MSc. Bashar Ahmad

Research Area

Formal Methods

Publications

2016

[Ahmad]

Practical Event Monitoring in the LogicGuard Framework

Wolfgang Schreiner, David Cerna, Temur Kutsia, Michael Krieger, Bashar Ahmad, Helmut Otto, Martin Rummerstorfer, Thomas Gössl

In: embedded world Conference 2016, February 23-25 2016, Nürnberg, Germany, Matthias Sturm et al. (ed.), pp. -. February 2016. Design & Elektronik, Haar, Germany, ISBN 978-3-645-50159-0. [pdf]

[bib]

@inproceedings{RISC5261,
author = {Wolfgang Schreiner and David Cerna and Temur Kutsia and Michael Krieger and Bashar Ahmad and Helmut Otto and Martin Rummerstorfer and Thomas Gössl},
title = {{Practical Event Monitoring in the LogicGuard Framework}},
booktitle = {{embedded world Conference 2016, February 23-25 2016, Nürnberg, Germany}},
language = {english},
abstract = {We describe further progress on the previously introduced LogicGuard specification language and execution framework. This framework generates from a high-level logic specification of a desired property of a stream of events an executable program that observes the stream in real time for violations of the property. While previous presentations were based on an early and incomplete prototype, we are now able to report on some practical applications of the operational framework in the context of network security. As a startup example, we present the “Rogue DHCP” scenario where a device illicitly poses as a DHCP server in order to feed newly connected devices with wrong connectivity information; the monitor detects this attack by looking for duplicate offers to the same DHCP client, of which one is from the attacker. Our main scenario is “Dynamic DNS (DDNS) Cache Poisoining” where an attacker poses as a DDNS client and feeds the DDNS server with wrong DNS update information; the monitor detects this attack by learning about the frequency of legitimate DDNS updates and reporting updates that occur significantly earlier than expected.},
pages = {--},
publisher = {Design & Elektronik},
address = {Haar, Germany},
isbn_issn = {ISBN 978-3-645-50159-0},
year = {2016},
month = {February},
editor = {Matthias Sturm et al.},
refereed = {no},
keywords = {formal methods, runtime verification, event processing},
length = {7}
}

[Ahmad]

Benchmarks and Performance Analysis of the LogicGuard Framework

Bashar Ahmad, Michael Krieger

Research Institute for Symbolic Computation (RISC), Johannes Kepler University, Linz, Austria. Technical report, June 2016. [pdf]

[bib]

@techreport{RISC5370,
author = {Bashar Ahmad and Michael Krieger},
title = {{Benchmarks and Performance Analysis of the LogicGuard Framework}},
language = {english},
abstract = {This paper presents benchmarks, performance measurements and analysisfor LogicGuard framework. The specification and data used to performthe benchmarks are all artificial and were designed to show variouscomplexity levels. For this purpose, a set of parameters was defined togenerate specifications and sample data, which include quantifier depth,search direction, windows size and delay. A set of tools was designed andimplemented to perform the benchmarks and the analysis of the results.In addition to the LogicGuard software, a tool to generate specificationsbased the performance parameters, a tool to process the measurementsand lastly a tool to analyse, extrapolate and plot the results were developed.The results presented show the resource cost in terms of processingtime per message, number of instances and memory usage. To be ableto capture the performance of LogicGuard specification as accurately aspossible, the external function used for monitoring was designed to returnas fast as possible such that the time needed for external processing canbe neglected. Further analysis using polynomial extrapolation is appliedto understand the behaviour of the framework.},
year = {2016},
month = {June},
institution = {Research Institute for Symbolic Computation (RISC), Johannes Kepler University, Linz, Austria},
sponsor = {Supported by the FFG BRIDGE program by the project 846003 “LogicGuard II”.},
length = {26}
}

2015

[Ahmad]

Securing Device Communication by Predicate Logic Specifications

Wolfgang Schreiner, Temur Kutsia, Michael Krieger, Bashar Ahmad, Helmut Otto, Martin Rummerstorfer

In: embedded world Conference 2015, February 24-26 2015, Nürnberg, Germany, Matthias Sturm et al. (ed.), pp. -. February 2015. Design&Elektronik, Haar, Germany, ISBN 978-3-645-50144-6. [pdf]

[bib]

@inproceedings{RISC5098,
author = {Wolfgang Schreiner and Temur Kutsia and Michael Krieger and Bashar Ahmad and Helmut Otto and Martin Rummerstorfer},
title = {{Securing Device Communication by Predicate Logic Specifications}},
booktitle = {{embedded world Conference 2015, February 24-26 2015, Nürnberg, Germany}},
language = {english},
abstract = {We present a novel approach to the runtime monitoring of network traffic where from a high-level specification of security properties an executable monitor is generated; this monitor observes the network traffic in real time for violation of the specified properties in order to report respectively prevent these violations. The specification formalism is purely based on the classical notions of predicate logic and set theory with the corresponding level of expressiveness; compared to other more restricted formalisms it has thus much stronger capabilities to describe properties of interest. Its high level of flexibility makes our approach also applicable to other problem areas and engineering domains such as process control where it is important to guarantee that sequences of events conform to a particular protocol.},
pages = {--},
publisher = {Design&Elektronik},
address = {Haar, Germany},
isbn_issn = {ISBN 978-3-645-50144-6},
year = {2015},
month = {February},
editor = {Matthias Sturm et al.},
refereed = {no},
keywords = {runtime monitoring; network security; event streams; predicate logic},
sponsor = {Supported by the Austrian Research Promotion Agency (FFG) in the frame of the BRIDGE program by the project 846003 “LogicGuard II”},
length = {9}
}

[Ahmad]

The LogicGuard Stream Monitor Specification Language Tutorial and Reference Manual

Wolfgang Schreiner, Temur Kutsia, Davic Cerna, Michael Krieger, Bashar Ahmad, Helmut Otto, Martin Rummerstorfer, Thomas Gössl

Research Institute for Symbolic Computation (RISC), Johannes Kepler University, Linz, Austria. Technical report, October 2015. Technical Report. [pdf]

[bib]

@techreport{RISC5193,
author = {Wolfgang Schreiner and Temur Kutsia and Davic Cerna and Michael Krieger and Bashar Ahmad and Helmut Otto and Martin Rummerstorfer and Thomas Gössl},
title = {{The LogicGuard Stream Monitor Specification Language Tutorial and Reference Manual}},
language = {english},
abstract = {This report describes the design and use of the LogicGuard language for specifyingstream monitors. These monitors observe streams of values (e.g., messages flowing througha network connection) and check whether the streams fulfill desired safety properties. Theseproperties are described on a very high level of abstraction in a purely declarative way by notionsthat are derived from classical predicate logic, in particular by logic formulas that arequantified over stream positions. To raise the level of abstraction, auxiliary internal streamscan be specified whose values are constructed from the values on the external streams bynotions that are thar are similar to classical set builders. From the abstract specificationsautomatically executable monitors are generated which surveil the streams in real time andtrigger warnings if violations of the specified properties are observed.},
year = {2015},
month = {October},
institution = {Research Institute for Symbolic Computation (RISC), Johannes Kepler University, Linz, Austria},
keywords = {formal methods, runtime verification, event processing},
sponsor = {Supported by the Austrian Research Promotion Agency (FFG) in the frame of the BRIDGE program by the projects 832207 "LogicGuard" and 846003 "LogicGuard II".},
length = {54},
type = {Technical Report}
}

2014

[Ahmad]

Monitoring Network Traffic by Predicate Logic

Wolfgang Schreiner, Temur Kutsia, Michael Krieger, Ahmad Bashar, Helmut Otto, Martin Rummerstorfer

Research Institute for Symbolic Computation (RISC), Johannes Kepler University, Linz, Austria. Technical report, September 2014. [pdf]

[bib]

@techreport{RISC5057,
author = {Wolfgang Schreiner and Temur Kutsia and Michael Krieger and Ahmad Bashar and Helmut Otto and Martin Rummerstorfer},
title = {{Monitoring Network Traffic by Predicate Logic}},
language = {english},
abstract = {We present an approach to the runtime monitoring of network traffic for theviolation of properties specified in classical predicate logic. The propertiesare expressed by quantified formulas which are interpreted over sequences ofmessages, i.e., the quantified variable denotes a position in the sequence.Using the ordering of stream positions and nested quantification, complexproperties can be formulated. To raise the level of abstraction, we allow thedefinition of a higher-level stream from a lower-level stream by a notationanalogous to classical set builders. A translator generates from thespecification an executable monitor; a static analysis determines whether thegenerated monitor only requires a finite number of past messages to bepreserved.},
year = {2014},
month = {September},
institution = {Research Institute for Symbolic Computation (RISC), Johannes Kepler University, Linz, Austria},
keywords = {runtime verification, predicate logic, network security},
sponsor = {Supported by the Austrian Research Promotion Agency (FFG) in the frame of the BRIDGE program by the project 832207 \enquote{LogicGuard}},
length = {15}
}