Skip to main content

Toward a normative approach for forensicability: Extended Abstract

Kafalı, Özgür and Singh, Munindar P. and Williams, Laurie (2016) Toward a normative approach for forensicability: Extended Abstract. In: Proceedings of the Symposium and Bootcamp on the Science of Security. ACM-ICPS International Conference Proceeding Series . ACM, New York, USA, pp. 65-67. ISBN 978-1-4503-4277-3. (doi:10.1145/2898375.2898386) (The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided)

The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided. (Contact us about this Publication)
Official URL
http://dx.doi.org/10.1145/2898375.2898386

Abstract

Sociotechnical systems (STSs), where users interact with software components, support automated logging, i.e., what a user has performed in the system. However, most systems do not implement automated processes for inspecting the logs when a misuse happens. Deciding what needs to be logged is crucial as excessive amounts of logs might be overwhelming for human analysts to inspect. The goal of this research is to aid software practitioners to implement automated forensic logging by providing a systematic method of using attackers' malicious intentions to decide what needs to be logged. We propose Lokma: a normative framework to construct logging rules for forensic knowledge. We describe the general forensic process of Lokma, and discuss related directions.

Item Type: Book section
DOI/Identification number: 10.1145/2898375.2898386
Subjects: Q Science > Q Science (General) > Q335 Artificial intelligence
Divisions: Faculties > Sciences > School of Computing > Security Group
Depositing User: Ozgur Kafali
Date Deposited: 04 Feb 2018 12:37 UTC
Last Modified: 24 Sep 2019 08:18 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/65877 (The current URI for this page, for reference purposes)
  • Depositors only (login required):