Behavior Based Secure And Resilient System Development

Presented at DeepSec 2017 „Science First!“, Unknown date/time (Unknown duration)

We introduce a design methodology to develop reliable and secure systems based on their functional and non-functional behaviour. The methodology has 3 independent, but complementary, components that employ novel approaches and techniques in the design of reliable and secure systems. First, we introduce reliable-and-secure-by-design development of secure applications through stepwise sound refinement of an executable specification, employing deductive synthesis to enforce functional and non-functional (e.g. security and safety) properties of the applications. Second, we present a run-time security monitor at the middleware level that protects system operation in the field through comparison of the application execution and the application specification execution in real-time; the run-time security monitor can be synthesized from the executable specification. Finally, based on the specification, we perform a vulnerability analysis for false data injection attacks, which leads to application designs that are resilient to this type of attacks. We demonstrate the methodology through its application to a basic and typical industrial control system example application, describing all the tools used and ARMET, the middleware monitor that constitutes the core component of the methodology.

Presenters:

• Dr. Muhammad Taimoor Khan - Alpen-Adria University, Klagenfurt, Austria
  Muhammad Taimoor Khan is a post-doc assistant with Institute of Informatics, Alpen-Adria University Klagenfurt. He holds a PhD from Research Institute for Symbolic Computation (RISC), Johannes Kepler University, Austria (2014) and a Masters in Advanced Distributed Systems from University of Leicester, UK (2008). Prior to that, he graduated from Islamia University Bahawalpur (2001) in Computer Science. He has won various research awards including best paper award(s). In the last decade, he has been applying formal methods as a powerful tool to assure reliability and security of various software systems, for instance, industrial control systems and computer mathematics based systems, to name a few. He has extensive experience in the both, software industry and research institutes. He has been working as a scientist in various premier international research institutes, including INRIA, France and MIT CSAIL, USA; he is jointly working with these institutes now.

Links:

• https://deepsec.net/archive/2017.deepsec.net/speaker.html#PSLOT291

Similar Presentations:

• AppSec USA 2017 / Leveraging the ASVS in the Secure SDLC
• AppSec USA 2015 / Ah mom, why do I need to eat my vegetables?
• HushCon East 2017 / Secure Through Design