Muhammad Taimoor Khan, MSc. PhD. | 29.02.2016 | 11:00 Uhr | E.2.69
Abstract
In this talk, we present a rigorous behavior based approach to develop reliable, secure and resilient application software for industrial control systems (in particular). The goal here is to employ formal methods to first build application right and then to continuously monitor the application for security and resilience.
To achieve the goal, we first develop correct-and-secure-by-construction application software using theorem proving (i.e. prover Coq) through refinement and synthesis of abstract data types. Then we introduce a run-time security monitor for application software, which detects both known and unknown computational cyber attacks. For resilience, we employ dependency directed reasoning to recover the system in a safe state, if any inconsistency is detected. Our security monitor is sound and complete, eliminating false alarms, as well as efficient, supporting real-time systems. In contrast, conventional run-time security monitors for application software either produce (high rates of) false alarms (e.g. intrusion detection systems) or limit application performance (e.g. run-time verification systems).
Our run-time monitor detects attacks by checking the consistency between the application run-time behavior and its expected behavior modeled in its specification. Our specification language is based on monadic second order logic (i.e. first order logic and set theory) and event calculus interpreted over algebraic data structures; application implementation can be in any programming language. Based on our defined denotational semantics of the specification language, we prove that the security monitor is sound and complete, i.e. it produces an alarm if and only if it detects an inconsistency between the application execution and the specified behavior. Importantly, the monitor detects not only cyberattacks but all behavioral deviations from specification, e.g. bugs, and so, is readily applicable to the security of legacy systems.
Finally, we present the evaluation of the monitor in the industrial control systems security domain, specifically in water management, demonstrating that run-time, sound and complete monitors employing verification techniques are effective, efficient and readily applicable to demanding real-time critical systems, without scalability limitations.
Muhammad Taimoor Khan is a postdoctoral researcher at Qatar Computing Research Institute (jointly with CSAIL, MIT, USA), Qatar. His current research is to develop reliable, secure and resilient software by the application of formal methods. On one hand, his project is focused on developing a tool to automatically detect and correct, known and unknown attacks through monitoring behavioral inconsistencies between specification and execution at run-time. On the other hand, his another project is focused on using theorem prover as a programming language to develop correct-and-secure-by construction software.
Prior to this, Taimoor Khan has passed doctoral studies at Research Institute for Symbolic Computation, Hagenberg, Austria with All-Distinctions in 2014. His PhD dissertation was about formal specification and verification of computer algebra software. Before joining RISC, he graduated in MSc Advanced Distributed Systems from the University of Leicester, UK with Distinction in 2008. As a final semester project he worked on the model-based verification of the various communication protocols of NASA in the frame of project “Space Link Extension Service Management”. Also prior to this, he completed his M.Sc. in Computer Science from Pakistan in 2001 and then worked for about five years in the software industry specializing in Java (EE/ME), XML and Web Services.
Taimoor Khan has been visiting scientist at various international reputed institutes including CSAIL, MIT, USA and ENSIIE, INRIA, France. Also he has won various research awards including the best student paper award at the most premier conference in computer algebra (CICM) in 2012.
He is also working as an associate tutor at University of Leicester, UK. Here he is teaching different courses (e.g. Domain Specific Languages) to MSc students (DL) and supervising their final semester projects. Prior to that, he has also taught undergraduate and graduate students at numerous universities in Pakistan as an assistant professor for several years.
