1 Introduction
The main objective of this paper is to define a logic for reasoning about distributed timestamped claims. Such a logic is interesting for theoretical reasons, i.e., as a logic per se, but also because it has a number of practical applications, most notably the ability to reason about the attribution of cyberattacks.
When reasoning about a cyberattack, a digital forensics analyst typically collects a huge amount of pieces of evidence from different sources. Some of the pieces of evidence may be contradictory and the analyst might consider some sources to be more trustworthy than others. Inferring conclusions from such evidence thus requires particular care and time. A similar problem is faced by historians when they are trying to date particular historic events.
The TimeStamped Claim Logic that we introduce in this paper provides the forensics analyst with a sound and complete means to reduce the size of the collected set of evidence and remove inconsistencies, i.e., the logic ensures that the result is consistent with respect to the trust relations that the analyst considers to hold. More specifically, the TimeStamped Claim Logic is a monotonic propositional logic whose language contains assertions of different kinds: labeled assertions to expressing statements of agents about timestamped claims and relational assertions indexed by propositional symbols that are used to relate agents. In particular, a trust relation with respect to each propositional subject is defined between agents.
We formalize a Gentzen calculus for our logic, which allows one to infer a timestamped claim whenever (i) there is an agent that states the claim and (ii) each agent that is more trustworthy with respect to the subject does not state the opposite claim. We define a modal and manyvalued semantics for our logic, and prove that the calculus is sound and complete with respect to this semantics. In order to show how TimeStamped Claim Logic can be used in practice, we consider, as a proof of concept, a concrete cyberattribution case study, inspired by the Ukraine Power Grid Attack that occurred in December 2015.
We proceed as follows. In Section 2, we define the language of TimeStamped Claim Logic. In Section 3, we formalize a Gentzen calculus for the logic together with a running example. In Section 4, we introduce the semantics, and we then prove the soundness and the completeness of the calculus in Section 5 and Section 6, respectively. In Section 7, we apply TimeStamped Claim Logic to a realistic case study taken from the cybersecurity area. We discuss the most relevant related work in Section 8 and provide some concluding remarks and ideas for future work in Section 9.
2 The Language of TimeStamped Claim Logic
In this section, we introduce the language of the TimeStamped Claim Logic.
Definition 2.1
Let be a nonempty set of propositional symbols and assume fixed nonempty pairwise disjoint sets and of variables, which represent agents names and time points, respectively. The set of timestamped propositional claims is defined as
Definition 2.2
The language of assertions is defined as follows:

;

whenever ;

whenever and ;

whenever and ;

whenever and ;

whenever and ;

whenever and .
Let us briefly discuss the intuitive meaning of these assertions:

establishes that and are equivalent time points.

establishes that agent is more trustworthy with respect to than agent .

establishes that is the most trustworthy agent with respect to statements about .

establishes that states .

establishes that there are no agents more trustworthy with respect to than that state . That is, each agent more trustworthy with respect to than does not claim . Similarly, for .

establishes that states conditional to statements .
Given the relation of with respect to the other statements we will refer to as a derived evidence. We will instead refer to the previous two assertions and simply as evidence.
Let us now illustrate how our logic is used by means of a running example.
Example 2.3
Let us suppose that we want to model a crime situation C that possibly occurred at time in which there is a potential culprit J and some sources , and providing statements on the case. Let us further suppose that for the source a person is a culprit provided that person was at the scene of the crime, is capable of committing the crime and has a motive. This can be expressed by the assertion
over . Moreover, we can write the assertion
to express that is a source recognized to be the most trustworthy with respect to knowing the motive of the potential culprit . Furthermore, the assumptions

is less trustworthy than with respect to knowing the motive of to have committed the crime ,

claims that does not have a motive to have committed the crime at time ,

claims that has a motive to have committed the crime at time
can be expressed in the TimeStamped Claim Logic by means of the assertions

,

and

,
respectively. Hence, if does not have an opinion about whether or not has a motive to have committed the crime at time , then

and should hold,

should hold and should not hold, and

both and should not hold.
Before we introduce the calculus of our logic, which will allow us to draw conclusions from assertions like the ones in Example 2.3, let us define some useful notation. In the following, we will write
to denote the map that assigns to each set of assertions the set of elements of that occur in it; mutatis mutandis for and . We may confuse a singleton set with its unique element. Given , and , we write to denote the subset of including all the assertions using only symbols in and variables in and .
3 The Calculus of TimeStamped Claim Logic
Let us begin by recalling what is a sequent and an inference rule. Let be a nonempty set of propositional symbols. A sequent over is a pair and is denoted by
where and are finite multisets of formulas in . An inference rule over is of the form
where is a set of fresh variables with at most a variable in .
For convenience, below, we will sometimes write
to mean and viceversa, in order to avoid the replication of rules NS, NK, SCR, SCL, SKR, and SKL.
Definition 3.1
The calculus over is composed by the following inference rules:

Axiom (Ax):
where is of the form , or

Cut (Cut):
where is of the form , or

Reflexivity of (ER):

Symmetry of (ES):

Transitivity of (ET):

Congruence of (EC):
where is a formula obtained from by replacing by

Agent preference transitivity (AT):

Agent preference reflexivity (AR):

Agent preference congruence (AC):
where is a formula obtained from by replacing by

Agent preference maximum on the right (AMR):

Agent preference maximum on the left (AML):

Negative statement (NS):

Negative knowledge (NK):

Statement propagation over time (SP):

Knowledge propagation time (KP):

Statement confirmation on the right (SCR):

Statement confirmation on the left (SCL):

Extracting knowledge from statement on the right (SKR):

Extracting knowledge on the left (KL):

Extracting knowledge from statement on the left (SKL):

Conditional reasoning on the right (CR1):

Conditional reasoning on the left (CR2):
Most of the rules are selfexplanatory, so let us briefly explain only some of them.
The rule states that the claims of an agent are not contradictory, in the sense that an agent cannot claim and . Observe that we do not have the right counterpart of NS that introduces in the right hand side. This is because the logic is not bivalent since there is a third truthvalue . Therefore, is not a classical negation.
The rule states that in order to conclude that an agent does not state a certain claim at a particular time it is enough to show that he states the opposite claim at a different time.
The rule states that it is possible to conclude when there is no agent more trustworthy than that claims .
On the other hand, rule states that in order to conclude , it is enough to show that there is an agent stating that is not contradicted by a more trustworthy agent and that each agent stating the opposite claim is contradicted by a more trustworthy agent.
We say that a sequent is a theorem, written
if there is a finite sequence of sequents
such that:

is ,

for each ,

either is the conclusion of a rule without premises,

or is the conclusion of a rule where each premise is a sequent in the sequence with .

In this case, the sequence is said to be a derivation for and is said to be derivable.
The notion of derivable can be brought to the realm of formulas. For , we say that is derivable from , denoted by
whenever there is a finite set such that .
For the sake of readability, in the derivations that we give below we underline the principal formula(s) of the rule/axiom that is applied.
Example 3.2
Let us return to the crime situation described in Example 2.3. Let be the set composed by the following propositional symbols: , , , , , , , and Let be the set containing the assertions
and let be the singleton set with the assertion . The derivation in Figure 1 establishes that is derivable. The subderivation of is in Figure 2.
1  CR2:2,3 
2  CR2:4,5 
3  Ax 
4  SKR:6,7,8 
5  SKR(*) 
6  
SCL:12,13  
7  
Ax  
8  
SCR:9  
9  
NS:10  
10  
AML:11  
11  
AC  
12  
AML:14  
13  
Ax  
14  
Ax 
1  SKR:2,3,4 
2  
SCL:5,6  
3  
Ax  
4  
SCR:8  
5  
AML:7  
6  
Ax  
7  
Ax  
8  
NS:9  
9  
AML:10  
10  
AC 
We will show the use of TimeStamped Claim Logic with a more complex case study in Section 7.
4 The Semantics of TimeStamped Claim Logic
In this section, we define the semantics of the TimeStamped Claim Logic. In the following sections, we will then prove the soundness and completeness of the sequent calculus with respect to this semantics. We start by introducing the notion of interpretation structure, which has a modal and manyvalued flavour.
Definition 4.1
An interpretation structure over a nonempty set of propositional symbols is a tuple
such that

and are nonempty sets,

is a reflexive, symmetric and transitive relation over ,

is a transitive and reflexive binary relation over for each ,

such that for every , and ,

if , then for every such that ,

whenever ,

whenever and .

In an interpretation structure, means that agent claims that occurred at time , means that agent claims that does not occur at time and means that agent does not have an opinion about the occurrence of at time .
An assignment over is a pair such that and are maps. Moreover, we say that assignments and are equivalent up to , written
whenever and for every .
Given an interpretation structure over and an assignment over , satisfaction of an assertion by and , denoted by
is defined as follows

whenever ,

whenever ,

whenever for every ,

whenever

whenever, for each assignment and such that , if then ,

whenever

for each assignment and with , if then ,

there are assignment and with , and ,


whenever if for then .
Note that in the definition of satisfaction the truthvalue does not play an explicit role. However, it allows the following to be possible:
To simplify the presentation, given a set , we will write
whenever for each .
Definition 4.2
Given and , we say that entails , denoted by
whenever for every interpretation structure and assignment over we have
5 Soundness
In this section, we prove that the theorems derived using the calculus of the TimeStamped Claim Logic introduced in Section 3 are valid according to the semantics introduced in Section 4. We start by providing some relevant semantic notions related to sequents.
Definition 5.1
We say that an interpretation structure and an assignment satisfy a sequent , denoted by
whenever for some if . We say that a sequent is valid, denoted by
whenever it is satisfied by every interpretation structure and assignment . We say that and satisfy a rule with a fresh variable ,
whenever if
Comments
There are no comments yet.