Research Intern, AI-Assisted Container Sandboxing Policy Generation

Beschreibung:

Helsinki System Security Lab Internship 2026, AI-Assisted Container Sandboxing Policy Generation

Modern container platforms rely on sandboxing mechanisms-such as Linux namespaces, SELinux/AppArmor policies, and Seccomp filters-to isolate workloads. However, configuring these security controls correctly is complex and often requires deep system expertise. Existing automatic approaches typically provide only coarse-grained protection and are difficult to adapt to diverse workloads.

The research problem is to design and evaluate an AI-assisted system that generates container security policies from runtime telemetry. The idea is to execute a workload in a controlled environment, collect logs and events (syscalls, file accesses, network usage), and use machine learning to help derive precise, workload-specific policies.

Together with our experts, the student will:

* Review current container security mechanisms and automatic policy generation approaches.
* Collect and analyze runtime telemetry from reference workloads.
* Investigate ML/AI methods for extracting meaningful rules and constraints.
* Develop a proof-of-concept tool that outputs sandboxing policies (e.g., Seccomp, AppArmor-like rules).
* Validate the approach on representative workloads and document findings in a Master's thesis.

We are looking for:

* Students who have completed most of their M.Sc. courses, in the field of CS/E.Eng.
* Solid programming skills (Python preferred) and interest in ML/AI tooling.
* Basic understanding of Linux system calls, containerization, and security controls.
* Ability to work with log data, telemetry, and analysis tools.
* Sufficient skills to work and interact in English.
* Good team-working skills.
* Students with interest to do research and explore new challenges.

The following we count as advantage:

* Experience with Docker/Containerd, Seccomp, AppArmor, or SELinux.
* Familiarity with kernel tracing tools (e.g., strace, eBPF, auditd).
* Background in applied machine learning or anomaly detection.
* An interest to do research and explore new challenges.

Location and internship period: This is a 6-month internship based at our Helsinki, Ruoholahti office.

The Helsinki Systems Security Laboratory in Huawei Finland (HSSL) drives renewal and mastery in the field of platform / device related security technologies for the mobile device. Our topical expertise lies in hardware-assisted isolation and system protection (hypervisor, TEE, kernel hardening) as well as functions like device key management, attestation and integrity