论文信息 - A Formal Approach for the Reconstruction of Potential Attack Scenarios

A Formal Approach for the Reconstruction of Potential Attack Scenarios

In this paper, we provide a logic for digital investigation of security incidents and its high level-specification language. The logic is used to prove the existence or non-existence of potential attack scenarios which, if executed on the investigated system, would produce the different forms of specified evidences. To generate executable attack scenarios showing with details how the attack scenario was conducted and how the system behaved accordingly, we develop in this paper a Model Checker tool which provides tolerance to unknown attacks and integrates a technique for hypothetical actions generation.

S. Rekhis | N. Boudriga | N. Boudriga | S. Rekhis

[1] Leslie Lamport,et al. Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers [Book Review] , 2002, Computer.

[2] Karl N. Levitt,et al. Automated analysis for digital forensic science: semantic integrity checking , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[3] Leslie Lamport,et al. The temporal logic of actions , 1994, TOPL.

[4] Peter Stephenson. Modeling of Post-Incident Root Cause Analysis , 2003, Int. J. Digit. EVid..

[5] Noureddine Boudriga,et al. A Temporal Logic-Based Model for Forensic Investigation in Networked System Security , 2005, MMM-ACNS.

[6] Eugene H. Spafford,et al. A hypothesis-based approach to digital forensic investigations , 2006 .