Loui Al Sardy
Loui Al Sardy, M. Eng.
Dapartment Informatik (INF)
Martensstraße 3
91058 Erlangen
Bavaria, Germany
- Phone number: +49 9131 85-27907
- Fax number: +49 9131 85-27409
- Email: loui.alsardy@fau.de
Consultation hours
Kindly schedule an appointment via email.
Short vita
Loui Al Sardy is a research and teaching assistant at the Lab of Computer Networks and Communication Systems. He holds a Master’s degree in Software Engineering for Industrial Applications from Hof University and a Bachelor’s degree in Electrical Engineering from the University of Jordan.
From 2016 through the summer of 2023, in his prior academic position as a Research and Teaching Assistant at the chair of Software Engineering, Loui Al Sardy contributes to the field of IT security and software testing. His extensive research experience includes projects like SMARTEST and SMARTEST2, aiming to enhance security in software-based control systems for nuclear power plants. Additionally, Loui Al Sardy actively engages in teaching and mentoring, covering various subjects in software engineering.
As the Co-Founder and COO of Sakundi Blockchain Cybersecurity Startup since 2021, Loui Al Sardy has played a pivotal role in establishing and leading the company. Specializing in AI and automation, Sakundi focuses on safeguarding blockchain solutions.
Beyond his professional pursuits, Loui is the Head of the Committee at JEA Liaison Committee in Germany, actively contributing to the engineering profession’s growth and development. He is an Associate member of the International Information Systems Security Certification Consortium (ISC2), a Certified Trainer with Human REstart, and a member of various professional organizations, showcasing his commitment to continuous learning and development.
Additional information
Supervised theses
2022
- Sören Koenen – Masterarbeit (Lehrstuhl für Software Engineering)
Konzeption, Implementierung und Evaluation heuristik-basierter Techniken zur Erkennung von Schwachstellen des Typs ‘Resource Exhaustion’ - Hisham Görner – Bachelorarbeit (Lehrstuhl für Software Engineering)
Entwicklung und Anwendung eines Memory Profilers zur Erkennung von Schwachstellen des Typs “Memory Exhaustion”
2021
- Michael Backer – Bachelorarbeit (Lehrstuhl für Software Engineering)
Evaluation of Tools based on Symbolic Execution for the Detection of Software Vulnerabilities - Linddrit Aliu – Bachelorarbeit (Lehrstuhl für Software Engineering)
Comparative Evaluation of Tools for the Detection of Race Conditions
2020
- Wingkin Mak – Bachelorarbeit (Lehrstuhl für Software Engineering)
Comparative Evaluation of Fuzzing Tools for the Detection of Software Vulnerabilities
2019
- Shalaleh Samadi – Masterarbeit (Lehrstuhl für Software Engineering)
Fuzzing for the Detection of Software Vulnerabilities - Fabian Kellermann – Bachelorarbeit (Lehrstuhl für Software Engineering)
Entwurf, Implementierung und Evaluation eines Fuzzing-Werkzeugs für Race Conditions und Locking-Probleme auf der Basis von OpenSource-Fuzzern - Daniel Rudrich – Bachelorarbeit (Lehrstuhl für Software Engineering)
Evaluation of Open Source Fuzzing Tools Supporting the Detection of Potential Buffer Overflows
2018
- Heiko Sonnenberg – Bachelorarbeit (Lehrstuhl für Software Engineering)
Statische und dynamische Analyseverfahren zur Unterstützung der Erkennung potentieller Pufferüberläufe
2017
- Tong Tang – Masterarbeit
Intelligent Testing Strategies for Buffer Overflow Detection
Publications
2023
- Andres Gomez Ramirez, Al Sardy L., and Francis Gomez Ramirez:
Tikuna: An Ethereum Blockchain Network Security Monitoring System.
Proc. Information Security Practice and Experience ISPEC 2023
Lecture Notes in Computer Science, Springer 2023
2022
- , , , , :
A Guided Search for Races Based on Data Flow Patterns
Workshops on DECSoS, DepDevOps, SASSUR, SENSEI, USDAI, and WAISE, held in conjunction with the 41st International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2022 (Munich, 2022-09-06 - 2022-09-09)
In: Mario Trapp, Erwin Schoitsch, Jérémie Guiochet, Friedemann Bitsch (ed.): Lecture Notes in Computer Science (LNCS) 2022
DOI: 10.1007/978-3-031-14862-0_10
BibTeX: Download
2021
- , , , , :
Testing for IT Security: a Guided Search Pattern for Exploitable Vulnerability Classes
SAFECOMP 2021 Workshop on Dependable Smart Embedded Cyber-Physical Systems and Systems-of-Systems (DECSoS 2021)
DOI: 10.1007/978-3-030-83906-2_8
BibTeX: Download
2019
- , , , :
Comparative Evaluation of Security Fuzzing Approaches
SAFECOMP 2019 (Abo Akademi, Turku (Finnland), 2019-09-10 - 2019-09-10)
In: Alexander Romanovsky, Elena Troubitsyna, Ilir Gashi, Erwin Schoitsch, Friedemann Bitsch für European Workshop on Industrial Computer Systems, Technical Committee on Safety, Reliability and Security (EWICS TC7) (ed.): Computer Safety, Reliability, and Security SAFECOMP 2019 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Cham: 2019
DOI: 10.1007/978-3-030-26250-1_4
URL: https://link.springer.com/chapter/10.1007/978-3-030-26250-1_4
BibTeX: Download
2018
- , , , :
Constraint-based Testing for Buffer Overflows
SAFECOMP Workshop DecSoS (Vasteras (S), 2018-09-18 - 2018-09-18)
In: Gallina, Barbara ; Skavhaug, Amund ; Schoitsch, Erwin ; Bitsch, Friedemann (ed.): Computer Safety, Reliability, and Security SAFECOMP 2018 Workshops ASSURE, DECSoS, SASSUR, STRIVE, and WAISE 2018
DOI: 10.1007/978-3-319-99229-7_10
BibTeX: Download
2017
- , , , :
Analysis of Potential Code Vulnerabilities involving Overlapping Instructions
SAFECOMP 2017 Workshop DECSoS (Trento (I), 2017-09-12 - 2017-09-12)
In: Stefano Tonetta, Erwin Schoitsch, Friedemann Bitsch (ed.): Computer Safety, Reliability, and Security SAFECOMP 2017 Workshops, ASSURE, DECSoS, SASSUR, TELERISE, and TIPS 2017
DOI: 10.1007/978-3-319-66284-8_10
URL: https://link.springer.com/chapter/10.1007/978-3-319-66284-8_10
BibTeX: Download
Projects
-
Test Patterns zur Erkennung von Softwareschwachstellen
(Third Party Funds Group – Sub project)
Overall project: Evaluierung von Verfahren zum Testen der Informationssicherheit in der nuklearen Leittechnik durch smarte Testfallgenerierung 2
Term: 2020-07-01 - 2023-06-30
Funding source: Bundesministerium für Wirtschaft und Technologie (BMWi)Das Verbundvorhaben SMARTEST2 befasst sich mit Untersuchungen zur Verbesserung der IT-Sicherheit vernetzter software-basierter leittechnischer Systeme. Aufbauend auf den Forschungsergebnissen des Vorgängerprojekts SMARTEST sollen weitergehende securityrelevante Testverfahren zur Unterstützung der Erkennung von Schwachstellen in nuklearen Leittechniksystemen erarbeitet werden.
Auf der Basis des Vorgängerteilvorhabens SMARTEST-FAU-SWE befasst sich das Teilvorhaben SMARTEST2-FAU-SWE mit der Entwicklung systematischer, angriffsspezifischer Testverfahren mittels sukzessiver Identifikation relevanter Schwachstellenklassen, statischer Verfahren zur Eingrenzung des Suchraums und zur Ermittlung der zu verfolgenden Testziele, sowie dynamischer Verfahren zur heuristischen Verfolgung der statisch identifizierten Testziele. Ein weiteres Ziel betrifft die Herleitung eines Leitfadens mittels Zuordnung der untersuchten Schwachstellenarten und der sich ergebenden Testmuster.
-
Model-based testing strategies
(Third Party Funds Group – Sub project)
Overall project: SMARTEST: Evaluierung von Verfahren zum Testen der Informationssicherheit in der nuklearen Leittechnik durch smarte Testfallgenerierung
Term: 2015-07-01 - 2018-12-31
Funding source: Bundesministerium für Wirtschaft und Technologie (BMWi)Overall goal of the cooperative project SMARTEST is to increase the ability of detecting as far as possible IT vulnerabilities in automatic control software for nuclear power plants. By removing the vulnerabilities identified the chances of IT attacks and thus also the risk of critical events due to systematic IT attacks can be reduced. Appropriate model notations are to be selected for the purpose of representing predefined attack scenarios at an adequate abstraction level. On the basis of the resulting models and scenarios, test targets are to be determined and formalised such that their achievement can provide evidence for existing system vulnerabilities. In case the testing targets are not achieved, appropriate metrics are to be provided allowing for a significant quantitative evaluation of the testing progress achieved so far. Such measurable test stopping criteria can finally be applied to control the automatic generation of optimal test data.
Talks
- Tikuna: An Ethereum Blockchain Network Security Monitoring System.
Information Security Practice and Experience Conference (ISPEC 2023),
Copenhagen (DK), 25.08.2023 - Comparative Evaluation of Security Fuzzing Approaches
SAFECOMP 2019 Workshop on Dependable Embedded and Cyber-physical Systems and Systems-of-Systems (DECSoS’19), Turku (FI), 10.9.2019 - Constraint-Based Testing for Buffer Overflows
SAFECOMP 2018 Workshop on Dependable Embedded and Cyber-physical Systems and Systems-of-Systems (DECSoS’18), Västeras (SE), 18.9.2018 - SMARTEST Project Meeting
Otto von Guericke University Magdeburg, Magdeburg (DE), 04.05.2018 - SMARTEST Project Report on Ongoing Work
Hochshule Magdeburg-Stendal, Magdeburg (DE), 21.02.2018 - Analysis of Potential Code Vulnerabilities Involving Overlapping Instructions
SAFECOMP 2017 Workshop on Dependable Embedded and Cyber-physical Systems and Systems-of-Systems (DECSoS’17), Trento (IT), 12.9.2017