Studying the security and privacy of Identity management systems – Opportunities at University of Aberdeen – Aberdeen, Scotland

Application deadline date has been passed for this Job.
  • Post Date: October 12, 2021
  • Applications 0
  • Views 355
Job Overview

Studying the security and privacy of Identity management systems

What is access control? A key component of data security | CSO Online


Identity management systems (such as OAuth 2.0 and OpenID Connect) have been widely adopted by a range of Relying Parties and Identity Providers, there are already more than a billion OpenID Connect and OAuth 2.0-based user accounts, provided by a range of providers including Microsoft, PayPal, Facebook, Google. Given the large scale use of these identity management systems, it is vitally important to understand how secure deployments of these systems really are.

The students will work on identifying the security and privacy of these identity management systems, and designing secure and privacy-preserving identity management systems.

Candidates should have (or expect to achieve) a UK honours degree at 2.1 or above (or equivalent) in Computer Science, Cyber Security, Mathematics or related fields. A relevant Master’s degree and/or experience in one of the above will be an advantage.

We are looking for a PhD student, who has a strong interest in cyber security. Ideally, the successful applicant should have a strong background in cybersecurity, and should have good understanding of Python and JavaScript programming. The successful candidate is also expected to be an enthusiastic team player who can work both independently and communicate effectively with others.


Formal applications can be completed online:

• Apply for Degree of Doctor of Philosophy in Computing Science

• State name of the lead supervisor as the Name of Proposed Supervisor

• State ‘Self-funded’ as Intended Source of Funding

• State the exact project title on the application form

When applying please ensure all required documents are attached:

• All degree certificates and transcripts (Undergraduate AND Postgraduate MSc-officially translated into English where necessary)

• Detailed CV, Personal Statement and Intended source of funding

Informal inquiries can be made to Dr W Li (), with a copy of your curriculum vitae and cover letter. All general enquiries should be directed to the Postgraduate Research School ()

Funding Notes

This project is advertised in relation to the research areas of the discipline of Computing Science.
The successful applicant will be expected to provide the funding for Tuition fees, living expenses and maintenance. Details of the cost of study can be found by visiting


[1]. Wanpeng Li, Chris J. Mitchell: User Access Privacy in OAuth 2.0 and OpenID Connect, in: Proceedings of 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), IEEE Press (2020), pp.664-672.
[2]. Wanpeng Li, Chris J. Mitchell, Thomas Chen: OAuthGuard: Protecting User Security and Privacy with OAuth 2.0 and OpenID Connect. In: 5th ACM Workshop on Security Standardisation Research Workshop, SSR 2019, London, United Kingdom. November 11, 2019, 35-44.
[3]. Wanpeng Li, Chris J. Mitchell. Analysing the security of Google’s implementation of OpenID Connect. in: J. Caballero, U. Zurutuza and R. J. Rodriguez (eds.), Detection of Intrusions and Malware, and Vulnerability Assessment, 13th International Conference, DIMVA 2016, San Sebastian, Spain, July 7-8, 2016, Proceedings, Springer-Verlag LNCS 9721, Berlin (2016), pp.357-376.
[4]. Wanpeng Li, Chris J. Mitchell: Security Issues in OAuth 2.0 SSO Implementations. in: S. S. M. Chow, J. Camenisch, L. C. K. Hui and S.-M. Yiu (eds.), Information Security – 17th International Conference, ISC 2014, Hong Kong, China, October 12-14, 2014. Proceedings, Springer-Verlag LNCS 8783, Berlin (2014), pp.529-541.

Job Detail
  • Offered SalaryNot Specified
  • Career LevelNot Specified
  • ExperienceNot Specified
  • GenderBoth
  • INDUSTRYComputer and technology
  • QualificationBachelor's Degree
Shortlist Never pay anyone for job application test or interview.