Muhammad Taimoor Khan, MSc. PhD. | 29.02.2016 | 11:00 Uhr | E.2.69
In this talk, we present a rigorous behavior based approach to develop reliable, secure and resilient application software for industrial control systems (in particular). The goal here is to employ formal methods to ﬁrst build application right and then to continuously monitor the application for security and resilience.
To achieve the goal, we ﬁrst develop correct-and-secure-by-construction application software using theorem proving (i.e. prover Coq) through reﬁnement and synthesis of abstract data types. Then we introduce a run-time security monitor for application software, which detects both known and unknown computational cyber attacks. For resilience, we employ dependency directed reasoning to recover the system in a safe state, if any inconsistency is detected. Our security monitor is sound and complete, eliminating false alarms, as well as eﬃcient, supporting real-time systems. In contrast, conventional run-time security monitors for application software either produce (high rates of) false alarms (e.g. intrusion detection systems) or limit application performance (e.g. run-time veriﬁcation systems).
Our run-time monitor detects attacks by checking the consistency between the application run-time behavior and its expected behavior modeled in its speciﬁcation. Our speciﬁcation language is based on monadic second order logic (i.e. ﬁrst order logic and set theory) and event calculus interpreted over algebraic data structures; application implementation can be in any programming language. Based on our deﬁned denotational semantics of the speciﬁcation language, we prove that the security monitor is sound and complete, i.e. it produces an alarm if and only if it detects an inconsistency between the application execution and the speciﬁed behavior. Importantly, the monitor detects not only cyberattacks but all behavioral deviations from speciﬁcation, e.g. bugs, and so, is readily applicable to the security of legacy systems.
Finally, we present the evaluation of the monitor in the industrial control systems security domain, speciﬁcally in water management, demonstrating that run-time, sound and complete monitors employing veriﬁcation techniques are eﬀective, eﬃcient and readily applicable to demanding real-time critical systems, without scalability limitations.
Muhammad Taimoor Khan is a postdoctoral researcher at Qatar Computing Research Institute (jointly with CSAIL, MIT, USA), Qatar. His current research is to develop reliable, secure and resilient software by the application of formal methods. On one hand, his project is focused on developing a tool to automatically detect and correct, known and unknown attacks through monitoring behavioral inconsistencies between specification and execution at run-time. On the other hand, his another project is focused on using theorem prover as a programming language to develop correct-and-secure-by construction software.
Prior to this, Taimoor Khan has passed doctoral studies at Research Institute for Symbolic Computation, Hagenberg, Austria with All-Distinctions in 2014. His PhD dissertation was about formal specification and verification of computer algebra software. Before joining RISC, he graduated in MSc Advanced Distributed Systems from the University of Leicester, UK with Distinction in 2008. As a final semester project he worked on the model-based verification of the various communication protocols of NASA in the frame of project “Space Link Extension Service Management”. Also prior to this, he completed his M.Sc. in Computer Science from Pakistan in 2001 and then worked for about five years in the software industry specializing in Java (EE/ME), XML and Web Services.
Taimoor Khan has been visiting scientist at various international reputed institutes including CSAIL, MIT, USA and ENSIIE, INRIA, France. Also he has won various research awards including the best student paper award at the most premier conference in computer algebra (CICM) in 2012.
He is also working as an associate tutor at University of Leicester, UK. Here he is teaching different courses (e.g. Domain Specific Languages) to MSc students (DL) and supervising their final semester projects. Prior to that, he has also taught undergraduate and graduate students at numerous universities in Pakistan as an assistant professor for several years.