Reasoning About a Simulated Printer Case Investigation with Forensic Lucid

In this work we model the ACME (a fictitious company name) "printer case incident" and make its specification in Forensic Lucid, a Lucid- and intensional-logic-based programming language for cyberforensic analysis and event reconstruction specification. The printer case involves a dispute between two parties that was previously solved using the finite-state automata (FSA) approach, and is now re-done in a more usable way in Forensic Lucid. Our simulation is based on the said case modeling by encoding concepts like evidence and the related witness accounts as an evidential statement context in a Forensic Lucid program, which is an input to the transition function that models the possible deductions in the case. We then invoke the transition function (actually its reverse) with the evidential statement context to see if the evidence we encoded agrees with one's claims and then attempt to reconstruct the sequence of events that may explain the claim or disprove it.Comment: 18 pages, 3 figures, 7 listings, TOC, index; this article closely relates to arXiv:0906.0049 and arXiv:0904.3789 but to remain stand-alone repeats some of the background and introductory content; abstract presented at HSC'09 and the full updated paper at ICDF2C'11. This is an updated/edited version after ICDF2C proceedings with more references and correction

Object-Oriented Intensional Programming: Intensional Classes Using Java and Lucid

This article introduces Object-Oriented Intensional Programming (OO-IP), a new hybrid language between Object-Oriented and Intensional Programming Languages in the sense of the latest evolutions of Lucid. This new hybrid language combines the essential characteristics of Lucid and Java, and introduces the notion of object streams which makes it is possible that each element in a Lucid stream to be an object with embedded intensional properties. Interestingly, this hybrid language also brings to Java objects the power to explicitly express and manipulate the notion of context, creating the novel concept of intensional object, i.e. objects whose evaluation is context-dependent, which are here demonstrated to be translatable into standard objects. By this new approach, we extend the use and meaning of the notion of intensional objects and enrich the meaning of object streams in Lucid and semantics of intensional objects in Java.Comment: 27 pages, 8 listings, 2 tables, 5 figure

Towards Hybrid Intensional Programming with JLucid, Objective Lucid, and General Imperative Compiler Framework in the GIPSY

Pure Lucid programs are concurrent with very fine granularity. Sequential Threads (STs) are functions introduced to enlarge the grain size; they are passed from server to workers by Communication Procedures (CPs) in the General Intensional Programming System (GIPSY). A JLucid program combines Java code for the STs with Lucid code for parallel control. Thus first, in this thesis, we describe the way in which the new JLucid compiler generates STs and CPs. JLucid also introduces array support. Further exploration goes through the additional transformations that the Lucid family of languages has undergone to enable the use of Java objects and their members, in the Generic Intensional Programming Language (GIPL), and Indexical Lucid: first, in the form of JLucid allowing the use of pseudo-objects, and then through the specifically-designed the Objective Lucid language. The syntax and semantic definitions of Objective Lucid and the meaning of Java objects within an intensional program are provided with discussions and examples. Finally, there are many useful scientific and utility routines written in many imperative programming languages other than Java, for example in C, C++, Fortran, Perl, etc. Therefore, it is wise to provide a framework to facilitate inclusion of these languages into the GIPSY and their use by Lucid programs. A General Imperative Compiler Framework and its concrete implementation is proposed to address this issue

The Need to Support of Data Flow Graph Visualization of Forensic Lucid Programs, Forensic Evidence, and their Evaluation by GIPSY

Lucid programs are data-flow programs and can be visually represented as data flow graphs (DFGs) and composed visually. Forensic Lucid, a Lucid dialect, is a language to specify and reason about cyberforensic cases. It includes the encoding of the evidence (representing the context of evaluation) and the crime scene modeling in order to validate claims against the model and perform event reconstruction, potentially within large swaths of digital evidence. To aid investigators to model the scene and evaluate it, instead of typing a Forensic Lucid program, we propose to expand the design and implementation of the Lucid DFG programming onto Forensic Lucid case modeling and specification to enhance the usability of the language and the system and its behavior. We briefly discuss the related work on visual programming an DFG modeling in an attempt to define and select one approach or a composition of approaches for Forensic Lucid based on various criteria such as previous implementation, wide use, formal backing in terms of semantics and translation. In the end, we solicit the readers' constructive, opinions, feedback, comments, and recommendations within the context of this short discussion.Comment: 11 pages, 7 figures, index; extended abstract presented at VizSec'10 at http://www.vizsec2010.org/posters ; short paper accepted at PST'1

Toward Formal Reasoning in Cyberforensic Case Investigation with Forensic Lucid

This work focuses on the application of the intensional logic to cyberforensic analysis and its benefits and difficulties are compared with the finite-state automata approach. This work extends the use of the scientific intensional programming paradigm onto modeling and implementation of a cyberforensics investigation process with the backtrace of event reconstruction, modeling the evidence as multidimensional hierarchical contexts, and proving or disproving the claims with it in the intensional manner of evaluation. This is a practical, context-aware improvement over the finite state automata (FSA) approach we have seen in the related works. As a base implementation language model we use in this approach is a new dialect of the Lucid programming language, that we call Forensic Lucid and we define hierarchical contexts based on the intensional logic for the evaluation of cyberforensic expressions. We also augment the work with the credibility factors surrounding digital evidence and witness accounts, which have not been previously modeled. The Forensic Lucid programming language proposed for this intensional cyberforensic analysis, includes the syntax and operational semantics. In large part, the language is based on its predecessor and codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective Lucid, and JOOIP bound by the intensional (temporal) logic that is behind them. The distributed Java-based eduction (demand-driven) evaluation engine of the General Intensional Programming System (GIPSY) is the run-time system to cope with the scalability issues of the large evidential knowledge base. We then propose a near future work with the dataflow graph visualization and a toolset for compilation and execution of the Forensic Lucid programs. We show some examples by re-writing them in Forensic Lucid. We then postulate other investigations applications beyond the digital forensics domain

Towards Security Hardening of Scientific Demand-Driven and Pipelined Distributed Computing Systems

This work highlights and takes aim at the most critical security aspects required for two different types of distributed systems for scientific computation. It covers two open-source systems written in Java: a demand-driven system - general intensional programming system (GIPSY) and a pipelined system - distributed modular audio recognition framework (DMARF), which are the distributed scientific computational engines used as case studies with respect to the security aspects. More specific goals include data/demand integrity, data/demand origin authentication, confidentiality, high availability, and malicious code detection. We address some of the goals to a degree, some with the Java data security framework (JDSF) as a work-in- progress