Self-Forensics Through Case Studies of Small-to-Medium Software Systems

The notion and definition of self-forensics was introduced by Mokhov to encompass software and hardware capabilities for autonomic and other systems to record their own states, events, and others encoded in a forensic form suitable for (potentially automated) forensic analysis, evidence modeling and specification, and event reconstruction for various system components. For self-forensics, “self-dissection” is possible for analysis using a standard language and decision making if the system includes such a self-forensic subsystem. The self-forensic evidence is encoded in a cyberforensic investigation case and event reconstruction language, Forensic Lucid. The encoding of the stories depicted by the evidence comprise a context as a first-class value of a Forensic Lucid “program”, after which an investigator models the case describing relationships between various events and pieces of information. It is important to get the context right for the case to have a meaning and the proper meaning computation, so we perform case studies of some small-to-medium, distributed and not, primarily academic open-source software systems. In this work, for the purpose of implementation of the small self-forensic modules for the data structures and event flow, we specify the requirements of what the context should be for those systems. The systems share in common the base programming language – Java, so our self-forensic logging of the Java data structures and events as Forensic Lucid context specification expressions is laid out ready for an investigator to examine and model the case.

[1]  Serguei A. Mokhov Introducing MARF: a Modular Audio Recognition Framework and its Applications for Scientific and Software Engineering Research , 2007, SCSS.

[2]  M Spichkova Focus on Isabelle: From specifcation to verifcation , 2008 .

[3]  Serguei A. Mokhov,et al.  Design and Implementation of Context Calculus in the GIPSY Environment , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[4]  Mourad Debbabi,et al.  Towards an integrated e-mail forensic analysis framework , 2009, Digit. Investig..

[5]  Serguei A. Mokhov Towards Improving Validation, Verification, Crash Investigations, and Event Reconstruction of Flight-Critical Systems with Self-Forensics , 2009, ArXiv.

[6]  John Hunt,et al.  Java Message Service (JMS) , 2003 .

[7]  H. Gish,et al.  Text-independent speaker identification , 1994, IEEE Signal Processing Magazine.

[8]  Chakravarthy Gundabattula,et al.  Building a State Tracing Linux Kernel , 2008, IMF.

[9]  Maria Spichkova,et al.  Focus on Isabelle : From Specification to Verification ? , 2008 .

[10]  Salim Hariri,et al.  Autonomic Computing : Concepts, Infrastructure, and Applications , 2006 .

[11]  Peter G. Kropf,et al.  The GIPSY Architecture , 2000, DCW.

[12]  Serguei A. Mokhov,et al.  Using the General Intensional Programming System (GIPSY) for Evaluation of Higher-Order Intensional Logic (HOIL) Expressions , 2010, 2010 Eighth ACIS International Conference on Software Engineering Research, Management and Applications.

[13]  R. Jagannathan,et al.  Multidimensional programming , 1995 .

[14]  Serguei A. Mokhov,et al.  Autonomic specification of self-protection for distributed MARF with ASSL , 2009, C3S2E '09.

[15]  Joey Paquet,et al.  GIPSY - A Platform for the Investigation on Intensional Programming Languages , 2005, PLC.

[16]  Joey Paquet,et al.  A Generic Framework for Migrating Demands in the GIPSY Demand-Driven Execution Engine , 2005, PLC.

[17]  Serguei A. Mokhov Towards Security Hardening of Scientific Demand-Driven and Pipelined Distributed Computing Systems , 2008, 2008 International Symposium on Parallel and Distributed Computing.

[18]  Joey Paquet,et al.  ASSL - Autonomic System Specification Language , 2007, 31st IEEE Software Engineering Workshop (SEW 2007).

[19]  Serguei A. Mokhov Towards Syntax and Semantics of Hierarchical Contexts in Multimedia Processing Applications Using MARFL , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[20]  Serguei A. Mokhov Encoding Forensic Multimedia Evidence from MARF Applications as Forensic Lucid Expressions , 2008, TeNe.

[21]  Joey Paquet,et al.  Towards a framework for specification and code generation of automatic systems , 2008 .

[22]  Joey Paquet,et al.  Towards an Autonomic Element Architecture for ASSL , 2007, International Workshop on Software Engineering for Adaptive and Self-Managing Systems (SEAMS '07).

[23]  Serguei A. Mokhov Study of best algorithm combinations for speech processing tasks in machine learning using median vs. mean clusters in MARF , 2008, C3S2E '08.

[24]  Joey Paquet,et al.  Towards a new Demand-Driven Message-Oriented Middleware in GIPSY , 2007, PDPTA.

[25]  Serguei A. Mokhov,et al.  On Design and Implementation of the Distributed Modular Audio Recognition Framework: Requirements and Specification Design Document , 2009, ArXiv.

[26]  Serguei A. Mokhov,et al.  Self-optimization Property in Autonomic Specification of Distributed MARF with ASSL , 2009, ICSOFT.

[27]  Serguei A. Mokhov,et al.  An ASSL-generated architecture for autonomic systems , 2009, C3S2E '09.

[28]  Joey Paquet Distributed Eductive Execution of Hybrid Intensional Programs , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[29]  Serguei A. Mokhov,et al.  Towards Autonomic Specification of Distributed MARF with ASSL: Self-healing , 2010, SERA.

[30]  William W. Wadge,et al.  Lucid, a nonprocedural language with iteration , 1977, CACM.

[31]  Emil Vassev General architecture for demand migration in the GIPSY demand-driven execution engine , 2005 .

[32]  Mohamed Saleh,et al.  Analyzing multiple logs for forensic evidence , 2007, Digit. Investig..

[33]  Joey Paquet,et al.  Design and Implementation of Demand Migration Systems in GIPSY , 2008, PDPTA.

[34]  Ali Reza Arasteh,et al.  Forensic memory analysis: From stack and code to execution history , 2007, Digit. Investig..

[35]  Serguei A. Mokhov Choosing Best Algorithm Combinations for Speech Processing Tasks in Machine Learning Using MARF , 2008, Canadian Conference on AI.

[36]  Jian Li,et al.  Managing Distributed MARF's Nodes with SNMP , 2008, PDPTA.

[37]  Serguei A. Mokhov,et al.  A type system for hybrid intensional-imperative programming support in GIPSY , 2009, C3S2E '09.

[38]  Harald Hiss Checking the Satisfiability of XML-Specifications , 2008 .

[39]  Jian Li,et al.  Simple Dynamic Key Management in SQL Randomization , 2009, 2009 3rd International Conference on New Technologies, Mobility and Security.

[40]  Serguei A. Mokhov The Role of Self-Forensics in Vehicle Crash Investigations and Event Reconstruction , 2009, ArXiv.

[41]  Serguei A. Mokhov,et al.  Formally Specifying and Proving Operational Aspects of Forensic Lucid in Isabelle , 2009, ArXiv.

[42]  Serguei A. Mokhov Towards Hybrid Intensional Programming with JLucid, Objective Lucid, and General Imperative Compiler Framework in the GIPSY , 2005, ArXiv.

[43]  Kaiyu Wan,et al.  Lucx: Lucid Enriched with Context , 2005, PLC.

[44]  Lingyu Wang,et al.  The Integrity Framework within the Java Data Security Framework (JDSF): Design and Implementation Refinement , 2008, TeNe.

[45]  John Plaice,et al.  Sequential Demand-Driven Evaluation of Eager TransLucid , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[46]  Ahmed Patel,et al.  Finite state machine approach to digital event reconstruction , 2004, Digit. Investig..

[47]  Serguei A. Mokhov Cryptolysis: A Framework for Verification of Optimization Heuristics for the Automated Cryptanalysis of Classical Ciphers and Natural Language Word Segmentation , 2010, 2010 Eighth ACIS International Conference on Software Engineering Research, Management and Applications.

[48]  Jian Li,et al.  A Privacy Framework within the Java Data Security Framework (JDSF): Design Refinement, Implementation, and Statistics , 2008 .

[49]  K.L. Brown,et al.  Text-independent speaker identification , 1996, 1996 IEEE International Conference on Acoustics, Speech, and Signal Processing Conference Proceedings.

[50]  Joey Paquet,et al.  Towards Autonomic GIPSY , 2008, Fifth IEEE Workshop on Engineering of Autonomic and Autonomous Systems (ease 2008).

[51]  Bo Lu,et al.  DISTRIBUTED EXECUTION OF MULTIDIMENSIONAL PROGRAMMING LANGUAGES , 2003 .

[52]  Mourad Debbabi,et al.  File Type Analysis Using Signal Processing Techniques and Machine Learning vs. File Unix Utility for Forensic Analysis , 2008, IMF.

[53]  Olga Ormandjieva,et al.  Reactive, distributed and autonomic computing aspects of AS-TRM , 2006, ICSOFT.

[54]  Xin Tong Design and implementation of context calculus in the gipsy , 2008 .

[55]  William W. Wadge,et al.  Lucid, the dataflow programming language , 1985 .

[56]  Serguei A. Mokhov,et al.  The Modular Audio Recognition Framework (MARF) and its Applications: Scientific and Software Engineering Notes , 2009, ArXiv.

[57]  William W. Wadge,et al.  Lucid - A Formal System for Writing and Proving Programs , 1976, SIAM J. Comput..

[58]  Mourad Debbabi,et al.  Formally Specifying Operational Semantics and Language Constructs of Forensic Lucid , 2008, IMF.

[59]  Serguei A. Mokhov,et al.  Advances in the Design and Implementation of a Multi-tier Architecture in the GIPSY Environment with Java , 2009, 2010 Eighth ACIS International Conference on Software Engineering Research, Management and Applications.