An Evidence Management Model for Web Services Behavior




Gunestas, Murat

Journal Title

Journal ISSN

Volume Title



Web service choreographies, orchestrations and dynamically invoking web services are three kinds of sample compositions. These compositions create service inter-dependencies that can be misused for monetary or other gains. When a misuse is reported, investigators have to navigate through a collection of web-service or network logs to recreate suspected misuses. In order to facilitate this task, I propose creating forensic web services (FWS), specialized web services that, when used, would securely maintain transactional records between other web services. An independent agency can re-link these secure records residing in distributed FWS stations to reproduce the transactional history, and thereby substantiate or refute claims of misuse by providing supporting or refuting evidence. As multi-participant transactions migrate to web services, there is a potential for some of these parties to not fulfill their specified obligations or to work to achieve objectives contrary to those specified objectives. Preserving evidence of service behavior of all participating actors in complex web-based transactions can resolve such shortcomings. In order to achieve this, I propose a three-layered framework to preserve evidence of service behaviors in a non-refutable way. The lowest layer of my framework preserves transactional evidence of pair-wise participation using cryptographically secured FWS. The second layer uses this pair-wise evidence to derive evidence of complex interactions. The highest layer generates evidence of complex transactional behavior. Web service choreographies can be misused at multiple levels: namely exploiting their technical capabilities that I refer to as Service Misuses and using them to design complex illegal business schemes that I refer to as Business Misuses, such as Ponzi, pyramid, or money laundering schemes. One of the main problems with the latter kind of misuses is that they appear similar to a legal multi-stage business scheme to an external observer with a microscopic view; but in truth are macroscopically illegal. I define some of these schemes precisely and show how to produce evidence of them using cryptographically secure local message repositories. Such evidence would be helpful to financial fraud investigators, business arbiters, potential investors, and judicial actors. Detecting service or business misuses, in particular, over a set of evidence of observed web service interactions through a post-mortem investigation might disclose an extremely dramatic level of damage as is in the case of Ponzi schemes. Live detection of business misuses can assist a collection of services by alerting them to a spreading misuse that may target them or help in preventing service misuses. I abstract post-mortem detection queries for business and service misuses.



Evidence generation, Business misuse, Forensic web services, Web services choreography, WS – evidence, Digital forensics