PhD Secure and High-Performance Dynamic Program Analysis for WebAssembly

Are you interested in building the next-generation of secure and high-performance software systems based on WebAssembly? Are you passionate about software performance and want to work on cutting-edge JIT compilation techniques? Are you excited about software security and runtime mitigation techniques? Do you like to build real software systems? Do you want to work with ambitious colleagues at the intersection of WebAssembly runtimes and software security in the exciting city of Amsterdam? Then we are eager to get to know you. Please apply for a Ph.D. position at Vrije Universiteit Amsterdam.

WebAssembly (Wasm) is reshaping web and cloud applications by enabling near-native performance and sandboxed execution. WebAssembly offers a promising platform for executing code safely in untrusted environments, but achieving both high performance and strong security in Wasm continues to be a challenging endeavor. This Ph.D. project will investigate dynamic program analysis techniques to analyze, optimize, and secure WebAssembly runtimes, focusing on runtime profiling, dynamic instrumentation, and security vulnerability detection.

Research Focus:
The successful candidate will conduct research at the intersection of performance optimization, security, and dynamic program analysis within WebAssembly runtimes. Key aspects of the research include:

• Dynamic Program Analysis for Performance: The project will investigate how dynamic program analysis techniques, such as profiling, tracing, and runtime instrumentation, can be used to monitor the behavior of WebAssembly code as it executes. This includes the development of tools to gather runtime performance data, such as memory usage, execution time, and instruction throughput, and the use of such data to identify performance bottlenecks. By integrating dynamic analysis with existing Wasm runtimes, the candidate will work on innovative optimization strategies to enhance the performance of WebAssembly execution engines such as V8 or Wasmer. Areas of interest will include JIT compilation, Ahead-of-time (AOT) compilation, and memory management.
• Dynamic Instrumentation for Security: Dynamic program analysis can also be applied to improve the security of Wasm runtimes. This includes using dynamic instrumentation to detect vulnerabilities, such as buffer overflows, memory leaks, or unintended data flows during runtime (taint tracking). The Ph.D. candidate will explore how to dynamically instrument Wasm code to track sensitive data, enforce security policies, and identify potential attack vectors, such as side-channel attacks or sandbox escapes, as they arise during execution. Developing dynamic monitoring tools that can continuously assess and enforce security properties at runtime will be a key component of the project. Areas of interest will include the analysis of large-scale real-world WebAssembly applications in domains such as edge devices, cloud environments, and internet-of-things applications to identify and prevent software vulnerabilities under different workloads and security constraints.

Requirements:

We are looking for a highly motivated and independent candidate with the following qualifications:

• A Master’s degree (or equivalent) in Computer Science or related areas, with excellent grades.
• Strong background in systems programming and performance optimizations.
• Proficiency in programming languages such as C/C++, Rust, and/or Java.
• Strong background in computer security. Knowledge of vulnerabilities and security flaws would be a plus.
• Ideally, previous experience with compiler technologies (e.g., LLVM, CraneLift, or JIT compilation in language VMs such as the JVM or JavaScript engines).
• Familiarity with WebAssembly and Wasm runtimes (e.g., Wasmer, Wasmtime, V8, etc.) is desirable, but not essential.
• Experience in analyzing and optimizing runtime performance or detecting security vulnerabilities in code is a plus.
• A passion for tackling fundamental challenges in computer security and performance engineering.
• Strong analytical and problem-solving skills, as well as the ability to work both independently and as part of a collaborative research team.
• Good communication skills, with a strong command of English (both written and spoken).

The Ph.D. will be jointly supervised by Assistant Professors Dr. Daniele Bonetta (Language Runtimes) and Dr. Mengyuan Zhang (Software Security). The project will be carried out in collaboration with experts from academia and industry in domains such as language runtimes, dynamic program analysis, and software security.

As a university, we strive for equal opportunities for all, recognising that diversity takes many forms. We believe that diversity in all its complexity is invaluable for the quality of our teaching, research and service. We are always looking for talent with diverse backgrounds and experiences. This also means that we are committed to creating an inclusive community so that we can use diversity as an asset.

We realise that each individual brings a unique set of skills, expertise and mindset. Therefore we are happy to invite anyone who recognises themselves in the profile to apply, even if you do not meet all the requirements.

Salary Benefits:

A challenging position in a socially engaged organisation. At VU Amsterdam, you contribute to education, research and service for a better world. And that is valuable. So in return for your efforts, we offer you:

• a salary of minimum € 2.872,00 (PhD) and maximum € 3.670,00 (PhD) gross per month, on a full-time basis. This is based on UFO profile PhD candidate. The exact salary depends on your education and experience.
• a position for at least 0.8 FTE. Your employment contract will initially last 18 months. After a satisfactory evaluation of the initial appointment, the contract will be extended to a total duration of 4 years.

We also offer you attractive fringe benefits and regulations. Some examples:

• A full-time 38-hour working week comes with a holiday leave entitlement of 232 hours per year. If you choose to work 40 hours, you have 96 extra holiday leave hours on an annual basis. For part-timers, this is calculated pro rata.
• 8% holiday allowance and 8.3% end-of-year bonus
• solid pension scheme (ABP)
• contribution to commuting expenses
• optional model for designing a personalized benefits package

De Boelelaan 1111