Toward Formal Reasoning in Cyberforensic Case Investigation with Forensic Lucid

This work focuses on the application of the intensional logic to cyberforensic analysis and its benefits and difficulties are compared with the finite-state automata approach. This work extends the use of the scientific intensional programming paradigm onto modeling and implementation of a cyberforensics investigation process with the backtrace of event reconstruction, modeling the evidence as multidimensional hierarchical contexts, and proving or disproving the claims with it in the intensional manner of evaluation. This is a practical, context-aware improvement over the finite state automata (FSA) approach we have seen in the related works. As a base implementation language model we use in this approach is a new dialect of the Lucid programming language, that we call Forensic Lucid and we define hierarchical contexts based on the intensional logic for the evaluation of cyberforensic expressions. We also augment the work with the credibility factors surrounding digital evidence and witness accounts, which have not been previously modeled. The Forensic Lucid programming language proposed for this intensional cyberforensic analysis, includes the syntax and operational semantics. In large part, the language is based on its predecessor and codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective Lucid, and JOOIP bound by the intensional (temporal) logic that is behind them. The distributed Java-based eduction (demand-driven) evaluation engine of the General Intensional Programming System (GIPSY) is the run-time system to cope with the scalability issues of the large evidential knowledge base. We then propose a near future work with the dataflow graph visualization and a toolset for compilation and execution of the Forensic Lucid programs. We show some examples by re-writing them in Forensic Lucid. We then postulate other investigations applications beyond the digital forensics domain

Intensional Cyberforensics

This work focuses on the application of intensional logic to cyberforensic analysis and its benefits and difficulties are compared with the finite-state-automata approach. This work extends the use of the intensional programming paradigm to the modeling and implementation of a cyberforensics investigation process with backtracing of event reconstruction, in which evidence is modeled by multidimensional hierarchical contexts, and proofs or disproofs of claims are undertaken in an eductive manner of evaluation. This approach is a practical, context-aware improvement over the finite state automata (FSA) approach we have seen in previous work. As a base implementation language model, we use in this approach a new dialect of the Lucid programming language, called Forensic Lucid, and we focus on defining hierarchical contexts based on intensional logic for the distributed evaluation of cyberforensic expressions. We also augment the work with credibility factors surrounding digital evidence and witness accounts, which have not been previously modeled. The Forensic Lucid programming language, used for this intensional cyberforensic analysis, formally presented through its syntax and operational semantics. In large part, the language is based on its predecessor and codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective Lucid, and JOOIP bound by the underlying intensional programming paradigm.Comment: 412 pages, 94 figures, 18 tables, 19 algorithms and listings; PhD thesis; v2 corrects some typos and refs; also available on Spectrum at http://spectrum.library.concordia.ca/977460

Intensional Cyberforensics

This work focuses on the application of intensional logic to cyberforensic analysis and its benefits and difficulties are compared with the finite-state-automata approach. This work extends the use of the intensional programming paradigm to the modeling and implementation of a cyberforensics investigation process with backtracing of event reconstruction, in which evidence is modeled by multidimensional hierarchical contexts, and proofs or disproofs of claims are undertaken in an eductive manner of evaluation. This approach is a practical, context-aware improvement over the finite state automata (FSA) approach we have seen in previous work. As a base implementation language model, we use in this approach a new dialect of the Lucid programming language, called Forensic Lucid, and we focus on defining hierarchical contexts based on intensional logic for the distributed evaluation of cyberforensic expressions. We also augment the work with credibility factors surrounding digital evidence and witness accounts, which have not been previously modeled. The Forensic Lucid programming language, used for this intensional cyberforensic analysis, formally presented through its syntax and operational semantics. In large part, the language is based on its predecessor and codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective Lucid, MARFL, and JOOIP bound by the underlying intensional programming paradigm

A GIPSY Runtime System with a Kubernetes Underlay for the OpenTDIP Forensic Computing Backend

In this research work, we propose an underlay based on Kubernetes to enhance the scalable fault tolerance of the General Intensional Programming System's distributed run-time demand-driven backend to gather digital evidence from GitHub repositories and encode them in Forensic Lucid for further analysis in the integrated OpenTDIP environment. We developed a solution so that forensic investigators could use GitHub to gather a dataset to investigate program flaws and vulnerabilities related to security from GitHub projects written in different programming languages. For this purpose, we design and implement a JSON demand-driven encoder to perform a Forensic Lucid conversion pipeline (data extraction, format conversion, and file compilation). In order to distribute the execution, we utilized the GIPSY distributed computing system. We also integrated Kubernetes with GIPSY distributed computing system in order to improve the configuring, starting up and registering GIPSY nodes, so that GIPSY nodes could get registered automatically without any manual configuration. In addition, provide a mechanism to have a scalable fault-tolerant system so that when a GIPSY node dies, it will handle reallocation, configuration and registration of the GIPSY nodes automatically

Scalable Automatic Service Composition using Genetic Algorithms

A composition of simple web services, each dedicated to performing a specific sub- task involved, proves to be a more competitive solution than an equivalent atomic web service for a complex requirement comprised of several sub-tasks. Composite services have been extensively researched and perfected in many aspects for over two decades, owing to benefits such as component re-usability, broader options for composition requesters, and the liberty to specialize for component providers. However, most studies in this field must acknowledge that each web service has a limited context in which it can successfully perform its tasks, the boundaries defined by the internal constraints imposed on the service by its providers. The restricted context-spaces of all such component services define the contextual boundaries of the composite service as a whole when used in a composition, making internal constraints an essential factor in composite service functionality. Due to their limited exposure, no systems have yet been proposed on the large-scale solution repository to cater to the specific verification of internal constraints imposed on components of a composite service. In this thesis, we propose a scalable automatic service composition capable of not only automatically constructing context-aware composite web services with internal constraints positioned for optimal resource utilization but also validating the generated compositions on a large-scale solution repository using the General Intensional Programming System (GIPSY) as a time- and cost-efficient simulation/execution environment