Abstract
We describe further progress on the previously introduced LogicGuard specification language and execution framework. This framework generates from a high-level logic specification of a desired property of a stream of events an executable program that observes the stream in real time for violations of the property. While previous presentations were based on an early and incomplete prototype, we are now able to report on some practical applications of the operational framework in the context of network security. As a startup example, we present the “Rogue DHCP” scenario where a device illicitly poses as a DHCP server in order to feed newly connected devices with wrong connectivity information; the monitor detects this attack by looking for duplicate offers to the same DHCP client, of which one is from the attacker. Our main scenario is “Dynamic DNS (DDNS) Cache Poisoining” where an attacker poses as a DDNS client and feeds the DDNS server with wrong DNS update information; the monitor detects this attack by learning about the frequency of legitimate DDNS updates and reporting updates that occur significantly earlier than expected.
| Original language | English |
|---|---|
| Title of host publication | embedded world Conference 2016, February 23-25 2016, Nürnberg, Germany |
| Editors | Matthias Sturm et al. |
| Place of Publication | Haar, Germany |
| Publisher | Design & Elektronik |
| Number of pages | 7 |
| ISBN (Print) | 978-3-645-50159-0 |
| Publication status | Published - Feb 2016 |
Fields of science
- 101 Mathematics
- 101001 Algebra
- 101005 Computer algebra
- 101009 Geometry
- 101012 Combinatorics
- 101013 Mathematical logic
- 101020 Technical mathematics
JKU Focus areas
- Computation in Informatics and Mathematics