Career

Join us on our mission to take the way we use the cloud to the next level. We work in a hybrid work model as an agile & flat organisation

R&D Engineer

Sweden • R&D

We are always looking for autonomous Software Engineers with experience in Cybersecurity, C language, Scripting, LinuxOS, REST + JSON, and Agile methodologies.

Superhero

Sweden • R&D

Can’t find the position you are looking for?

Send us your CV/LinkedIn profile with a brief description of the area or role you were looking for.

MSc. Thesis Works

Sweden • R&D

Are you about to end your Master studies and looking for your first work experience?

CB002 - Provable destruction of confidential computing enclaves

Background

Recent advancements in platform security, standardization and software development enable radical improvements in the security and privacy of cloud data and workloads. This allows to create isolated, verifiable and user-controlled confidential computing environments that radically alter the trust relationship between customer businesses and cloud service providers. Platform vendor technologies such as Intel TDX, and AMD SEV and IBM PEF allow launching virtual machines with encrypted memory that can be remotely attested by users. This enables more businesses to migrate their data, processing, or the entire software stack to cloud premises, while significantly reducing related risks and simplifying compliance. Combined with other Privacy Enhancing Technologies, confidential computing enables new business models for data and workload collaboration. However, existing gaps in the protocol stack and tooling slow down the wider adoption of confidential computing in cloud settings.

 

Objectives

We use the latest hardware support for security features in commodity platforms (AMD SEV/Intel TDX/IBM PEF) to enable confidential data analytics collaboration while providing strong security and privacy guarantees about client data and workloads throughout the entire lifecycle. An important outstanding challenge is the provable destruction of the confidential computing environments once the workload has been executed. The thesis includes the following objectives:

  • Review existing approaches to confidential enclave deployment and destruction;
  • Identify gaps, vulnerabilities and potential attacks resulting from missing or incomplete enclave destruction mechanisms.
  • Where necessary, design a mechanism for provable / verifiable enclave destruction;
  • Provide a prototype implementation and a written report on the findings.

 

Implementation on x86 platforms, with a potential to also examine POWER9 and POWER10 server platforms. A successful project could lead to a valuable open-source contribution and an academic publication presented at a prestigious conference or workshop.

 

Terms

  • Supervisor: Nicolae Paladi, PhD (nicolae@canarybit.eu)
  • Scope: 30 points
  • Start: As soon as possible, not later than December 1st, 2021.
  • Compensation: 10 000 SEK upon a successful completion of the thesis.

 

Candidate profile:

We expect you to have good programming skills in: C, Python and Rust + UNIX skills. Furthermore, you have an interest in operating systems, virtualization, cloud computing, systems security and cryptography. Solid oral and written English skills are required.

 

Send in your application as soon as possible, by November15th, 2021 at the latest. Applications will be reviewed on a rolling basis. Applications should include:

  • Your CV with your education, professional experience and specific skills 
  • A written report you authored or co-authored for a university level course.
  • Samples of previous programming or other relevant projects.
  • Recent grades (academic transcript).
CB003 - Microarchitectural Side-Channel Attacks on Confidential Computing

Background

Recent advancements in platform security, standardization and software development enable radical improvements in the security and privacy of cloud data and workloads. This allows to create isolated, verifiable and user-controlled confidential computing environments that radically alter the trust relationship between customer businesses and cloud service providers. Platform vendor technologies such as Intel TDX, and AMD SEV and IBM PEF allow launching virtual machines with encrypted memory that can be remotely attested by users. This enables more businesses to migrate their data, processing, or the entire software stack to cloud premises, while significantly reducing related risks and simplifying compliance. Combined with other Privacy Enhancing Technologies, confidential computing enables new business models for data and workload collaboration. However, existing gaps in the protocol stack and tooling and firmware security slow down the wider adoption of confidential computing in cloud settings.

 

Objectives

We are working on discovering, preventing and minimizing the harmful impact of microarchitectural side-channel attacks on confidential computing workloads deployed in CanaryBit’s ConfidentialCloud service. The service uses latest hardware support for security features in commodity platforms (AMD SEV/Intel TDX/IBM PEF) to enable confidential data analytics collaboration, while providing exceptionally strong, verifiable security and privacy guarantees about client data and workloads.

 

  • Review the state of the art in microarchitectural side channel attacks affecting confidential computing environments;
  • Review the existing software mitigations for the most relevant attacks;
  • Implement the relevant mitigations on a selected ML runtime;
  • Provide a written report on the findings.

 

Implementation on x86 platforms, with a potential to also examine POWER9 and POWER10 server platforms. A successful project could lead to a valuable open-source contribution and an academic publication presented at a prestigious conference or workshop.

 

Terms

  • Supervisor: Nicolae Paladi, PhD (nicolae@canarybit.eu)
  • Scope: 30 points
  • Start: As soon as possible, not later than December 1st, 2021.
  • Compensation: 10 000 SEK upon a successful completion of a high-quality thesis.

Candidate profile:

We expect you to have good programming skills in: C, Python and Rust + UNIX skills. Furthermore, you have an interest in operating systems, virtualization, cloud computing, systems security and cryptography. Solid oral and written English skills are required.

 

Send in your application as soon as possible, by November15th, 2021 at the latest. Applications will be reviewed on a rolling basis. Applications should include:

  • Your CV with your education, professional experience and specific skills 
  • A written report you authored or co-authored for a university level course.
  • Samples of previous programming or other relevant projects.
  • Recent grades (academic transcript).
CB004 - Highly Scalable Confidential Computing

Background

Recent advancements in platform security, standardization and software development enable radical improvements in the security and privacy of cloud data and workloads. This allows to create isolated, verifiable and user-controlled confidential computing environments that radically alter the trust relationship between customer businesses and cloud service providers. Platform vendor technologies such as Intel TDX, and AMD SEV and IBM PEF allow launching virtual machines with encrypted memory that can be remotely attested by users. This enables more businesses to migrate their data, processing, or the entire software stack to cloud premises, while significantly reducing related risks and simplifying compliance. Combined with other Privacy Enhancing Technologies, confidential computing enables new business models for data and workload collaboration. However, existing gaps in the protocol stack and tooling slow down the wider adoption of confidential computing in cloud settings.

 

Objectives

We are working on enabling scalable computation in confidential computing environments operated in public clouds. We use the latest hardware support for security features in commodity platforms (AMD SEV/Intel TDX/IBM PEF) to enable highly scalable confidential data analytics collaboration while also obtaining exceptionally strong, verifiable security and privacy guarantees regarding the client data and workloads.

 

The thesis includes the following objectives:

  • Review the state of the art in high-performance confidential computing;
  • Design a protocol for scalable, high-performance workload partitioning and deployment and operation in confidential computing enclaves;
  • Validate the performance of the proposed protocol using a known benchmark;
  • Provide a written report on the findings.

Implementation on x86 platforms, with a potential to also examine POWER9 and POWER10 server platforms. A successful project could lead to a valuable open-source contribution and an academic publication presented at a prestigious conference or workshop.

 

Terms

  • Supervisor: Nicolae Paladi, PhD (nicolae@canarybit.eu)
  • Scope: 30 points
  • Start: As soon as possible, not later than December 1st, 2021.
  • Compensation: 10 000 SEK upon a successful completion of the thesis.

Candidate profile:

We expect you to have good programming skills in: C, Python and Rust + UNIX skills. Furthermore, you have an interest in operating systems, virtualization, cloud computing and systems performance. Solid oral and written English skills are required.

 

Send in your application as soon as possible, by November15th, 2021 at the latest. Applications will be reviewed on a rolling basis. Applications should include:

  • Your CV with your education, professional experience and specific skills 
  • A written report you authored or co-authored for a university level course.
  • Samples of previous programming or other relevant projects.
  • Recent grades (academic transcript).
CB005 - Resource monitoring for confidential enclaves

Background

Recent advancements in platform security, standardization and software development enable radical improvements in the security and privacy of cloud data and workloads. This allows to create isolated, verifiable and user-controlled confidential computing environments that radically alter the trust relationship between customer businesses and cloud service providers. Platform vendor technologies such as Intel TDX, and AMD SEV and IBM PEF allow launching virtual machines with encrypted memory that can be remotely attested by users. This enables more businesses to migrate their data, processing, or the entire software stack to cloud premises, while significantly reducing related risks and simplifying compliance. Combined with other Privacy Enhancing Technologies, confidential computing enables new business models for data and workload collaboration. However, existing gaps in the protocol stack and tooling slow down the wider adoption of confidential computing in cloud settings.

 

Objectives

We are working on enabling confidential with strong security and maximum performance and throughput. We make use of the latest hardware support for security features in commodity platforms (AMD SEV/Intel TDX/IBM PEF) to enable end-users to run and thoroughly monitor confidential cloud workloads to fine-tune resource usage, while obtaining exceptionally strong, verifiable security and privacy guarantees about their data and workloads.

 

  • Review the state of the art in confidential computing enclave / workload monitoring;
  • Design a tool for fine-grained system monitoring of confidential computing enclaves;
  • Implement the tool and validate its performance using accepted benchmarks;
  • Provide a written report on the findings.

 

Implementation on x86 platforms, with a potential to also examine POWER9 and POWER10 server platforms. A successful project could lead to a valuable open-source contribution and an academic publication presented at a prestigious conference or workshop.

 

Terms

  • Supervisor: Nicolae Paladi, PhD (nicolae@canarybit.eu)
  • Scope: 30 points
  • Start: As soon as possible, not later than December 1st, 2021.
  • Compensation: 10 000 SEK upon a successful completion of a high-quality thesis.

Candidate profile:

We expect you to have good programming skills in: C, Python and Rust + UNIX skills. Furthermore, you have an interest in operating systems, virtualization, cloud computing, systems security and cryptography. Solid oral and written English skills are required.

 

Send in your application as soon as possible, by November15th, 2021 at the latest. Applications will be reviewed on a rolling basis. Applications should include:

  • Your CV with your education, professional experience and specific skills 
  • A written report you authored or co-authored for a university level course.
  • Samples of previous programming or other relevant projects.
  • Recent grades (academic transcript).
CB006 - Workload attestation for confidential computing

Background

Recent advancements in platform security, standardization and software development enable radical improvements in the security and privacy of cloud data and workloads. This allows to create isolated, verifiable and user-controlled confidential computing environments that radically alter the trust relationship between customer businesses and cloud service providers. Platform vendor technologies such as Intel TDX, and AMD SEV and IBM PEF allow launching virtual machines with encrypted memory that can be remotely attested by users. This enables more businesses to migrate their data, processing, or the entire software stack to cloud premises, while significantly reducing related risks and simplifying compliance. Combined with other Privacy Enhancing Technologies, confidential computing enables new business models for data and workload collaboration. However, existing gaps in the protocol stack and tooling slow down the wider adoption of confidential computing in cloud settings.

 

Objectives 

CanaryBit’s technology protects the security and privacy of data stored and processed in public clouds. We leverage the latest hardware support for security features in commodity platforms (AMD SEV/Intel TDX/IBM PEF) to enable confidential data analytics collaboration, while providing strong security and privacy guarantees about the data and workloads being deployed.

 

The thesis includes the following objectives:

  • Review existing approaches to remote attestation for confidential computing VMs;
  • Implement support for virtual machine remote attestation on Linux;
  • Design a protocol for scalable cluster attestation of confidential computing workloads;
  • Provide a prototype implementation and a written report on the findings.

 

Implementation on x86 platforms, with a potential to also examine POWER9 and POWER10 server platforms. A successful project could lead to a valuable open-source contribution and an academic publication presented at a prestigious conference or workshop.

 

Terms

  • Supervisor: Nicolae Paladi, PhD (nicolae@canarybit.eu)
  • Scope: 30 points
  • Start: As soon as possible, not later than December 1st, 2021.
  • Compensation: 10 000 SEK upon a successful completion of the thesis.

 

Candidate profile:

We expect you to have good programming skills in: C, Python and Rust + UNIX skills. Furthermore, you have an interest in operating systems, virtualization, cloud computing and distributed systems security. Solid oral and written English skills are required.


Send in your application as soon as possible, by November15th, 2021 at the latest. Applications will be reviewed on a rolling basis. Applications should include:

  • Your CV with your education, professional experience and specific skills 
  • A written report you authored or co-authored for a university level course.
  • Samples of previous programming or other relevant projects.
  • Recent grades (academic transcript).