An Evidence Management Model for Web Services Behavior

Web service choreographies, orchestrations and dynamically invoking web services arethree kinds of sample compositions. These compositions create service inter-dependenciesthat can be misused for monetary or other gains. When a misuse isreported, investigators have to navigate through a collection of web-service or networklogs to recreate suspected misuses. In order to facilitate this task, I propose creatingforensic web services (FWS), specialized web services that, when used, would securelymaintain transactional records between other web services. An independent agency canre-link these secure records residing in distributed FWS stations to reproduce thetransactional history, and thereby substantiate or refute claims of misuse by providingsupporting or refuting evidence.As multi-participant transactions migrate to web services, there is a potential for some ofthese parties to not fulfill their specified obligations or to work to achieve objectivescontrary to those specified objectives. Preserving evidence of service behavior of allparticipating actors in complex web-based transactions can resolve such shortcomings. Inorder to achieve this, I propose a three-layered framework to preserve evidence of servicebehaviors in a non-refutable way. The lowest layer of my framework preservestransactional evidence of pair-wise participation using cryptographically secured FWS.The second layer uses this pair-wise evidence to derive evidence of complex interactions.The highest layer generates evidence of complex transactional behavior.Web service choreographies can be misused at multiple levels: namely exploiting theirtechnical capabilities that I refer to as Service Misuses and using them to design complexillegal business schemes that I refer to as Business Misuses, such as Ponzi, pyramid, ormoney laundering schemes. One of the main problems with the latter kind of misuses isthat they appear similar to a legal multi-stage business scheme to an external observerwith a microscopic view; but in truth are macroscopically illegal. I define some of theseschemes precisely and show how to produce evidence of them using cryptographicallysecure local message repositories. Such evidence would be helpful to financial fraudinvestigators, business arbiters, potential investors, and judicial actors.Detecting service or business misuses, in particular, over a set of evidence of observedweb service interactions through a post-mortem investigation might disclose an extremelydramatic level of damage as is in the case of Ponzi schemes. Live detection of businessmisuses can assist a collection of services by alerting them to a spreading misuse thatmay target them or help in preventing service misuses. I abstract post-mortem detectionqueries for business and service misuses.