Mason Archival Repository Service

An Evidence Management Model for Web Services Behavior

Show simple item record

dc.contributor.author Gunestas, Murat
dc.creator Gunestas, Murat
dc.date 2009-08-25
dc.date.accessioned 2009-10-01T17:59:03Z
dc.date.available NO_RESTRICTION en_US
dc.date.available 2009-10-01T17:59:03Z
dc.date.issued 2009-10-01T17:59:03Z
dc.identifier.uri http://hdl.handle.net/1920/5631
dc.description.abstract Web service choreographies, orchestrations and dynamically invoking web services are three kinds of sample compositions. These compositions create service inter-dependencies that can be misused for monetary or other gains. When a misuse is reported, investigators have to navigate through a collection of web-service or network logs to recreate suspected misuses. In order to facilitate this task, I propose creating forensic web services (FWS), specialized web services that, when used, would securely maintain transactional records between other web services. An independent agency can re-link these secure records residing in distributed FWS stations to reproduce the transactional history, and thereby substantiate or refute claims of misuse by providing supporting or refuting evidence. As multi-participant transactions migrate to web services, there is a potential for some of these parties to not fulfill their specified obligations or to work to achieve objectives contrary to those specified objectives. Preserving evidence of service behavior of all participating actors in complex web-based transactions can resolve such shortcomings. In order to achieve this, I propose a three-layered framework to preserve evidence of service behaviors in a non-refutable way. The lowest layer of my framework preserves transactional evidence of pair-wise participation using cryptographically secured FWS. The second layer uses this pair-wise evidence to derive evidence of complex interactions. The highest layer generates evidence of complex transactional behavior. Web service choreographies can be misused at multiple levels: namely exploiting their technical capabilities that I refer to as Service Misuses and using them to design complex illegal business schemes that I refer to as Business Misuses, such as Ponzi, pyramid, or money laundering schemes. One of the main problems with the latter kind of misuses is that they appear similar to a legal multi-stage business scheme to an external observer with a microscopic view; but in truth are macroscopically illegal. I define some of these schemes precisely and show how to produce evidence of them using cryptographically secure local message repositories. Such evidence would be helpful to financial fraud investigators, business arbiters, potential investors, and judicial actors. Detecting service or business misuses, in particular, over a set of evidence of observed web service interactions through a post-mortem investigation might disclose an extremely dramatic level of damage as is in the case of Ponzi schemes. Live detection of business misuses can assist a collection of services by alerting them to a spreading misuse that may target them or help in preventing service misuses. I abstract post-mortem detection queries for business and service misuses. en_US
dc.language.iso en_US en_US
dc.subject evidence generation en_US
dc.subject business misuse en_US
dc.subject forensic web services en_US
dc.subject web services choreography en_US
dc.subject WS – evidence en_US
dc.subject digital forensics en_US
dc.title An Evidence Management Model for Web Services Behavior en_US
dc.type Dissertation en
thesis.degree.name Doctor of Philosophy in Information Technology en_US
thesis.degree.level Doctoral en
thesis.degree.discipline Information Technology en
thesis.degree.grantor George Mason University en


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search MARS


Browse

My Account

Statistics