Open Positions

Organisation/Institute: Universität Bielefeld (UNIBI) Germany (www.uni-bielefeld.de)

Supervisor: Prof. Barbara Hammer

Contacts: bhammer@techfak.uni-bielefeld.de;

Project Description

Objectives
The increasing availability of smart components in critical infrastructure offers great promises yet add vulnerability to adversarial attacks. Defense mechanisms rely on adversarial training or numeric methods which increase the stability of models to adversarial perturbations. In the absence of domain knowledge, perturbations are modelled as small but otherwise arbitrary changes. This does not coincide with human perception, nor does it capture vulnerabilities which occur in practice as initially small changes can accumulate via catastrophic resonance. Realistic attacks which model the knowledge of an attacker constitute one promising approach to challenge network intrusion detection. Yet this method does not target interactions caused by physical constraints such as formalized by system invariances. There is a need to better understand adversarial settings given physical constraints, how these can impact smart components in critical infrastructure, and how such vulnerabilities can be avoided.

This DC will transfer concepts of physics-informed learning, to achieve realistic adversarial examples to challenge and improve AI models as regards their robustness to adversarial scenarios. Major challenges are how to model realistic attacks given physical constraints and behavioral observations and how to solve the resulting optimization problems efficiently. We will harvest on recent work which uses generative models to provide additional training data in spatial or temporal learning scenarios and condition training on given physical constraints. Moreover, we will make use of approximations and mixed optimization technologies to target the resulting optimization problems. This way, this individual research project will develop novel efficient technologies for physics-informed generation of adversarial patterns and robust training in spatio-temporal scenarios.

Expected Results
(1) A comprehensive theoretical framework how to model physics-informed adversarial attacks.
(2) Design of generative models which can be conditioned on physical constraints and which allow adversarial sampling.
(3) Realization of the algorithms as open-source toolkit.
(4) Transfer of the technologies to the domains of water distribution systems and transportation.

Planned Secondments

TUG (AT), Dr. B. Könighofer, M12-M15, 4M, investigate coverage of physically plausible adversarial scenarios by formal bounds;
UCY (CY), Dr. D. Eliade, M27-M30, 4M, transfer of technologies to pump control in water distribution systems;
HRI (DE), Dr. M. Olhofer, M32-35, 4M, transfer of technologies to human interaction in transportation

Specific Requirements for the Project

• Excellent programming skills, including Python
• Knowledge of machine learning
• Experience in deep learning
• Advanced skills in mathematical modeling

This fellowship requires admission to the Doctoral studies of Intelligent Systems at the CITEC graduate school at the University of Bielefeld.

Salary

Remuneration is based on pay scale 13 of the collective agreement for the public sector in the federal states (TV-L), which currently amounts to a gross monthly salary (Bruttogehalt) of at least EUR 4629.74 (includes social security contributions and mobility allowance). Additional family allowance is provided if applicable.

Organisation/Institute: Université d'Orléans (UOR), located in Bourges, France (www.univ-orleans.fr)

Supervisors: Prof. Nacim Ramdani and Prof. Martin Fränzle

Contacts: nacim.ramdani@univ-orleans.fr; martin.fraenzle@uni-oldenburg.de;

Project Description

Objectives
The design of distributed critical infrastructures has extensively borrowed from traditional security mechanisms, thus reducing considerably the likelihood of synchronous intrusion at multiple independent points of the network. This fact renders it attractive to devise distributed control schemes that can absorb a small number of distributed synchronous intrusions. Diffusive dynamics-like behavior of the overall network making the functional impact of a small number of intrusions diffuse rapidly over a distributed system without developing significant consequences, provides a general scheme towards designing such self-adaptive networks of CPS with guarantee certificates. Diffusive dynamics notions are well-understood in physical systems subject to conservation laws and have already seen generalisations to settings of distributed control of energy grids by means of gain theorems. Likewise, their exploitation in switched and hybrid systems for Lyapunov-style stability arguments has also been explored. However, the application of such notions to massively distributed switched systems have been less studied and developed, even though they carry prospects for compositional and thus scalable reasoning.

This DC will develop a stability theory based on diffusive dynamics for massively distributed switched systems to make them self-adaptable, extending for a distributed setting the advance that has been achieved in local hybrid-state control. This DC will exploit the new theory to design self-adaptive supply networks, which seem ideal candidates as their physical parts come naturally equipped with conservation laws.

Expected Results
The expected results are:
i) A background analysis of diffusive dynamics principles that have the potential or are already applied in the design of distributed control systems;
ii) A theory supporting resilient CPS inspired by diffusive dynamics;
iii) A report on the proof-of-concept implementation of the proposed theory in supply networks.

Planned Secondments

SONE (EL), Mr. George Fakiridis, M12-M14, 3M, Understand user requirements and the use-case scenarios in energy systems and water distribution networks.
UOL (DE), Prof. M. Fränzle, M15-M23, 9M, Compositional reasoning for stabilization of hybrid systems of conservation laws. Access to SESA power systems testbed.

Specific Requirements for the Project

This position is being located in a ``Zone à Régime Restrictif'' (Restricted Area) in the sense provided by article R 413-5-1 of the French penal code. Appointment can only take place after an access authorisation delivered by the head of the institution, as stated in article 20-4 of decree n°84-431 of 6 June 1984 (National Law, France).

The ideal applicant possesses good background in control theory or related subjects. They have completed or about to complete a Master 2 or Engineering degree in the appropriate field. Candidates without a Master's degree should complete degree before September 2026.

Ideal candidates will have a strong academic record and very good oral and written communication skills in English.

This fellowship requires admission to the PhD program at the Doctoral School Mathematics, Computer Science, Theoretical Physics, and Systems Engineering (MIPTIS) at the University of Orléans.

Salary

39,465€ per year as gross salary (salaire brut) (includes social security contributions and mobility allowance). Additional family allowance is provided if applicable.

Organisation/Institute: Université d'Orléans (UOR), located in Bourges, France (www.univ-orleans.fr)

Supervisor: Prof. Nacim Ramdani

Contacts: nacim.ramdani@univ-orleans.fr

Project Description

Objectives
Secure estimators are algorithms that exploit a redundancy of sensors and actuators in the system to reconstruct the actual system's state despite integrity attacks on sensors or actuators, while knowing only an upper bound on the relative of number of manipulated sensors and actuators, and without knowing their identities. With distributed Critical Infrastructures (CIs), event-triggered frameworks reduce communication overhead without jeopardizing control performance, while mitigating denial-of-service attacks. The state-of-the-art secure estimator use a family of estimators to generate estimates corresponding to different subsets of sensors. Such an approach is NP-hard. Given an upper bound on the number of attacked sensors, and so-called sparse observability condition algorithms have been proposed using satisfiability checkers. To provide precise robust guarantees for state inclusion, which is a crucial feature to ensure safety in CI operation, secure set-based estimators have been introduced. These state-of-the-art approaches have been developed for linear systems in centralized settings; they do not consider the distributed nature of the CIs and the network induced imperfections like variable sampling periods and communication delays. Besides, works considering both integrity attacks on sensors and actuators as well as on the network availability (denial-of-service) are rare. Furthermore, current approaches do not scale with respect to number of sensors and actuators.

This DC will advance state of the art by developing a scalable method that can reconstruct unmeasured state vectors in presence of cyber and physical attacks on sensors, actuators and the network. DC will extend our own set-based observer to event-triggered sampling for distributed switched systems in presence of multi-rate aperiodic sampling, and to partial state reconstruction to ensure scalability.

Expected Results
The expected results are:
i) A comprehensive literature review of state reconstruction algorithms for increasing resilience in CPS;
ii) A set of secure observers (algorithms) that can be applied for increasing resilience of CIs;
iii) An evaluation report on the testing and validation of the proposed observers in simulated and real-world driven scenarios in water-energy systems

Planned Secondments

UOL (DE), Prof. M. Fränzle, M9-M12, 4M, Guidance on literature review of formal methods for secure estimation of large scale networked systems.
SLG (EL), Dr. S. Rizou, M13-M16, 4M, Understand requirements and constraints of resilient monitoring in CI focusing on water-energy systems.
UCY (CY), Dr. D. Eliades, M17-M20, 4M, Development of resilient monitoring solutions for interconnected cyber-physical critical infrastructures, using the KIOS Virtual City (water-energy) as a training testbed.

Specific Requirements for the Project

This position is being located in a ``Zone à Régime Restrictif'' (Restricted Area) in the sense provided by article R 413-5-1 of the French penal code. Appointment can only take place after an access authorisation delivered by the head of the institution, as stated in article 20-4 of decree n°84-431 of 6 June 1984 (National Law, France).

The ideal applicant possesses good background in control theory or related subjects. They have completed or about to complete a Master 2 or Engineering degree in the appropriate field. Candidates without a Master's degree should complete degree before September 2026.

Ideal candidates will have a strong academic record and very good oral and written communication skills in English.

This fellowship requires admission to the PhD program at the Doctoral School Mathematics, Computer Science, Theoretical Physics, and Systems Engineering (MIPTIS) at the University of Orléans.

Salary

39,465€ per year as gross salary (salaire brut) (includes social security contributions and mobility allowance). Additional family allowance is provided if applicable.

Organisation/Institute: University of Oslo (UiO) Norway (www.uio.no)

Supervisor: Prof. Peter Csaba Ölveczky

Contacts: peterol@ifi.uio.no;

Project Description

Objectives
The goal of this project is to formally specify and analyze the correctness and effectiveness of resilience measures for the large cyber-physical systems targeted in the doctoral network, and to make the methods practically applicable to designers of such systems.

Formal modeling and analysis of (resilient) CPSs typically assumes either that the models already include the resilience mechanisms, or describe the resilience mechanisms informally. Therefore, for each single system, one must manually integrate resilience mechanisms into the design, and must, for each system, prove the resilience of the system. Our goal is to develop a library of formally verified resilience mechanisms, which should lead to a new resilience-by-design system design methodology, where we automatically obtain a resilient-by-construction CPS by applying a set of verified and validated resilience measures, formalized as formal design patterns, to enrich a given CPS model with the desired mitigation mechanisms.

Expected Results
This IRP will deliver (i) new verification methods and domain-specific abstraction techniques that make formal analysis feasible for the systems targeted in the project and their resilience measures; (ii) a practical way of analyzing both qualitative and quantitative properties; and (iii) identifying, formalizing, and verify correctness and performance properties of library of formal design patterns for resilience, to enable a formal resilience-by-design system development methodology. Additional goals are to make the developed resilience methods and patterns available to system developers, and to synthesize a (correct-by-construction) distributed system from its formal specification.

Planned Secondments

UOL (DE) Prof. M. Fränzle, M9-M14, 6M, Construction of robust correctness certificates.
SIEMENS (DE), Dr. Markus A. Wischy, M15-M17, 3M, Understand requirements and domain specific constraints of resilient smart transportation.
SIEMENS (DE), Dr. M. A. Wischy, M27-M29, 3M, Evaluation of the analysis approach to smart transportation resilience mechanisms.

Specific Requirements for the Project

• Applicants must hold a Master's degree or equivalent in computer science, with relevant background (M.Sc. thesis work, courses taken, etc.) in formal methods or closely related topics for this project. Candidates without a Master's degree should complete degree by August 15, 2026.
• Foreign completed degree (M.Sc.-level) corresponding to a minimum of four years in the Norwegian educational system.
• A solid background in theoretical computer science is an advantage.
• The average grade point for courses included in the Bachelor's degree must be C or better in the Norwegian educational system
• The average grade point for courses included in the Master's degree must be B or better in the Norwegian educational system
• The Master's thesis must have the grade B or better in the Norwegian educational system
• Very good oral and written communication skills in English.

Salary

Salary in position as a PhD Research fellow, position code 1017 in salary range NOK 550 800 – 595 000 per annum, depending on competences and experience. From the salary 2% is deducted in statutory contributions to the State Pension Fund.

Organisation/Institute: Universität Bielefeld (UNIBI) Germany (www.uni-bielefeld.de)

Supervisor: Prof. Barbara Hammer

Contacts: bhammer@techfak.uni-bielefeld.de;

Project Description

Objectives
Outlier detection methods constitute a prominent approach to address unknown vulnerabilities in critical infrastructure. Yet these methods do not consider the temporal structure of observations in detail, hence they are not suited to spot emerging anomalies and enable proactive strategies of human operators. Recent advances in drift detection offer promises for early warning systems, as demonstrated in several domains of Critical Infrastructures. Yet, these methods do not uncover the possible causes of drift, hence they are not suitable to indicate possible remedies in case emerging anomalies are detected. Here, novel technologies are required which offer explanations of the detected drift, considering possible interactions within distributed networks.

This DC will develop new technologies which can uncover causes of drift and design a remedy for emerging anomalies by means of novel Explainable AI technologies. This individual research project will aim for the development of efficient methods which enable humans to intuitively inspect such causes as a possible indicator for emerging vulnerabilities in spatio-temporal networks. Unlike current methods which mostly deal with vectorial data and single features, we will uncover complex feature interactions as a possible cause for drift. Novel technologies will thereby deal with graph data as is present when monitoring dynamics within critical infrastructure. Such complex explanations will enable the identification and targeting of emerging risks which are caused by dissonance of several network components.

Expected Results
(1) A comprehensive theoretical framework how to detect and explain emerging drift in network data.
(2) Specific algorithm realizations which enable to efficiently compute feature attributions which can account for interactions in networked data.
(3) Realization of the algorithms as open-source toolkit. (4) Transfer of the technologies to the domains of water distribution systems and smart energy management.

Planned Secondments

UOR (FR), Prof. N. Ramdani M12-M15, 4M, devise efficient algorithms to avoid combinatorial explosion when rigorously addressing feature interactions;
UCY (CY), Dr. D. Eliades M26-M39, 4M, transfer of technologies to water quality testbed;
HRI Europe (D), Dr. M. Olhofer M30-M33, 4M, transfer of technologies to smart energy management.

Specific Requirements for the Project

• Excellent programming skills, including Python
• Knowledge of machine learning
• Experience in deep learning
• Advanced skills in mathematical modeling

This fellowship requires admission to the Doctoral studies of Intelligent Systems at the CITEC graduate school at the University of Bielefeld.

Salary

Remuneration is based on pay scale 13 of the collective agreement for the public sector in the federal states (TV-L), which currently amounts to a gross monthly salary (Bruttogehalt) of at least EUR 4629.74 (includes social security contributions and mobility allowance). Additional family allowance is provided if applicable.

Organisation/Institute: Eight Bells Ltd (8BEL) Cyprus (www.8bellsresearch.com)

Supervisor: Dr. Emmanouil Kafetzakis and Dr. Demetris Eliades (UCY)

Contacts: mkafetz@8bellsresearch.com; eliades.demetrios@ucy.ac.cy

Project Description

Objectives
While AI/ML techniques offer promising solutions for identifying anomalies and unknown events and improving situational awareness in critical infrastructures, the opaque decision-making process of these AI/ML models can undermine user trust, especially in safety-critical and economically sensitive infrastructures. This is even more challenging as the AI/ML models used must continuously adapt to evolving conditions of both physical and cyber components. Lifelong Machine Learning (LML) offers a solution by enabling AI models to adapt incrementally to evolving conditions without retraining. Coupled with Explainable AI (XAI) techniques, such as rule-based explanations and counterfactual reasoning, LML can enhance transparency, providing stakeholders with clear insights during events like water contamination or power grid failures. XAI models are generally divided into two approaches: those that explain existing black-box models and those designed to be interpretable by nature. Despite the growing popularity of XAI models, few attempts have been made to integrate them within a continuous, online learning framework, making this an appealing area with several open research questions.

This DC will study integrating XAI into a LML framework for Systems of CPS, focusing on simulated/physical smart water systems and grids. The goal is to develop explainable-by-design models and efficient training methods to ensure trust and energy efficiency. Leveraging edge computing, devices like NVIDIA Jetson will enable real-time, low-latency AI inference and interpretable outputs. Cyber-Physical Knowledge Graphs will integrate metadata and evolving knowledge, while semantic mediation frameworks and logic-based reasoning will automate model explanations. Logic rule-based explanations can track the ML model's decision-making over time, identifying behavioral changes and enabling constraint optimization to ensure predictions align with these rules, even on unlabeled data. Testing in simulated and real-world environments will validate the approach, ensuring interpretability and trustworthiness in dynamic, high-risk scenarios.

Expected Results
1) a Lifelong Learning (LL) framework designed, developed and implemented as a set of tools with accompanying interfaces: The LL framework will include: i) Lifelong Graph learning; ii) Lifelong Active Learning:; iii) Compression-aware multimodal LL; iv) Lifelong rule-based learning. 2) Automatic explanation algorithms for the LL framework: a set of techniques integrated with the LL learning tools developed to provide explanations for the agents’ decisions. 3) a report summarizing the key insights and findings of the validation of the proposed approach in the framework of smart supplies in water and energy verticals.

Planned Secondments

Planned secondment(s):
TUG (AT), Dr. B. Könighofer M9-M14, 6M, guidance on literature review of ML concepts;
SPH (EL) Dr. G. Gardikis, M25-M30, 6M Understand requirements and constraints of ML-based decision-making in CI focusing on water-energy systems.

Specific Requirements for the Project

Given that the position may involve direct or indirect access to security-sensitive corporate assets, the final offer will be conditional upon successful completion of EIGHT BELLS' internal compliance and conflict-of-interest assessment, which may result in withdrawal of the offer.

Salary

41,534 €/year as gross salary (includes social security contributions and mobility allowance). Additional family allowance is provided if applicable.

Organisation/Institute: SingularLogic S.A. (SLG) Greece (portal.singularlogic.eu)

Supervisor: Dr. Stamatia Rizou and Prof. Sebastian Lehnhoff (UOL)

Contacts: srizou@singularlogic.eu; sebastian.lehnhoff@offis.de

Project Description

Objectives
In critical infrastructures, such as energy systems, operating variables are highly correlated due to weather phenomena or shared utilization of infrastructure and equipment. Challenges are the autocorrelation/latency, non-linearity of correlations due to regional/continental migration of weather patterns and non-linear physics of AC power systems. With the high risk from novel disruptive incidents due to faster dynamics from increased digitalization as well as sophisticated cyber-attacks aiming at deceiving automated control systems or expert personnel by mimicking plausible yet misdirected scenarios, systematic correlation analysis may help in identifying unknown incidents and sophisticated large-scale deceiving attacks. Correlation is historically neglected in power systems in favor of convolution-based probabilistic load flow analysis, which is widely employed but assumes correlation-independence explicitly. There has been some discussion recently as to the validity of this assumption in light of the massive increase of renewable energy generation. Incident monitoring and analysis based on correlation data can be performed on fully homomorphically encrypted data and thus contributes the development of privacy preserving monitoring and detection methods based on statistical analysis of categorical, ordinal and numerical data only.

This DC will go beyond state of the art by developing an innovative platform with extensive historical data-sets, and a service layer that allows for (1) pairwise calculation of correlation metrics on plain and encrypted data for a selected set of nodes within a predefined time frame, and (2) generation of a correlation graph/topology where the edges' are labelled with the correlation vector information. The graph serves for systematic analysis and monitoring over time, as well as for subsequent reliability assessment based on joint copulas.

Expected Results
i) A systematic analysis of energy systems and correlation metrics among operating variables;
ii) A data repository containing historical data on energy systems operation;
iii) A correlation graph/topology depicting the pairwise relationships among the energy systems elements.

Planned Secondments

UOL (DE), Prof. S. Lehnhoff, M9-M11, 3M, guidance on literature review on correlation modelling and analysis in energy systems;
ScienceTokyo (JP), Prof. T. Ishizaki, M18-M20, 3M, data-driven techniques for smart energy systems.
UOL (DE), Prof. S. Lehnhoff, M24-M29, 3M, development and test of the correlation modelling and analysis on the energy systems of the SESA lab.
EAC (CY), Dr C. Spanias, M30-M32, 3M, Application to industrial test-beds and data.

Specific Requirements for the Project

The fellowship requires admission to the PhD program of the Graduate School Science, Medicine and Technology OLTECH at the University of Oldenburg, Germany.

Salary

Organisation/Institute: SingularLogic S.A. (SLG) Greece (portal.singularlogic.eu)

Supervisor: Dr. Stamatia Rizou and Prof. Sebastian Lehnhoff (UOL)

Contacts: srizou@singularlogic.eu; sebastian.lehnhoff@offis.de

Project Description

Objectives
State-of-the-art supervisory control and data acquisition (SCADA) systems for power system operation aggregate network telemetry (e.g. complex power and voltage values) and calculate a consistent state estimate to enable real-time network operation by human expert operators. Digitalization and the energy transition not only vastly increase the number of measurements but also heightens the dependency on shared communication infrastructure with utilization-dependent quality of service. Hence, utilization of the communication (sub)systems has to be factored into the power system state assessment to detect novel phenomena and identify resilient stable equilibria states in this highly dynamic interdependent system. Such an expanded assessment of power system states provides a more realistic system view but also more indications on sophisticated stealthy attacks by narrowing the corridor of undetected vulnerabilities. To generate a more holistic assessment of digitalized power systems and to support automated and human decision making and situational awareness and understanding, the applicants have developed a multi-variate state assessment that explores and instantiates the notion of trust in energy systems – exploring a variety of relevant trust-facets: functional correctness, safety, security, reliability, credibility, and usability, which may be used to enhance supervisory power system control. However, recent attacks on CIs have demonstrated that considering only standard security threats (software and network-based) clearly underestimate system entry points and attack surface since adversaries can now take advantage of automated tools to exploit vulnerabilities at the system's hardware level. Recent studies have shown potential of data-driven methods to perform efficient runtime detection for such hardware-related attacks from available measurements data.

This DC will go beyond the state of the art by providing the first multi-facet hardware-aware trust assessment in joint critical infrastructures by combining an enriched system model considering emerging attack scenarios with the integration and correlation of heterogeneous sources of information (hardware, software and network data). This research work will be deployed into a realistic SCADA environment to perform stealthy and hardware-based attacks.

Expected Results
i) A systematic process chain for calculating a holistic state assessment in modern CPS;
ii) A multi-facetted trust state assessment supporting trace-back of anomalies;
iii) A report on the test validation of the proposed approach in smart supply networks.

Planned Secondments

UOL (DE), Prof. S. Lehnhoff, M9-M11, 3M, guidance on literature review of trust state assessment of energy systems;
CNRS (FR), Dr. Vincent Migliore, M12-M14, 3M, guidance on literature review of runtime detection of hardware-related attacks;
UOL (DE), Prof. S. Lehnhoff, M24-M29, 3M, development of trust state assessment, and access to SESA lab.
EAC (CY), Dr C. Spanias, M30-M32, 3M, understand energy vertical requirements and specific constraints, access to industrial test-beds and data.

Specific Requirements for the Project

The fellowship requires admission to the PhD program of the Graduate School Science, Medicine and Technology OLTECH at the University of Oldenburg, Germany.

Salary

Organisation/Institute: Humatects GmbH (HMT) Germany (humatects.de)

Supervisor: Dr. Andreas Lüdtke

Contacts: luedtke@humatects.de;

Project Description

Objectives
To increase the safety and resilience of future traffic networks, autonomous vehicles require sound mechanisms to detect and react to safety-critical behavior of malicious autonomous and human agents in the traffic scene. A major challenge is the need for robust long-term predictions of the spatial-temporal evolution of the traffic scene. Despite the promising predictive capabilities of human behavior models, the current landscape is dominated by black-box Deep Neural Networks learnt from non-critical trajectory data leaving a gap in the detection of safety-critical and malicious driving behavior, for which limited data is available. A second challenge are limitations of single-vehicle perception and prediction technologies like occlusion or limited computational resources. A potential solution are cooperative perception and prediction technologies based on Vehicle-to-Everything communication, enabling connected autonomous vehicles to enhance their capabilities by exchanging information about the traffic scene with other vehicles, roadside infrastructure, and cloud networks. However, current approaches largely rely on assumptions that collaborating agents utilize identical sensor setups and/or information processing pipelines, while ignoring difficulties like limited communication bandwidths and delayed or lossy communication, limiting their real-world practicability.

This DC will advance the state of the art by investigating the combination of human behavior models and cooperative perception and prediction technologies for detecting malicious and safety-critical behavior of traffic participants in complex traffic scenarios with realistic agent and model heterogeneity and communication capabilities.
Fully and partly autonomous vehicles require state estimation and motion prediction of other autonomous and manually-driven vehicles, vulnerable road users, and even animals to enable safe and efficient path planning and navigation. Using driving simulators and open-source datasets, we will investigate cooperative long-term behavior prediction and anomaly detection in multi-agent traffic scenarios by combining the use of human behavior models for long-term prediction of traffic participants with cooperative perception and prediction technologies. We will develop means that enable networks of autonomous vehicles to use V2X communication to collaborate in and coordinate the prediction of possible spatial-temporal evolutions of the traffic scenes in order to extend the hypothesis space beyond what would be able for a single agent, including a wider range of potential critical and malicious behavioral scenarios.

Expected Results
i) Methodology and algorithms for collaborating and coordinating cooperative long-term prediction via V2X communication for early detection of critical and malicious driving behavior in multi-agent traffic scenarios.
ii) Proof of concept implementation of the approach in simulated multi-agent traffic scenarios incl. critical and malicious driving behavior.
iii) Validation and benchmarking of the overall performance for long-term prediction based on open-source datasets.

Planned Secondments

HRI (DE), Dr. M. Olhofer, M9-M12, 4M, Understand requirements and domain specific constraints in resilient smart transportation, and development of realistic and relevant safety-critical use cases.
UOR (FR), Prof. N. Ramdani, M18-M21, 4M, Transfer of set-based technologies to cooperative perception and prediction.
AVL (AT), S. Marksteiner, M27-M30, 4M, Introduction to industry-level testbeds and datasets.

Specific Requirements for the Project

The fellowship requires admission to the PhD program of the Graduate School Science, Medicine and Technology OLTECH at the University of Oldenburg.

Salary

The gross salary (Bruttogehalt) is at least 3,908€ per month or 46,899€ per annum (includes social security contributions and mobility allowance), with an increase based on experience. Additional family allowance is provided if applicable.

Organisation/Institute: Université d'Orléans (UOR), located in Bourges, France (www.univ-orleans.fr)

Supervisor: Prof. Nacim Ramdani

Contacts: nacim.ramdani@univ-orleans.fr

Project Description

Objectives
State-of-the-art model-based fault/anomaly/attack detection and isolation take advantage of system models and a possible redundancy of sensors and actuators to reconstruct unmeasured state and unknown inputs, then use them to compute residues between actual measurements and their estimates. Attack identification and reconstruction leverage consistency relations between combination of appropriately designed residuals. Alternative approaches use banks of unknown input observers to reconstruct attack signals in addition to state variables. However, these techniques do not provide defense-in-depth against a knowledgeable and strategic adversary who can tune stealthy deception attacks, that maximize their impacts while remaining undetected. Moving target defense (MTD) is a popular cyber defense strategy that adds unpredictability about system's state and execution to inhibit attackers' ability to design stealthy attacks. Recently, enhanced versions of the MTD, that introduce stochasticity and non-linearity in the systems, facilitated detection of stealthy attacks and identification of corrupted sensors. Besides, set-based estimators have been developed recently to compute admissible sets for the residues may increase detection robustness. The combination of set-based detectors with MTD strategies for stealthy attack diagnosis has not been investigated yet. Besides, the current approaches have been developed for centralized settings, they do not account for the distributed nature of critical infrastructures, nor the network induced imperfections like variable sampling periods and communication delays. Set-based estimation techniques with non-periodic sampling and delayed measurements have been developed recently by our group can address such network-induced imperfections.

This DC will advance state of the art by combining enhanced moving target defense strategies with distributed set-based observers working with non-periodic sampling and delayed measurements, to build a strong and robust stealthy attack diagnosis solution for massively distributed control systems in smart grids and transport.

Expected Results
i) A framework for anomaly detection and isolation will account for aperiodic and multi-periodic measurements sampling. It will also account for the distributed nature of the CPS. The set of undetectable cyber-physical attacks will also be characterized.
ii) A report on the proof-of-concept implementation of the proposed approach in smart transportation systems.

Planned Secondments

SIEMENS (DE) Dr. M. A. Wischy, M9-M11, 3M, training on security and resilience aspects in rail automation and operation.
ScienceTokyo (JP) Dr H. Sasahara (M12-M14), 3M, training on secure and resilient cyber-physical system design with applications to smart grids.
UCY (CY), Dr. D. Eliades, M15-M17, 3M, development of diagnosis and application using the KIOS Virtual City (energy) as a training testbed.
SIEMENS (DE) M. A. Wischy, M33-M35, 3M, application for railways resilient operation.

Specific Requirements for the Project

This position is being located in a ``Zone à Régime Restrictif'' (Restricted Area) in the sense provided by article R 413-5-1 of the French penal code. Appointment can only take place after an access authorisation delivered by the head of the institution, as stated in article 20-4 of decree n°84-431 of 6 June 1984 (National Law, France).

The ideal applicant possesses good background in control theory or related subjects. They have completed or about to complete a Master 2 or Engineering degree in the appropriate field. Candidates without a Master's degree should complete degree before September 2026.

Ideal candidates will have a strong academic record and very good oral and written communication skills in English.

This fellowship requires admission to the PhD program at the Doctoral School Mathematics, Computer Science, Theoretical Physics, and Systems Engineering (MIPTIS) at the University of Orléans.

Salary

39,465€ per year as gross salary (salaire brut) (includes social security contributions and mobility allowance). Additional family allowance is provided if applicable.

Organisation/Institute: University of Cyprus (UCY) (www.ucy.ac.cy)

Supervisor: Dr. Mahtaios Panteli and Dr. Demetris Eliades

Contacts: panteli.mathaios@ucy.ac.cy; eliades.demetrios@ucy.ac.cy

Project Description

Objectives
Modern CPSs rely on distributed architectures, however their interconnectivity exposes them to a wide range of incidents, from physical failures to cyber-physical attacks. For instance, water and power systems are highly interdependent. In general, interdependencies between CIs are a means of propagation of hazards from one network to another, leading to cascading effects affecting other infrastructures. Effective incident response requires understanding and modeling these interdependencies to optimize restoration efforts. Developing resilience-oriented models that integrate critical features such as microgrids, distributed generations, and water treatment facilities can enhance the ability to respond to disruptions. These models should aim to minimize service loss by optimizing the restoration of both power and water loads. Decentralized coordination models, fault diagnosis considering interdependencies and partial information sharing, can enhance real-time monitoring and responding to events. Moreover, enhancing cyber-physical security involves augmenting the information flow graphs with additional connections and algorithms to increase redundancy, which helps mitigate the impact of cyber-physical attacks by sustaining control requirements despite multiple attacks. Traditional control-theoretic approaches often fail to capture the evolving interdependencies of CPS, leading to suboptimal decisions, whereas semantic graphs offer a more accurate and adaptable representation. Additionally, the reliance on centralized systems limits the ability to respond effectively to localized emergencies.

This DC will study the transition from centralized to distributed architecture for resilient incident response to emergencies, benefiting from distributed energy and water resources such as stationary and mobile batteries, and water pumping flexibility. The knowledge generated in the project will be utilized for providing recommendations on the development of policy and regulatory standards for emergency response interconnected systems, which currently hampers the joint response and coordination of different CIs to emergencies. The UCY KIOS Virtual City Testbed will be used for applying and demonstrating the tools to be developed in the project. SPRING goes beyond the state-of-the-art, by researching key gaps in modeling and managing interconnected CPSs in dynamic environments. By developing distributed architectures, the research aims to distribute risk and enhance system reliability during critical events.
This research aims to develop a framework for modeling cyber-physical critical infrastructure systems, focusing on water-energy systems. By leveraging semantic control graphs and semantic reasoning, the framework will enable the study of interconnected computational models, mapping interdependencies across diverse cyber-physical infrastructures like water systems and power microgrids. This involves (i) developing a simulation framework for modeling water-energy-focused cyber-physical critical infrastructure systems, (ii) studying interconnected computational models to map CPS interdependencies, (iii) researching standardized communication protocols for CPS integration, (iv) creating holistic stress-testing methodologies to identify system breaking points, and (v) designing distributed architectures for resilient emergency responses using distributed water and energy resources.

Expected Results
(1) a comprehensive theoretical framework integrating semantic control graphs and reasoning, tailored for CPS resilience;
(2) detailed models capturing interactions and dependencies among cyber-physical infrastructures, aligned with SPRING project objectives;
(3) mechanisms for coordinated CPS emergency response; and (4) practical benchmarks and toolkits for assessing CPS resilience, ensuring real-world applicability.

Planned Secondments

UOR (FR), Prof. N. Ramdani M9-M14, 6M, Guidance on literature review of modelling and analysis of interconnected cyber-physical critical infrastructures;
SLG (EL) Dr. S. Rizou, M15-20, 6M, Understand distributed multi-CPS resilience requirements and multi-domain specific constraints, focusing on water-energy systems.

Specific Requirements for the Project

Salary

Organisation/Institute: University of Cyprus (UCY) (www.ucy.ac.cy)

Supervisor: Dr. Mahtaios Panteli and Dr. Demetris Eliades

Contacts: panteli.mathaios@ucy.ac.cy; eliades.demetrios@ucy.ac.cy

Project Description

Objectives
Digital Twin (DT) technology is rapidly gaining traction as a means of enhancing resilience and efficiency across critical infrastructures (CIs). The concept has evolved significantly from its initial focus on product design and manufacturing to encompass broader applications in infrastructure management, leveraging advancements in data analytics, artificial intelligence (AI), and simulation. DTs are being implemented in diverse sectors, including energy, water, and transportation, offering real-time insights, predictive capabilities, and support for decision-making. However, current DT frameworks face challenges in addressing complex interdependencies and cascading failures, particularly in highly interconnected CI environments. Moreover, challenges such as real-time data integration from heterogeneous sources, scalability across distributed systems, and cross-sector interoperability remain largely unaddressed. The lack of standardized resilience metrics and validation frameworks further complicates the evaluation of DT effectiveness . Additionally, cybersecurity concerns and the integration of socio-technical factors, including regulatory compliance and human-machine interaction, have not been adequately explored. These gaps highlight the need for innovative DT architectures that incorporate distributed systems, secure and adaptive AI, interdisciplinary methods, and robust knowledge management to ensure scalability, reliability, and resilience in managing critical infrastructure systems.

This IRP thesis aims to advance Digital Twin (DT) technology for enhancing the resilience of critical infrastructures (CIs) through five key objectives. (1) It will develop a scalable DT framework that integrates formal methods, modeling languages, simulation tools, and knowledge engineering/management to address the complexities of cyber-physical CI interoperability. (2) A framework for evaluating anticipatory self-adaptive algorithms will be designed to improve system resilience by predicting and adapting to potential disruptions in real time. (3) The research will explore the integration of Large Language Models (LLMs) into the DT architecture, enabling human-interpretable diagnostics and leveraging explainable AI for rapid and informed decision-making. (4) Real-time, scalable techniques for risk-aware incident response will be implemented, ensuring operational safety and effective risk mitigation during disruptions. (5) Finally, the thesis will create a library of intelligent software agents capable of delivering resilience as a service across multiple CI sectors, including energy, water, and transportation.

Expected Results
The expected outcomes are equally structured around five key results. (1) The SpringDT architecture; (2) The validated self-adaptive algorithm framework; (3) LLM integration; (4) The risk-aware incident response framework (5) The resilience agent library. These contributions will be validated through real-world CI case studies, ensuring practical utility and effectiveness.

Planned Secondments

UOR (FR), Prof. N. Ramdani M9-M14, 6M, Guidance on literature review of modelling and analysis of interconnected cyber-physical critical infrastructures;
HMT (DE) Dr. A. Lüdtke, M15-20, 6M, Guidance on human-centered design and study of digital twins from an industrial point-of-view.

Specific Requirements for the Project

The fellowship requires admission to the PhD program at the University of Cyprus.

Salary

Organisation/Institute: Carl von Ossietzky Universität Oldenburg (UOL) Germany (uol.de)

Supervisor: Prof. Martin Fränzle

Contacts: martin.fraenzle@uni-oldenburg.de

Project Description

Objectives
Via car2x communication, automotive systems and infrastructures are exposing new and broad attack surfaces, with dynamic reconfiguration of these distributed multi-vendor systems being the prominent countermeasure to attacks. Currently, neither attack detection nor reconfiguration are sufficiently automated to work at scale and across the diversity of components deployed in the automotive sector. While machine learning has recently been suggested as a possible cure to this problem at the small scale, like in situational reconfiguration of supplies and consumers in a household, scalability to the large in-vehicle and vehicle2x networks stays dubious due to their combinatorially vast configuration space that is uncoverable during training. In this project, we therefore investigate a combination of automated model mining using automata learning plus model-based testing and fuzzing - all expertise of AVL - with automated contract-based reasoning - as facilitated by UOL’s industry-proven automatic verification tools for discrete-continuous systems. Together these shall permit us to provide rigorous guarantees both on detection rates for vulnerabilities and of system correctness throughout all transients encountered during reconfiguration. The reactive synthesis community has recently started to address the problem of dynamic reconfiguration of systems through game-based synthesis of so-called bridging controllers guiding the system from one operational regime to the other while maintaining a set of correctness constraints alongside. These approaches have hitherto been investigated in the setting of synthesis of reactive controllers from temporal logic specifications and are neither scalable nor interface well with traditional software and control engineering. Employing automated contract-based reasoning, we will overcome these limitations.

This individual research project IRP will provide model-based techniques for in-situ computing safety-preserving and security-enhancing reconfigurations which provably provide best resilience among all reconfiguration strategies exploiting the same grey-box information on the components. Joining model learning and model-based fuzzing/testing with mechanized contract-based reasoning, this IRP will automatically provide exhaustive behavioral guarantees for hitherto unseen component configurations. An automatic vulnerability detection and reconfiguration procedure generates component/function replacement strategies which provably and robustly maintain all safety and functionality specifications along the full reconfiguration sequence.

Expected Results
The expected results are: i) A comprehensive analysis of existing practices and related work concerning manual and automatic reconfiguration of networked automotive systems;
ii) A rigorous definition of model mining based on automata learning and of model-based fuzzing and testing in distributed systems,
iii) An automatic game-based synthesis procedure supporting resilient CPSs by flexible dynamic reconfiguration with behavioral guarantees;
iv) A report summarizing the key insights and findings of the validation of the proposed approach in networked automotive systems.

Planned Secondments

AVL (AT), S. Marksteiner, M12-M17, 6M, Understand automated system modelling, user requirements, domain specific constraints, and safety demands for networked automotive control systems.
ScienceTokyo (JP), Prof. T. Hayakawa, M18-M23, 6M, Game theory covering noncooperative dynamic systems.

Specific Requirements for the Project

The fellowship requires admission to the PhD program of the Graduate School Science, Medicine and Technology OLTECH at the University of Oldenburg.

Salary

The gross salary (Bruttogehalt) is at least 4,629.74€ per month or 55,556.88€ per annum (includes social security contributions and mobility allowance), with an increase based on experience. Additional family allowance is provided if applicable.

Organisation/Institute: Graz University of Technology (TUG) Austria (www.tugraz.at)

Supervisor: Dr. Bettina Könighofer

Contacts: bettina.koenighofer@tugraz.at;

Project Description

Objectives
Machine learning algorithms for control, such as deep reinforcement learning (DRL), have demonstrated impressive capabilities in a variety of applications, such as optimizing robotics movements. The combination of high-performance and the ability to adapt to dynamic environments makes this technology very promising. However, it is also known that deep neural networks (DNNs) are extremely vulnerable to any kind of disturbances. Even small, unexpected changes in the observed state information of the environment, which may even be invisible to the human eye, may cause the learned controller to initiate wrong control commands. While learned controllers can adapt to environmental changes or recover from faults with enough updated training data, neither safety nor performance can be guaranteed during the recovery (retraining) phase of the learned controller. It is an ongoing research effort of the formal methods community to develop runtime assurance techniques for providing strong safety guarantees for learned controllers. Shielding is such a model-based assurance technique. The general assumption in DRL is that the underlying model of the environment is given in form of a Markov Decision Process (MDP). Thus, a shield for DRL is typically computed from a model of the environment dynamics in form of an MDP and a formal safety specification, using techniques from probabilistic model checking like dynamic programming or value iteration. The task of the shield is to block any control command from the DRL controller whose execution could lead to a safety violation with a probability exceeding a certain threshold. However, shields only provide safety for situations that are considered in the underlying model. To the best of our knowledge, there is only very little work on shielding that considers any kind of unexpected disturbances or faults that could occur. Partners of this consortium proposed a method to compute shields resilient to delayed input observations. Robust control under (non-)Gaussian noise has been studied, but not in the context of shielding. Recently, a first work on shielding under partial observability has been published, but the proposed approach is not scalable yet.

THis DC thesis will advance the state of the art by studying the necessary steps that need to be taken such that shields can be applied in practice to guarantee safe recovery of safety-critical machine learning systems. To guarantee safety for real-world systems, we will go beyond the classical assumption that uncertainties and disturbances in the environment are captured sufficiently in the probability distributions in the MDP. Instead, we will study relevant classes of anomalies and how they can be modelled, for example, as a robust MDP, as a partial observable MDP, or as a stochastic game. Additionally, the shield should not only ensure safety, but should also improve the performance in the recovery phase. Furthermore, we will study how to tightly integrate a shield with state-of-the art DRL such that the shield guides the recovery of the DRL controller to improve the convergence rate and potentially also the final performance of the DRL controller after the recovery.

Expected Results
We will develop methods and tools to compute shields that: i) guarantee safety throughout the entire recovery phase of safety-critical machine learning systems, ii) are resilient to several classes of domain-specific faults, disturbances, and anomalies, and iii) ensure a basic level of performance during the recovery phase. The project will implement a highly scalable open-source tool for automatically computing such shields.

Planned Secondments

SIEMENS (DE) M. A Wischy, M08-M10, 3M, requirement analysis in smart transportation,
UOL (DE), Prof. M. Fränzle, M13-M18, 6M, guidance on formal methods,
SIEMENS (DE), M. A. Wischy, M30-M32, 3M. application for smart transportation resilient operation.

Specific Requirements for the Project

• Applicants must hold a Master's degree or equivalent in computer science, mathematics, or similar, with relevant in formal methods, logic, machine learning, AI, or closely related topics for this project. Candidates without a Master's degree should complete degree by August 15, 2026.
• Ideal candidates will have a strong academic record.
• Very good oral and written communication skills in English.

Salary

The gross salary (Bruttogehalt) at TUG is 3,776.10 € (14 times a year) (includes social security contributions and mobility allowance). Additional family allowance is provided if applicable.

Organisation/Institute: Graz University of Technology (TUG) Austria (www.tugraz.at)

Supervisor: Dr. Bettina Könighofer

Contacts: bettina.koenighofer@tugraz.at;

Project Description

Objectives
The task of runtime assurance techniques, such as shielding, is to monitor the system's execution, analyze the safety of control commands, and prevent the execution from commands that could lead to safety violations in the future. The essential property of a shield is that it provides provable safety guarantees. To that end, shields are rigorously computed from a formal specification of safety-critical properties. However, to the best of our knowledge, no shielding approach provides explanations as to why a particular control command is classified as safe or unsafe by the shield. Often, a shield is implemented simply as a huge lookup table representing the unsafe control commands for each state. Thus, the highly opaque decisions of a controller deployed as a deep neural network may be overwritten by an equally opaque shield. Therefore, even if the shield provides formal safety guarantees, the trust of a human operator or user is not necessarily increased by adding a shield. Additionally, to support the decision-making process of a human operator, such as when choosing among several available recovery strategies, the classification of commands by the shield into safe and unsafe categories needs to be explainable. It is a common issue that controllers synthesized from formal verification tools are highly opaque, i.e., this problem is not specific to shields. There exists recent work on presenting synthesized controllers as decision trees. However, existing tools often produce decision trees for synthesized controllers that are large and still lack explainability.

This DC thesis will develop methods and tools to compute small decision trees representing shields. Algorithms for computing decision trees for shields can exploit several features unique for shields. For example, algorithms can leverage a tradeoff between tree size and the permissiveness of the shield. While the trees must accurately capture all unsafe behaviors, they can approximate safe behaviors. As a result, the shields may occasionally be slightly more conservative. However, if this allows the shield to be represented by a smaller tree, the increased explainability may outweigh the possible minor decrease in system performance. Furthermore, it may be possible to classify unsafe behavior into different types of safety violations, which could be learned automatically. A shield can then be represented by several smaller decision trees, each addressing interferences caused by a specific source of safety violation. And evaluate their understandability for safety-critical applications in smart transportation.

Expected Results
The expected outcomes are: i) algorithms and ii) tools for computing explainable shields, and iii) a comprehensive report, including a user study, evaluating the explainability of the computed shields.

Planned Secondments

SIEMENS (DE) M. Wischy, M10-M12, 3M, requirement analysis in smart transportation,
UNIBI (DE), Prof. B. Hammer, M13-M18, 6M, guidance on explainable machine learning,
SIEMENS (DE), M. A. Wischy, M30-M32, 3M. application for smart transportation resilient operation.

Specific Requirements for the Project

• Applicants must hold a Master's degree or equivalent in computer science, mathematics, or similar, with relevant in formal methods, logic, machine learning, AI, or closely related topics for this project. Candidates without a Master's degree should complete degree by August 15, 2026.
• Ideal candidates will have a strong academic record.
• Very good oral and written communication skills in English.

Salary

The gross salary (Bruttogehalt) at TUG is 3,776.10 € (14 times a year) (includes social security contributions and mobility allowance). Additional family allowance is provided if applicable.