# Time-Stamped Claim Logic

The main objective of this paper is to define a logic for reasoning about distributed time-stamped claims. Such a logic is interesting for theoretical reasons, i.e., as a logic per se, but also because it has a number of practical applications, in particular when one needs to reason about a huge amount of pieces of evidence collected from different sources, where some of the pieces of evidence may be contradictory and some sources are considered to be more trustworthy than others. We introduce the Time-Stamped Claim Logic including a sound and complete sequent calculus that allows one to reduce the size of the collected set of evidence and removes inconsistencies, i.e., the logic ensures that the result is consistent with respect to the trust relations considered. In order to show how Time-Stamped Claim Logic can be used in practice, we consider a concrete cyber-attribution case study.

## Authors

• 1 publication
• 1 publication
• 4 publications
• 13 publications
• ### A Formal Approach to Analyzing Cyber-Forensics Evidence

The frequency and harmfulness of cyber-attacks are increasing every day,...
04/26/2018 ∙ by Erisa Karafili, et al. ∙ 0

• ### A Logic for Reasoning about Evidence

We introduce a logic for reasoning about evidence, that essentially view...
07/27/2014 ∙ by Joseph Y. Halpern, et al. ∙ 0

• ### Isabelle/HOL as a Meta-Language for Teaching Logic

Proof assistants are important tools for teaching logic. We support this...
10/30/2020 ∙ by Asta Halkjær From, et al. ∙ 0

• ### Understanding the Expressive Power of Unhygienic Substitution in Metaprogramming via Combinatory Logic

Recent work on combinatory logic demonstrates a compositional translatio...
10/08/2019 ∙ by Martin Lester, et al. ∙ 0

• ### On Encoding LF in a Predicate Logic over Simply-Typed Lambda Terms

Felty and Miller have described what they claim to be a faithful encodin...
08/24/2021 ∙ by Gopalan Nadathur, et al. ∙ 0

• ### An Argumentation-Based Framework to Address the Attribution Problem in Cyber-Warfare

Attributing a cyber-operation through the use of multiple pieces of tech...
04/27/2014 ∙ by Paulo Shakarian, et al. ∙ 0

• ### Time-Aware Evidence Ranking for Fact-Checking

Truth can vary over time. Therefore, fact-checking decisions on claim ve...
09/10/2020 ∙ by Liesbeth Allein, et al. ∙ 4

##### This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

## 1 Introduction

The main objective of this paper is to define a logic for reasoning about distributed time-stamped claims. Such a logic is interesting for theoretical reasons, i.e., as a logic per se, but also because it has a number of practical applications, most notably the ability to reason about the attribution of cyber-attacks.

When reasoning about a cyber-attack, a digital forensics analyst typically collects a huge amount of pieces of evidence from different sources. Some of the pieces of evidence may be contradictory and the analyst might consider some sources to be more trustworthy than others. Inferring conclusions from such evidence thus requires particular care and time. A similar problem is faced by historians when they are trying to date particular historic events.

The Time-Stamped Claim Logic that we introduce in this paper provides the forensics analyst with a sound and complete means to reduce the size of the collected set of evidence and remove inconsistencies, i.e., the logic ensures that the result is consistent with respect to the trust relations that the analyst considers to hold. More specifically, the Time-Stamped Claim Logic is a monotonic propositional logic whose language contains assertions of different kinds: labeled assertions to expressing statements of agents about time-stamped claims and relational assertions indexed by propositional symbols that are used to relate agents. In particular, a trust relation with respect to each propositional subject is defined between agents.

We formalize a Gentzen calculus for our logic, which allows one to infer a time-stamped claim whenever (i) there is an agent that states the claim and (ii) each agent that is more trustworthy with respect to the subject does not state the opposite claim. We define a modal and many-valued semantics for our logic, and prove that the calculus is sound and complete with respect to this semantics. In order to show how Time-Stamped Claim Logic can be used in practice, we consider, as a proof of concept, a concrete cyber-attribution case study, inspired by the Ukraine Power Grid Attack that occurred in December 2015.

We proceed as follows. In Section 2, we define the language of Time-Stamped Claim Logic. In Section 3, we formalize a Gentzen calculus for the logic together with a running example. In Section 4, we introduce the semantics, and we then prove the soundness and the completeness of the calculus in Section 5 and Section 6, respectively. In Section 7, we apply Time-Stamped Claim Logic to a realistic case study taken from the cyber-security area. We discuss the most relevant related work in Section 8 and provide some concluding remarks and ideas for future work in Section 9.

## 2 The Language of Time-Stamped Claim Logic

In this section, we introduce the language of the Time-Stamped Claim Logic.

###### Definition 2.1

Let be a non-empty set of propositional symbols and assume fixed non-empty pairwise disjoint sets and of variables, which represent agents names and time points, respectively. The set of time-stamped propositional claims is defined as

 KP={−(t⋅p), t⋅p∣t∈XT and p∈P}

###### Definition 2.2

The language of assertions is defined as follows:

• ;

• whenever ;

• whenever and ;

• whenever and ;

• whenever and ;

• whenever and ;

• whenever and .

Let us briefly discuss the intuitive meaning of these assertions:

• establishes that and are equivalent time points.

• establishes that agent is more trustworthy with respect to than agent .

• establishes that is the most trustworthy agent with respect to statements about .

• establishes that states .

• establishes that there are no agents more trustworthy with respect to than that state . That is, each agent more trustworthy with respect to than does not claim . Similarly, for .

• establishes that states conditional to statements .

Given the relation of with respect to the other statements we will refer to as a derived evidence. We will instead refer to the previous two assertions and simply as evidence.

Let us now illustrate how our logic is used by means of a running example.

###### Example 2.3

Let us suppose that we want to model a crime situation C that possibly occurred at time in which there is a potential culprit J and some sources , and providing statements on the case. Let us further suppose that for the source a person is a culprit provided that person was at the scene of the crime, is capable of committing the crime and has a motive. This can be expressed by the assertion

 a1::(t⋅inplaceJC,t⋅capableJC,t⋅motiveJC/t⋅culpritJC)

over . Moreover, we can write the assertion

 ∀x.x⊴motiveJ% Ca3

to express that is a source recognized to be the most trustworthy with respect to knowing the motive of the potential culprit . Furthermore, the assumptions

• is less trustworthy than with respect to knowing the motive of to have committed the crime ,

• claims that does not have a motive to have committed the crime at time ,

• claims that has a motive to have committed the crime at time

can be expressed in the Time-Stamped Claim Logic by means of the assertions

• ,

• and

• ,

respectively. Hence, if does not have an opinion about whether or not has a motive to have committed the crime at time , then

• and should hold,

• should hold and should not hold, and

• both and should not hold.

Before we introduce the calculus of our logic, which will allow us to draw conclusions from assertions like the ones in Example 2.3, let us define some useful notation. In the following, we will write

 varA:℘LP→℘XA

to denote the map that assigns to each set of assertions the set of elements of that occur in it; mutatis mutandis for and . We may confuse a singleton set with its unique element. Given , and , we write to denote the subset of including all the assertions using only symbols in and variables in and .

## 3 The Calculus of Time-Stamped Claim Logic

Let us begin by recalling what is a sequent and an inference rule. Let be a non-empty set of propositional symbols. A sequent over is a pair and is denoted by

 Γ→Δ,

where and are finite multisets of formulas in . An inference rule over is of the form

 Γ1→Δ1⋯Γn→ΔnΓ→ΔF

where is a set of fresh variables with at most a variable in .

For convenience, below, we will sometimes write

 −−(t⋅p)

to mean and vice-versa, in order to avoid the replication of rules NS, NK, SCR, SCL, SKR, and SKL.

###### Definition 3.1

The calculus over is composed by the following inference rules:

• Axiom (Ax):

 β,Γ→Δ,β

where is of the form , or

• Cut (Cut):

 β,Γ→ΔΓ→Δ,βΓ→Δ

where is of the form , or

• Reflexivity of (ER):

 Γ→Δ,t≅t
• Symmetry of (ES):

 t1≅t2,Γ→Δ,t2≅t1
• Transitivity of (ET):

 t1≅t2,t2≅t3,Γ→Δ,t1≅t3
• Congruence of (EC):

 t1≅t2,[a:ϕ]t1t2,Γ→Δ,a:ϕ

where is a formula obtained from by replacing by

• Agent preference transitivity (AT):

 a1⊴pa2,a2⊴pa3,Γ→Δ,a1⊴pa3
• Agent preference reflexivity (AR):

 Γ→Δ,a⊴pa
• Agent preference congruence (AC):

 a1⊴pa2,a2⊴pa1,[a:ϕ]a1a2,Γ→Δ,a:ϕ

where is a formula obtained from by replacing by

• Agent preference maximum on the right (AMR):

 Γ→Δ,b⊴paΓ→Δ,∀x.x⊴pab
• Agent preference maximum on the left (AML):

 a′⊴pa,∀x.x⊴pa,Γ→Δ∀x.x⊴pa,Γ→Δ
• Negative statement (NS):

 a:−ϕ,Γ→Δ,a:ϕa:−ϕ,Γ→Δ
• Negative knowledge (NK):

 −ϕ,Γ→Δ,ϕ−ϕ,Γ→Δ
• Statement propagation over time (SP):

 Γ→Δ,t1≅t2,a:−(t1⋅p),a:t2⋅pΓ→Δ,t1≅t2,a:−(t1⋅p)
• Knowledge propagation time (KP):

 Γ→Δ,t1≅t2,−(t1⋅p),t2⋅pΓ→Δ,t1≅t2,−(t1⋅p)
• Statement confirmation on the right (SCR):

 b:−ϕ,a⊴varP(ϕ)b,Γ→ΔΓ→Δ,a:⊡ϕb
• Statement confirmation on the left (SCL):

 a:⊡ϕ,Γ→Δ,a⊴varP(ϕ)a′a:⊡ϕ,Γ→Δ,a′:−ϕa:⊡ϕ,Γ→Δ
• Extracting knowledge from statement on the right (SKR):

 b:−ϕ,b:⊡−ϕ,Γ→ΔΓ→Δ,ϕ,a:ϕΓ→Δ,ϕ,a:⊡ϕΓ→Δ,ϕb
• Extracting knowledge on the left (KL):

 b:ϕ,b:⊡ϕ,Γ→Δϕ,Γ→Δb
• Extracting knowledge from statement on the left (SKL):

 ϕ,Γ→Δ,a:−ϕϕ,Γ→Δ,a:⊡−ϕϕ,Γ→Δ
• Conditional reasoning on the right (CR1):

 ϕ1,…,ϕn,Γ→Δ,a:ϕΓ→Δ,a::(ϕ1,…,ϕn/ϕ)
• Conditional reasoning on the left (CR2):

 Γ→Δ,ϕ1⋯Γ→Δ,ϕna:ϕ,Γ→Δa::(ϕ1,…,ϕn/ϕ),Γ→Δ

Most of the rules are self-explanatory, so let us briefly explain only some of them.

The rule states that the claims of an agent are not contradictory, in the sense that an agent cannot claim and . Observe that we do not have the right counterpart of NS that introduces in the right hand side. This is because the logic is not bivalent since there is a third truth-value . Therefore, is not a classical negation.

The rule states that in order to conclude that an agent does not state a certain claim at a particular time it is enough to show that he states the opposite claim at a different time.

The rule states that it is possible to conclude when there is no agent more trustworthy than that claims .

On the other hand, rule states that in order to conclude , it is enough to show that there is an agent stating that is not contradicted by a more trustworthy agent and that each agent stating the opposite claim is contradicted by a more trustworthy agent.

We say that a sequent is a theorem, written

 ⊢Γ→Δ,

if there is a finite sequence of sequents

 Γ1→Δ1⋯Γn→Δn

such that:

• is ,

• for each ,

• either is the conclusion of a rule without premises,

• or is the conclusion of a rule where each premise is a sequent in the sequence with .

In this case, the sequence is said to be a derivation for and is said to be derivable.

The notion of derivable can be brought to the realm of formulas. For , we say that is derivable from , denoted by

 Ψ⊢α,

whenever there is a finite set such that .

For the sake of readability, in the derivations that we give below we underline the principal formula(s) of the rule/axiom that is applied.

###### Example 3.2

Let us return to the crime situation described in Example 2.3. Let be the set composed by the following propositional symbols: , , , , , , , and Let be the set containing the assertions

and let be the singleton set with the assertion . The derivation in Figure 1 establishes that is derivable. The subderivation of is in Figure 2.

We will show the use of Time-Stamped Claim Logic with a more complex case study in Section 7.

## 4 The Semantics of Time-Stamped Claim Logic

In this section, we define the semantics of the Time-Stamped Claim Logic. In the following sections, we will then prove the soundness and completeness of the sequent calculus with respect to this semantics. We start by introducing the notion of interpretation structure, which has a modal and many-valued flavour.

###### Definition 4.1

An interpretation structure over a non-empty set of propositional symbols is a tuple

 (DA,DT,≅I,{⊴Ip}p∈P,V)

such that

• and are non-empty sets,

• is a reflexive, symmetric and transitive relation over ,

• is a transitive and reflexive binary relation over for each ,

• such that for every , and ,

• if , then for every such that ,

• whenever ,

• whenever and .

In an interpretation structure, means that agent claims that occurred at time , means that agent claims that does not occur at time and means that agent does not have an opinion about the occurrence of at time .

An assignment over is a pair such that and are maps. Moreover, we say that assignments and are equivalent up to , written

 ρ≡Abρ′,

whenever and for every .

Given an interpretation structure over and an assignment over , satisfaction of an assertion by and , denoted by

 Iρ⊩α,

is defined as follows

• whenever ,

• whenever ,

• whenever for every ,

• whenever

• whenever, for each assignment and such that , if then ,

• whenever

• for each assignment and with , if then ,

• there are assignment and with , and ,

• whenever if for then .

Note that in the definition of satisfaction the truth-value does not play an explicit role. However, it allows the following to be possible:

 Iρ⊮a:ϕandIρ⊮a:−ϕ.

To simplify the presentation, given a set , we will write

 Iρ⊩Γ

whenever for each .

###### Definition 4.2

Given and , we say that entails , denoted by

 Ψ⊨α,

whenever for every interpretation structure and assignment over we have

 Iρ⊩α if Iρ⊩Ψ.

## 5 Soundness

In this section, we prove that the theorems derived using the calculus of the Time-Stamped Claim Logic introduced in Section 3 are valid according to the semantics introduced in Section 4. We start by providing some relevant semantic notions related to sequents.

###### Definition 5.1

We say that an interpretation structure and an assignment satisfy a sequent , denoted by

 Iρ⊩Γ→Δ,

whenever for some if . We say that a sequent is valid, denoted by

 ⊨Γ→Δ,

whenever it is satisfied by every interpretation structure and assignment . We say that and satisfy a rule with a fresh variable ,

 Γ1→Δ1⋯Γn→ΔnΓ→Δb,

whenever if