Reasoning About a Simulated Printer Case Investigation with Forensic Lucid (abstract).
- SourceAvailable from: Joey Paquet[Show abstract] [Hide abstract]
ABSTRACT: We apply the theoretical framework and formal model of the observation tuple with the credibility weight for forensic analysis of the IDS data and the corresponding event reconstruction. Forensic Lucid - a forensic case modeling and specification language is used for the task. In the ongoing theoretical and practicalwork, Forensic Lucid is augmented with the Dempster-Shafer theory of mathematical evidence to include the credibility factors of the evidential IDS observations. Forensic Lucid's toolset is practically being implemented within the General Intensional Programming System (GIPSY) and the probabilisticmodel-checking tool PRISM as a backend to compile the Forensic Lucid model into the PRISM's code and model-check it. This work may also help with further generalization of the testing methodology of IDSs .Recent Advances in Intrusion Detection, 13th International Symposium, RAID 2010, Ottawa, Ontario, Canada, September 15-17, 2010. Proceedings; 01/2010
- [Show abstract] [Hide abstract]
ABSTRACT: Lucid programs are data-flow programs and can be visually represented as data flow graphs (DFGs) and composed visually. Forensic Lucid, a Lucid dialect, is a language to specify and reason about cyberforensic cases. It includes the encoding of the evidence (representing the context of evaluation) and the crime scene modeling in order to validate claims against the model and perform event reconstruction, potentially within large swaths of digital evidence. To aid investigators to model the scene and evaluate it, instead of typing a Forensic Lucid program, we propose to expand the design and implementation of the Lucid DFG programming onto Forensic Lucid case modeling and specification to enhance the usability of the language and the system and its behavior. We briefly discuss the related work on visual programming an DFG modeling in an attempt to define and select one approach or a composition of approaches for Forensic Lucid based on various criteria such as previous implementation, wide use, formal backing in terms of semantics and translation. In the end, we solicit the readers' constructive, opinions, feedback, comments, and recommendations within the context of this short discussion.
- [Show abstract] [Hide abstract]
ABSTRACT: This work is multifold. We review the historical literature on the Lucid programming language, its dialects, intensional logic, intensional programming, the implementing systems, and context-oriented and context-aware computing and so on that provide a contextual framework for the converging Core Lucid standard programming model. We are designing a standard specification of a baseline Lucid virtual machine for generic execution of Lucid programs. The resulting Core Lucid language would inherit the properties of generalization attempts of GIPL (1999-2013) and TransLucid (2008-2013) for all future and recent Lucid implementing systems to follow. We also maintain this work across local research group in order to foster deeper collaboration, maintain a list of recent and historical bibliography and a reference manual and reading list for students. We form a (for now informal) SIGLUCID group to keep track of this standard and historical records with eventual long-term goal through iterative revisions for this work to become a book or an encyclopedia of the referenced topics, and perhaps, an RFC. We first begin small with this initial set of notes.