Loui Al Sardy

Dr.-Ing. Loui Al Sardy

Assistant Professor (Asst. Prof.)

Department Informatik (INF)

Room: Room 06.130
Martensstraße 3
91058 Erlangen
Bavaria, Germany

Consultation hours

Kindly schedule an appointment via email.

Short vita

Loui Al Sardy is a research and teaching assistant at the Lab of Computer Networks and Communication Systems. He holds a Master’s degree in Software Engineering for Industrial Applications from Hof University and a Bachelor’s degree in Electrical Engineering from the University of Jordan.

From 2016 through the summer of 2023, in his prior academic position as a Research and Teaching Assistant at the chair of Software Engineering, Loui Al Sardy contributes to the field of IT security and software testing. His extensive research experience includes projects like SMARTEST and SMARTEST2, aiming to enhance security in software-based control systems for nuclear power plants. Additionally, Loui Al Sardy actively engages in teaching and mentoring, covering various subjects in software engineering.

As the Co-Founder and COO of Sakundi Blockchain Cybersecurity Startup since 2021, Loui Al Sardy has played a pivotal role in establishing and leading the company. Specializing in AI and automation, Sakundi focuses on safeguarding blockchain solutions.

Beyond his professional pursuits, Loui is the Head of the Committee at JEA Liaison Committee in Germany, actively contributing to the engineering profession’s growth and development. He is an Associate member of the International Information Systems Security Certification Consortium (ISC2), a Certified Trainer with Human REstart, and a member of various professional organizations, showcasing his commitment to continuous learning and development.

Additional information

2024

 

  • Masterarbeit
    Prioritization of Test Cases Based on Source Code Changes Using Machine Learning
  • Masterarbeit
    Application and Evaluation of Machine Learning Methods to Optimize the Practical Use of a Fingerprinting-based Localization System

 

2022

 

  • Masterarbeit (Lehrstuhl für Software Engineering)
    Konzeption, Implementierung und Evaluation heuristik-basierter Techniken zur Erkennung von Schwachstellen des Typs ‘Resource Exhaustion’
  • Bachelorarbeit (Lehrstuhl für Software Engineering)
    Entwicklung und Anwendung eines Memory Profilers zur Erkennung von Schwachstellen des Typs “Memory Exhaustion”

 

2021

 

  • Bachelorarbeit (Lehrstuhl für Software Engineering)
    Evaluation of Tools based on Symbolic Execution for the Detection of Software Vulnerabilities
  • Bachelorarbeit (Lehrstuhl für Software Engineering)
    Comparative Evaluation of Tools for the Detection of Race Conditions

 

2020

 

  • Bachelorarbeit (Lehrstuhl für Software Engineering)
    Comparative Evaluation of Fuzzing Tools for the Detection of Software Vulnerabilities

 

2019

 

  • Masterarbeit (Lehrstuhl für Software Engineering)
    Fuzzing for the Detection of Software Vulnerabilities
  • Bachelorarbeit (Lehrstuhl für Software Engineering)
    Entwurf, Implementierung und Evaluation eines Fuzzing-Werkzeugs für Race Conditions und Locking-Probleme auf der Basis von OpenSource-Fuzzern
  • Bachelorarbeit (Lehrstuhl für Software Engineering)
    Evaluation of Open Source Fuzzing Tools Supporting the Detection of Potential Buffer Overflows

 

2018

 

  • Bachelorarbeit (Lehrstuhl für Software Engineering)
    Statische und dynamische Analyseverfahren zur Unterstützung der Erkennung potentieller Pufferüberläufe

 

2017

 

  • Masterarbeit (Lehrstuhl für Software Engineering)
    Intelligent Testing Strategies for Buffer Overflow Detection

2023

  • Andres Gomez Ramirez, Al Sardy L., and Francis Gomez Ramirez:
    Tikuna: An Ethereum Blockchain Network Security Monitoring System.
    Proc. Information Security Practice and Experience ISPEC 2023
    Lecture Notes in Computer Science, Springer 2023

2024

2023

2022

  • , , , , :
    A Guided Search for Races Based on Data Flow Patterns
    Workshops on DECSoS, DepDevOps, SASSUR, SENSEI, USDAI, and WAISE, held in conjunction with the 41st International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2022 (Munich, 2022-09-06 - 2022-09-09)
    In: Lecture Notes in Computer Science (LNCS)
    DOI: 10.1007/978-3-031-14862-0_10
    BibTeX: Download

2021

2019

2018

2017

  • Test Patterns zur Erkennung von Softwareschwachstellen

    (Third Party Funds Group – Sub project)

    Overall project: Evaluierung von Verfahren zum Testen der Informationssicherheit in der nuklearen Leittechnik durch smarte Testfallgenerierung 2
    Term: 2020-07-01 - 2023-06-30
    Funding source: Bundesministerium für Wirtschaft und Technologie (BMWi)

    Das Verbundvorhaben SMARTEST2 befasst sich mit Untersuchungen zur Verbesserung der IT-Sicherheit vernetzter software-basierter leittechnischer Systeme. Aufbauend auf den Forschungsergebnissen des Vorgängerprojekts SMARTEST sollen weitergehende securityrelevante Testverfahren zur Unterstützung der Erkennung von Schwachstellen in nuklearen Leittechniksystemen erarbeitet werden.

    Auf der Basis des Vorgängerteilvorhabens SMARTEST-FAU-SWE befasst sich das Teilvorhaben SMARTEST2-FAU-SWE mit der Entwicklung systematischer, angriffsspezifischer Testverfahren mittels sukzessiver Identifikation relevanter Schwachstellenklassen, statischer Verfahren zur Eingrenzung des Suchraums und zur Ermittlung der zu verfolgenden Testziele, sowie dynamischer Verfahren zur heuristischen Verfolgung der statisch identifizierten Testziele. Ein weiteres Ziel betrifft die Herleitung eines Leitfadens mittels Zuordnung der untersuchten Schwachstellenarten und der sich ergebenden Testmuster.

  • Model-based testing strategies

    (Third Party Funds Group – Sub project)

    Overall project: SMARTEST: Evaluierung von Verfahren zum Testen der Informationssicherheit in der nuklearen Leittechnik durch smarte Testfallgenerierung
    Term: 2015-07-01 - 2018-12-31
    Funding source: Bundesministerium für Wirtschaft und Technologie (BMWi)
    Overall goal of the cooperative project SMARTEST is to increase the ability of detecting as far as possible IT vulnerabilities in automatic control software for nuclear power plants. By removing the vulnerabilities identified the chances of IT attacks and thus also the risk of critical events due to systematic IT attacks can be reduced. Appropriate model notations are to be selected for the purpose of representing predefined attack scenarios at an adequate abstraction level. On the basis of the resulting models and scenarios, test targets are to be determined and formalised such that their achievement can provide evidence for existing system vulnerabilities. In case the testing targets are not achieved, appropriate metrics are to be provided allowing for a significant quantitative evaluation of the testing progress achieved so far. Such measurable test stopping criteria can finally be applied to control the automatic generation of optimal test data.

  • Tikuna: An Ethereum Blockchain Network Security Monitoring System.
    Information Security Practice and Experience Conference (ISPEC 2023),
    Copenhagen (DK), 25.08.2023
  • Comparative Evaluation of Security Fuzzing Approaches
    SAFECOMP 2019 Workshop on Dependable Embedded and Cyber-physical Systems and Systems-of-Systems (DECSoS’19), Turku (FI), 10.9.2019
  • Constraint-Based Testing for Buffer Overflows
    SAFECOMP 2018 Workshop on Dependable Embedded and Cyber-physical Systems and Systems-of-Systems (DECSoS’18), Västeras (SE), 18.9.2018
  • SMARTEST Project Meeting
    Otto von Guericke University Magdeburg, Magdeburg (DE), 04.05.2018
  • SMARTEST Project Report on Ongoing Work
    Hochshule Magdeburg-Stendal, Magdeburg (DE), 21.02.2018
  • Analysis of Potential Code Vulnerabilities Involving Overlapping Instructions
    SAFECOMP 2017 Workshop on Dependable Embedded and Cyber-physical Systems and Systems-of-Systems (DECSoS’17), Trento (IT), 12.9.2017