Secure Virtualization and Multicore Platforms State-of-the-Art report

SVaM

A Domain Specific Language for Digital Forensics and Incident Response Analysis

One of the longstanding conceptual problems in digital forensics is the dichotomy between the need for verifiable and reproducible forensic investigations, and the lack of practical mechanisms to accomplish them. With nearly four decades of professional digital forensic practice, investigator notes are still the primary source of reproducibility information, and much of it is tied to the functions of specific, often proprietary, tools. The lack of a formal means of specification for digital forensic operations results in three major problems. Specifically, there is a critical lack of: a) standardized and automated means to scientifically verify accuracy of digital forensic tools; b) methods to reliably reproduce forensic computations (their results); and c) framework for inter-operability among forensic tools. Additionally, there is no standardized means for communicating software requirements between users, researchers and developers, resulting in a mismatch in expectations. Combined with the exponential growth in data volume and complexity of applications and systems to be investigated, all of these concerns result in major case backlogs and inherently reduce the reliability of the digital forensic analyses. This work proposes a new approach to the specification of forensic computations, such that the above concerns can be addressed on a scientific basis with a new domain specific language (DSL) called nugget. DSLs are specialized languages that aim to address the concerns of particular domains by providing practical abstractions. Successful DSLs, such as SQL, can transform an application domain by providing a standardized way for users to communicate what they need without specifying how the computation should be performed. This is the first effort to build a DSL for (digital) forensic computations with the following research goals: 1) provide an intuitive formal specification language that covers core types of forensic computations and common data types; 2) provide a mechanism to extend the language that can incorporate arbitrary computations; 3) provide a prototype execution environment that allows the fully automatic execution of the computation; 4) provide a complete, formal, and auditable log of computations that can be used to reproduce an investigation; 5) demonstrate cloud-ready processing that can match the growth in data volumes and complexity

Ontologies and the Semantic Web for Digital Investigation Tool Selection

The nascent field of digital forensics is heavily influenced by practice. Much digital forensics research involves the use, evaluation, and categorization of the multitude of tools available to researchers and practitioners. As technology evolves at an increasingly rapid pace, the digital forensics field must constantly adapt by creating and evaluating new tools and techniques to perform forensic analysis on many disparate systems such as desktops, notebook computers, mobile devices, cloud, and personal wearable sensor devices, among many others. While researchers have attempted to use ontologies to classify the digital forensics domain on various dimensions, no ontology of digital forensic tools has been developed that defines the capabilities and relationships among the various digital forensic tools. To address this gap, this work develops an ontology using Resource Description Framework (RDF) and Ontology Web Language (OWL) which is searchable via SP ARQL ( an RDF query language) and catalogues common digital forensic tools. Following the concept of ontology design patterns, our ontology has a modular design to promote integration with existing ontologies. Furthermore, we progress to a semantic web application that employs reasoning in order to aid digital investigators with selecting an appropriate tool. This work serves as an important step towards building the knowledge of digital forensics tools. Additionally, this research sets the preliminary stage to bringing semantic web technology to the digital forensics domain as well as facilitates expanding the developed ontology to other tools and features, relationships, and forensic techniques

Rascal: From Algebraic Specification to Meta-Programming

Algebraic specification has a long tradition in bridging the gap between specification and programming by making specifications executable. Building on extensive experience in designing, implementing and using specification formalisms that are based on algebraic specification and term rewriting (namely Asf and Asf+Sdf), we are now focusing on using the best concepts from algebraic specification and integrating these into a new programming language: Rascal. This language is easy to learn by non-experts but is also scalable to very large meta-programming applications. We explain the algebraic roots of Rascal and its main application areas: software analysis, software transformation, and design and implementation of domain-specific languages. Some example applications in the domain of Model-Driven Engineering (MDE) are described to illustrate this.Comment: In Proceedings AMMSE 2011, arXiv:1106.596

The Rascal meta-programming language - a lab for software analysis, transformation, generation & visualization

National audienceThis paper summarizes the goals and features of a do- main specific programming language called Rascal. On the one hand it is designed to facilitate software research -- research about software in general. On the other hand Rascal is applied to specific software portfolios as well, as a means to improve them and as a means to learn to understand them. Specifically, Rascal is used create tools that analyze, transform, generate or visualize source code of software products. Such tools are motivated by the need to im- prove quality of existing software or the need to lower its cost-of-ownership. More generally such tools are cre- ated to build laboratory experiments that observe and measure quality, or try and improve software quality, etc. In this paper we provide an overview of Rascal as a "domain specific language for meta programming". We first explain its goals and then its features. We end by highlighting some example applications in the area of software analysis and transformation

Common Representation of Information Flows for Dynamic Coalitions

We propose a formal foundation for reasoning about access control policies within a Dynamic Coalition, defining an abstraction over existing access control models and providing mechanisms for translation of those models into information-flow domain. The abstracted information-flow domain model, called a Common Representation, can then be used for defining a way to control the evolution of Dynamic Coalitions with respect to information flow