6 research outputs found

    Quality Control in Criminal Investigation

    Get PDF
    Edited by Xabier Agirre Aranburu, Morten Bergsmo, Simon De Smet and Carsten Stahn, this 1,108-page book offers detailed analyses on how the investigation and preparation of fact-rich cases can be improved, both in national and international jurisdictions. Twenty-four chapters organized in five parts address, inter alia, evidence and analysis, systemic challenges in case-preparation, investigation plans as instruments of quality control, and judicial and prosecutorial participation in investigation and case-preparation. The authors include Antonio Angotti, Devasheesh Bais, Olympia Bekou, Gilbert Bitti, Leïla Bourguiba, Thijs B. Bouwknegt, Ewan Brown, Eleni Chaitidou, Cale Davis, Markus Eikel, Shreeyash Uday Lalit, Moa Lidén, Tor-Geir Myhrer, Trond Myklebust, Matthias Neuner, Christian Axboe Nielsen, Gilad Noam, Gavin Oxburgh, David Re, Alf Butenschøn Skre, Usha Tandon, William Webster and William H. Wiley, in addition to the four co-editors. There are also forewords by Fatou Bensouda and Manoj Kumar Sinha, and a prologue by Gregory S. Gordon.The book follows from a conference at the Indian Law Institute in New Delhi, and is the main outcome of the third leg of a research project of the Centre for International Law Research and Policy (CILRAP) known as the 'Quality Control Project'. Other books produced by the project are Quality Control in Fact-Finding (Second Edition, 2020) and Quality Control in Preliminary Examination: Volumes 1 and 2 (2018). Covering three distinct phases - documentation, preliminary examination and investigation - the volumes consider how the quality of each phase can be improved. Emphasis is placed on the nourishment of an individual mindset and institutional culture of quality control.bookExploring the Frontiers of International La

    Human decision-making in computer security incident response

    Get PDF
    Background: Cybersecurity has risen to international importance. Almost every organization will fall victim to a successful cyberattack. Yet, guidance for computer security incident response analysts is inadequate. Research Questions: What heuristics should an incident analyst use to construct general knowledge and analyse attacks? Can we construct formal tools to enable automated decision support for the analyst with such heuristics and knowledge? Method: We take an interdisciplinary approach. To answer the first question, we use the research tradition of philosophy of science, specifically the study of mechanisms. To answer the question on formal tools, we use the research tradition of program verification and logic, specifically Separation Logic. Results: We identify several heuristics from biological sciences that cybersecurity researchers have re-invented to varying degrees. We consolidate the new mechanisms literature to yield heuristics related to the fact that knowledge is of clusters of multi-field mechanism schema on four dimensions. General knowledge structures such as the intrusion kill chain provide context and provide hypotheses for filling in details. The philosophical analysis answers this research question, and also provides constraints on building the logic. Finally, we succeed in defining an incident analysis logic resembling Separation Logic and translating the kill chain into it as a proof of concept. Conclusion: These results benefits incident analysis, enabling it to expand from a tradecraft or art to also integrate science. Future research might realize our logic into automated decision-support. Additionally, we have opened the field of cybersecuity to collaboration with philosophers of science and logicians

    Abducing Compliance of Incomplete Event Logs

    No full text
    The capability to store data about business processes execution in so-called Event Logs has brought to the diffusion of tools for the analysis of process executions and for the assessment of the goodness of a process model. Nonetheless, these tools are often very rigid in dealing with Event Logs that include incomplete information about the process execution. Thus, while the ability of handling incomplete event data is one of the challenges mentioned in the process mining manifesto, the evaluation of compliance of an execution trace still requires an end-to-end complete trace to be performed. This paper exploits the power of abduction to provide a flexible, yet computationally effective, framework to deal with different forms of incompleteness in an Event Log. Moreover it proposes a refinement of the classical notion of compliance into strong and conditional compliance to take into account incomplete logs

    Diagnosing runtime violations of security and dependability properties

    Get PDF
    Monitoring the preservation of security and dependability (S&D) properties of complex software systems is widely accepted as a necessity. Basic monitoring can detect violations but does not always provide sufficient information for deciding what the appropriate response to a violation is. Such decisions often require additional diagnostic information that explains why a violation has occurred and can, therefore, indicate what would be an appropriate response action to it. In this thesis, we describe a diagnostic procedure for generating explanations of violations of S&D properties developed as extension of a runtime monitoring framewoek, called EVEREST. The procedure is based on a combination of abductive and evidential reasoning about violations of S&D properties which are expressed in Event Calculus.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

    Cognitive Foundations for Visual Analytics

    Full text link
    corecore