A temporal logic-based model for forensic investigation in networked system security

Authors:
Slim Rekhis;Noureddine Boudriga
Affiliations:
CN&S Research Lab., University of the 7th Of November at Carthage, Tunisia;CN&S Research Lab., University of the 7th Of November at Carthage, Tunisia
Venue:
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Year:
2005

Citing 7
Cited 4

An assumption-based TMS

Artificial Intelligence
The temporal logic of actions

ACM Transactions on Programming Languages and Systems (TOPLAS)
Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers

Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers
Model Checking TLA+ Specifications

CHARME '99 Proceedings of the 10th IFIP WG 10.5 Advanced Research Working Conference on Correct Hardware Design and Verification Methods
Automated Analysis for Digital Forensic Science: Semantic Integrity Checking

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
A model based reasoning approach for generating plausible crime scenarios from evidence

ICAIL '03 Proceedings of the 9th international conference on Artificial intelligence and law
A formal logic-based language and an automated verification tool for computer forensic investigation

Proceedings of the 2005 ACM symposium on Applied computing

Visibility: a novel concept for characterising provable network digital evidences

International Journal of Security and Networks
Liability in software engineering: overview of the LISE approach and illustration on a case study

Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Device temporal forensics: an information theoretic approach

ICIP'09 Proceedings of the 16th IEEE international conference on Image processing
Liability issues in software engineering: the use of formal methods to reduce legal uncertainties

Communications of the ACM

Quantified Score

Hi-index	0.02

Visualization

Abstract

Research in computer and network forensic investigation has recently addressed the development of procedural guidelines, technical documents, and semi-automation tools. It has however omitted the need of formal proof. This work provides a novel approach that formalizes and automates the proof in digital forensic investigation. First, it brings out a formal logic-based language, called S-TLA+, to enable reasoning on systems with uncertainty, by adding forward hypotheses to fulfill potential lack of details. S-TLA+ is suitable for the description of evidences, as well as elementary scenarios fragments representing the investigators knowledge. Secondly, the proposal provides an automated verification tool, S-TLC, to prove the correctness of S-TLA+ specifications. It checks whether there are possible hacking scenarios that meet the available digital evidences, and explores additional evidences. To demonstrate its effectiveness, the formalized analysis is applied on a compromised host.