DeepSec Talk 2022: Automatic Recovery Of Cyber Physical Systems Applications Against Known Attacks – Dr M Taimoor Khan
Recovering a software application against an arbitrary attack is an intractable problem because of inadequate information available about compromised components of the application. Therefore, to this end, we have developed a method and supporting tools that can automatically detect and recover the execution of a cyber-physical system application against known attacks. The method can detect and recover the application against cyber, physical, and cyber-physical attacks.
However, based on the availability of adequate information about the compromised components, the method supports three different recovery strategies, e.g., “full recovery” – recovers the last secure state of the application, “partial recovery” – recovers a specific state of the application and “no recovery” – recovers application by a user-provided action.
Specifically, the method is based on program verification that allows the specifying of various attacks and their recovery strategies in an extended Java Modeling Language. The language also allows for describing the functional behavior of applications that are developed in Java. Finally, we show our method through its application to recover a typical e-commerce application.
Dr M Taimoor Khan is an Associate Professor of Cyber Security at the University of Greenwich, UK. There he founded the Cyber Assurance Lab in the Internet of Things and Security Research Centre. He’s also a member of an interdisciplinary Law, Emerging Tech and Science (LETS) Lab, UK. He received an MSc in Advanced Distributed Systems from the University of Leicester, the UK in 2008 and a Ph.D. (Dr. techn.) in 2014 in Software Engineering from the Research Institute for Symbolic Computation (RISC), Johannes Kepler University, Austria, both with distinction. He was a Lecturer in Cyber Security at Surrey Center of Cyber Security, University of Surrey, the UK in 2018 and 2019. Prior to that, he was a Postdoc at the MIT CSAIL, USA (jointly with QCRI) during 2014-2016 and in SERG Group at the Alpen-Adria University, Austria during 2016-2018. His research has been recognized through (i) winning awards in the most premier research venues including CICM 2012, WF-IoT 2016, and ICS-CSR 2019, to name a few, and (ii) winning and being part of mega research grants by distinguished international and regional funding agencies including H2020, HFRI, FWF, and NSF/DARPA, to name a few. He’s a member of IEEE.