This Article 
 Bibliographic References 
 Add to: 
Forensic Web Services Framework
May/June 2011 (vol. 13 no. 3)
pp. 31-37
Murat Gunestas, General Directorate of Security
Murad Mehmet, George Mason University
Duminda Wijesekera, George Mason University
Anoop Singhal, National Institute of Standards and Technology

When Web services are misused, investigators must navigate through a collection of logs to recreate an attack. The proposed Forensic Web Services could help by securely maintaining transactional records between Web services.

1. A. Vorobiev and H. Jun, "Security Attack Ontology for Web Services," Proc. 2nd Int'l Conf. Semantics, Knowledge and Grid (SKG 06), IEEE CS Press, 2006, p. 42.
2. Y. Demchenko et al., "Web Services and Grid Security Vulnerabilities and Threats Analysis and Model," Proc. 6th IEEE/ACM Int'l Workshop on Grid Computing, IEEE Press, 2005, p. 6.
3. A. Singhal and T. Winograd, "Guide to Web Services Security (draft)," National Inst. of Standards and Technology, 2006.
4. M. Gunestas, D. Wijesekera, and A. Singhal, "Forensic Web Services," Proc. 4th Ann. IFIP WG 11.9 Int'l Conf. Digital Forensics, Springer, 2008, pp. 163–176.
5. M. Jensen, N. Gruschka, and N. Luttenberger, "The Impact of Flooding Attacks on Network-based Services," Proc. 3rd Int'l Conf. Availability, Reliability and Security, (ARES 08), IEEE Press, 2008, pp. 509–513.
6. M. Gunestas, D. Wijesekera, and A. Elkhodary, "An Evidence Generation Model for Web Services," Proc. IEEE Int'l Conf. System of Systems Eng. (SoSE 09), IEEE Press, 2009.
7. S.M.S. Cruz et al., "Monitoring E-business Web Services Usage through a Log-Based Architecture," Proc. IEEE Int'l Conf. Web Services, IEEE Press, 2004, pp. 61–69.
8. A. Herzberg and I. Yoffe, "The Delivery and Evidences Layer," Cryptology ePrint Archive Report 2007/139, 2007;
9. P. Robinson, N. Cook, and S. Shrivastava, "Implementing Fair Non-Repudiable Interactions with Web Services," Proc. 9th IEEE Int'l Enterprise Computing Conf., IEEE Press, 2005, pp. 195–206.
10. A. Keller and H. Ludwig, "The WSLA Framework: Specifying and Monitoring Service Level Agreements for Web Services," J. Network and Systems Management, vol. 11, no. 1, 2003, pp. 57–81.
11. M.W. Johnson, "Monitoring and Diagnosing Applications with ARM 4.0," IBM Corp, Dec. 2004; 40/6357ARM_4.0_paper.pdf.
12. L. Ardissono et al., "Monitoring Choreographed Services," Innovations and Advanced Techniques in Computer and Information Sciences and Eng., 2007, pp. 283–288.
13. M. Bilal et al., "Fair BPEL Processes Transaction Using Non-repudiation Protocols," Proc. IEEE Int'l Conf. Services Computing, vol. 1, 2005, pp. 337–340.
14. M. Gunestas, M. Mehmet, and D. Wijesekera, "Detecting Ponzi and Pyramid Schemes in Choreographed Web Services," Proc. 6th Ann. IFIP WG 11.9 Int'l Conf. Digital Forensics, Springer, 2010, pp. 133–150.
15. M. Gunestas and D. Wijesekera, "Online Detection of Web Choreography Misuses," Proc. 5th Int'l Conf. Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 09), IEEE Press, 2009.
16. M. Zuckoff, Ponzi's Scheme: The True Story of a Financial Legend, Random House, 2005.

Index Terms:
Keywords: Web services, service-oriented architecture, transaction forensics, business misuse, information technology, security
Murat Gunestas, Murad Mehmet, Duminda Wijesekera, Anoop Singhal, "Forensic Web Services Framework," IT Professional, vol. 13, no. 3, pp. 31-37, May-June 2011, doi:10.1109/MITP.2011.41
Usage of this product signifies your acceptance of the Terms of Use.