Apprenticeship:Securitization of the logs management in an embedded context Airbus Cybersecurity School (Bachelor 3 to Master 2)

Job Description

Description de l’emploi :This apprenticeship is integrated into the certified training programme proposed by the Airbus Cybersecurity School in partnership with Toulouse Ynov Campus.An apprenticeship offer entitled « Apprentice in Securitization of the logs management in an embedded context (M/F) » has just opened within Airbus Protect on its Toulouse – Blagnac site.As a work-study student, you will join a department in charge of supporting customers in the architecture security topics. You will join one of the 4th security architecture team, you will be included in a team of 14 members.This apprenticeship will start in September 2026 and will last for a period of 3 years.This position requires security clearance or eligibility for clearance by recognised authorities.Tasks & Responsibilities:Under the guidance of your Airbus tutor, you will contribute to:In embedded systems, logs are essential for diagnostics, auditing, and security forensics. However, these systems face unique challenges: limited CPU/RAM, unstable network connectivity, and susceptibility to physical tampering. If an attacker gains access, they may attempt to delete or modify logs to hide their tracks.The goal of this apprenticeship is to research, design, and prototype a secure logging mechanism that ensures Integrity, Authenticity, and Forward Secrecy, focusing specifically on the TECERA (Trustworthy Event logs for Constrained Embedded Resilient Appliances) framework and secure transfer protocolsTechnical activity:State of the Art & Theoretical StudyLiterature Review: Research existing secure logging schemes for constrained devices.Focus on TECERA: Deep dive into the TECERA architecture, which utilizes « Trusted Execution Environments » (TEEs) or lightweight cryptographic primitives to secure logs even if the main OS is compromised.Constraint Analysis: Define the hardware limitations (e.g., flash memory wear, power consumption, limited bandwidth).Threat ModelingIdentify potential attack vectors: log injection, log truncation, and « deletion attacks. »Define the security requirements needed to mitigate these risks in an embedded context.Design of a Secure Transfer SolutionLocal Storage: How to sign or chain logs locally (e.g., using Hash Chains or Merkle Trees) to detect tampering.Secure Transport: Propose a lightweight transfer protocol (e.g., TLS 1.3, DTLS, or specialized MQTT-SN security) to move logs from the device to a central server.Resilience: Address how the system handles intermittent connectivity without losing data.Implementation and PrototypingDevelop a Proof of Concept (PoC) on a virtualized environmentImplement a simplified version of the TECERA approach to secure log entries before transmission.Key deliverables:A state-of-the-art report on embedded log security.A technical specification document for the proposed solution.A functional PoC code repositorySkills & Prerequisites:You are currently enrolled in, or have already completed, at least a two-year higher education degree (Bac+2) in the IT field.Hard Skills:Product architecture skills :Knowledge of network technology (switch, router, DNS, TCP/IP) Knowledge of network security principles (Firewall, Proxy, Probe) Knowledge of system administrationKnowledge of system hardening Knowledge of micro kernel based architecture systemBasic knowledge of scripting (Powershell/Bash) and/or development (python, SQL) and/or DevOps tools (Github)Soft Skills:Organisation:2-Good knowledgeCommunication:2-Good knowledgeTeamwork:1-BasicAdaptability:1-BasicProblem solving:1-BasicLanguage skills: English: Advanced (as the classes are taught partly in English, candidates must have an advanced level of English)French: FluentCet emploi exige une connaissance des risques de conformité potentiels et un engagement à agir avec intégrité, comme base de la réussite, de la réputation et de la croissance durable de la société.Unité légale :Airbus Protect SASType de contrat :AlternanceNiveau d’expérience :EtudiantFamille d’emplois :Support au Management En soumettant votre CV ou votre candidature, vous autorisez Airbus à utiliser et stocker des informations vous concernant à des fins de suivi de votre candidature ou de futurs emplois. Ces informations ne seront utilisées que par Airbus.
Airbus s’engage à assurer la diversité de sa main-d’œuvre et à créer un environnement de travail inclusif. Nous accueillons toutes les candidatures, quels que soient le milieu social et culturel, l’âge, le genre, l’invalidité, l’orientation sexuelle ou les croyances religieuses des postulants.Airbus est depuis toujours attaché à l’égalité des chances pour tous. En tant que tel, nous ne demanderons jamais aucun type d’avance de frais dans le cadre d’un processus de recrutement. Toute usurpation d’identité d’Airbus à cette fin doit être signalée à emsom@airbus.com.Chez Airbus, nous vous aidons à travailler, à vous connecter et à collaborer plus facilement et de manière plus flexible. Dans la mesure du possible, nous favorisons les modalités de travail flexibles pour stimuler la pensée innovante.