate will be integrated into a research team with established expertise in software security, program analysis, and AI-driven code intelligence, with a track record of collaboration with leading technology companies and publications in top-tier international conferences and journals.


    Contact email: bolsas@inesc-id.pt

Contract