Erisa Karafili

Defeasible Reasoning about Electric Consumptions

Conflicting rules and rules with exceptions are very common in natural language specification to describe the behaviour of devices operating in a real-world context. This is common exactly because those specifications are processed by humans, and humans apply common sense and strategic reasoning about those rules. In this paper, we deal with the challenge of providing, step by step, a model of energy saving rule specification and processing methods that are used to reduce the consumptions of a system of devices. We argue that a very promising non-monotonic approach to such a problem can lie upon Defeasible Logic. Starting with rules specified at an abstract level, but compatibly with the natural aspects of such a specification (including temporal and power absorption constraints), we provide a formalism that generates the extension of a basic defeasible logic, which corresponds to turned on or off devices.

An argumentation reasoning approach for data processing

The study extends the data manufacturing analogy to a Big Data context, where multiple actors are using, reusing, selling and reselling the data in a broader context of data marketplaces.We highlight the fact that data quality, usage control and sharing agreements should be considered in the data processing mechanisms.An argumentation reasoning approach is followed to explain how data processing can address quality and sharing concerns. Data-intensive environments enable us to capture information and knowledge about the physical surroundings, to optimise our resources, enjoy personalised services and gain unprecedented insights into our lives. However, to obtain these endeavours extracted from the data, this data should be generated, collected and the insight should be exploited. Following an argumentation reasoning approach for data processing and building on the theoretical background of data management, we highlight the importance of data sharing agreements (DSAs) and quality attributes for the proposed data processing mechanism. The proposed approach is taking into account the DSAs and usage policies as well as the quality attributes of the data, which were previously neglected compared to existing methods in the data processing and management field. Previous research provided techniques towards this direction; however, a more intensive research approach for processing techniques should be introduced for the future to enhance the value creation from the data and new strategies should be formed around this data generated daily from various devices and sources.

A Formal Approach to Analyzing Cyber-Forensics Evidence

The frequency and harmfulness of cyber-attacks are increasing every day, and with them also the amount of data that the cyber-forensics analysts need to collect and analyze. In this paper, we propose a formal analysis process that allows an analyst to filter the enormous amount of evidence collected and either identify crucial information about the attack (e.g., when it occurred, its culprit, its target) or, at the very least, perform a pre-analysis to reduce the complexity of the problem in order to then draw conclusions more swiftly and efficiently. We introduce the Evidence Logic EL for representing simple and derived pieces of evidence from different sources. We propose a procedure, based on monotonic reasoning, that rewrites the pieces of evidence with the use of tableau rules, based on relations of trust between sources and the reasoning behind the derived evidence, and yields a consistent set of pieces of evidence. As proof of concept, we apply our analysis process to a concrete cyber-forensics case study.

Helping Forensic Analysts to Attribute Cyber-Attacks: An Argumentation-Based Reasoner

Discovering who performed a cyber-attack or from where it originated is essential in order to determine an appropriate response and future risk mitigation measures. In this work, we propose a novel argumentation-based reasoner for analyzing and attributing cyber-attacks that combines both technical and social evidence. Our reasoner helps the digital forensics analyst during the analysis of the forensic evidence by providing to the analyst the possible culprits of the attack, new derived evidence, hints about missing evidence, and insights about other paths of investigation. The proposed reasoner is flexible, deals with conflicting and incomplete evidence, and was tested on real cyber-attacks cases.

Formalizing Threat Models for Virtualized Systems

We propose a framework, called FATHoM (FormAlizing THreat Models), to define threat models for virtualized systems. For each component of a virtualized system, we specify a set of security properties that defines its control responsibility, its vulnerability and protection states. Relations are used to represent how assumptions made about a component’s security state restrict the assumptions that can be made on the other components. FATHoM includes a set of rules to compute the derived security states from the assumptions and the components’ relations. A further set of relations and rules is used to define how to protect the derived vulnerable components. The resulting system is then analysed, among others, for consistency of the threat model. We have developed a tool that implements FATHoM, and have validated it with use-cases adapted from the literature.

A complete tableau procedure for risk analysis

In many real-life situations making a decision entails evaluating the risks associated with the decision, which in turn requires reasoning about events and their relations. In addition to the simpler and better-understood notions of causation and precondition, in this paper we focus on block (or prevention), which is the relation established between an event φ₁ and another event φ₂ such that the number of occurrences of φ₂ decreases whenever φ₁ occurs, and mitigation, where the occurrence of φ₁ reduces the “negative” (for the particular decision we are considering) consequences of the occurrence of φ₂. By introducing two further counting operators and the notion of interval of observation, we give here a sound and complete tableau system along with a systematic tableau construction procedure.