skip to main content
10.1145/2898375.2898386acmotherconferencesArticle/Chapter ViewAbstractPublication PageshotsosConference Proceedingsconference-collections
poster

Toward a normative approach for forensicability

Published: 19 April 2016 Publication History

Abstract

Sociotechnical systems (STSs), where users interact with software components, support automated logging, i.e., what a user has performed in the system. However, most systems do not implement automated processes for inspecting the logs when a misuse happens. Deciding what needs to be logged is crucial as excessive amounts of logs might be overwhelming for human analysts to inspect. The goal of this research is to aid software practitioners to implement automated forensic logging by providing a systematic method of using attackers' malicious intentions to decide what needs to be logged. We propose Lokma: a normative framework to construct logging rules for forensic knowledge. We describe the general forensic process of Lokma, and discuss related directions.

References

[1]
A. R. Arasteh, M. Debbabi, A. Sakha, and M. Saleh. Analyzing multiple logs for forensic evidence. Digit. Investig., 4:82--91, Sept. 2007.
[2]
E. M. Clarke, O. Grumberg, and D. A. Peled. Model Checking. MIT Press, Cambridge, Massachusetts, 1999.
[3]
J. King, R. Pandita, and L. Williams. Enabling forensics by proposing heuristics to identify mandatory log events. In Proceedings of the Symposium and Bootcamp on the Science of Security (HotSoS), pages 6:1--6:11, Urbana-Champaign, 2015. ACM.
[4]
L. Layman, S. D. Diffo, and N. Zazworka. Human factors in webserver log file analysis: A controlled experiment on investigating malicious activity. In Proceedings of the Symposium and Bootcamp on the Science of Security (HotSoS), pages 9:1--9:11, Raleigh, 2014. ACM.
[5]
W. Lueks, M. H. Everts, and J.-H. Hoepman. Revocable privacy: Principles, use cases, and technologies. In Annual Privacy Forum (APF), 2015.
[6]
S. Peisert. A Model of Forensic Analysis Using Goal-oriented Logging. PhD thesis, University of California at San Diego, 2007.
[7]
S. Peisert, M. Bishop, and K. Marzullo. Computer forensics in forensis. ACM Operating Systems Review (OSR) Special Issue on Computer Forensics, 42(3):112--122, April 2008.
[8]
M. P. Singh. Norms as a basis for governing sociotechnical systems. ACM Transactions on Intelligent Systems and Technology (TIST), 5(1):21:1--21:23, Dec. 2013.
[9]
J. Young and A. Anton. A method for identifying software requirements based on policy commitments. In Requirements Engineering Conference (RE), 2010 18th IEEE International, pages 47--56, 2010.
[10]
S. Zawoad, A. K. Dutta, and R. Hasan. SecLaaS: Secure logging-as-a-service for cloud forensics. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security (ASIA CCS), pages 219--230, Hangzhou, China, 2013. ACM.

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
HotSos '16: Proceedings of the Symposium and Bootcamp on the Science of Security
April 2016
138 pages
ISBN:9781450342773
DOI:10.1145/2898375
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 April 2016

Check for updates

Author Tags

  1. forensic logging
  2. requirements
  3. security
  4. social norms
  5. sociotechnical systems

Qualifiers

  • Poster

Funding Sources

Conference

HotSoS '16
HotSoS '16: HotSos 2016 Science of Security
April 19 - 21, 2016
Pennsylvania, Pittsburgh

Acceptance Rates

Overall Acceptance Rate 34 of 60 submissions, 57%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 92
    Total Downloads
  • Downloads (Last 12 months)3
  • Downloads (Last 6 weeks)0
Reflects downloads up to 25 Dec 2024

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media