Forensics over Web Services: The FWS

Forensics over Web Services: The FWS

Murat Gunestas (General Directorate of Security, Ankara, Turkey), Duminda Wijesekera (CS Department, George Mason University, USA) and Anoop Singhal (National Institute of Standards and Technology, USA)
DOI: 10.4018/978-1-60566-950-2.ch005

Abstract

Web services are currently a preferred way to architect and provide complex services. This complexity arises due to the composition of new services by choreographing, orchestrating and dynamically invoking existing services. These compositions create service inter-dependencies that can be misused for monetary or other gains. When a misuse is reported, investigators have to navigate through a collection of logs to recreate the attack. In order to facilitate that task, the authors propose creating forensic web services (FWS), a specialized web service that when used would securely maintain transactional records between other web services. These secure records can be re-linked to reproduce the transactional history by an independent agency. Although their work is ongoing, they show the necessary components of a forensic framework for web services and its success through a case study.
Chapter Preview
Top

Background

Two conceptual elements base current web services: (1) Use of XML (eXtensible Markup Language), SOAP (Simple Object Access Protocol), and WSDL (Web Service Definition Language) as basic building material; (2) Complex applications built upon long-running, sometimes transactional executions created from basic elements using choreography, orchestration and compositional methods.

Basic Paradigm

XML format underlies entire web service architecture and its artifacts. All schemas, definition files, and messages transmitted are formed by the means of XML. WSDL, a XML based definition file, defines the interface of a web service in order for the service to be invoked by other services in accordance with the specifications of internal executions. SOAP, a XML based protocol, defines the metadata of the messages to be exchanged between services. Operations are defined in WSDL documents and they are the only mechanisms that can be employed for web services to communicate with each other. SOAP messages are defined and exchanged as incoming and outgoing messages through the operations. WSDL proposes four types of operations:

  • Notification: One message is sent to many receivers, such as broadcasting.

  • One-Way: The message is sent and no response is expected, such as Fire-and-Forget.

  • Request-Response: A typical RPC structure: The message is sent from sender to receiver and response is pushed back to the sender.

  • Solicit-Response: Request is sent without any data and the response is expected.

Although there are four proposed operation types, the message exchanges can be defined in two ways, in summary, One-Way and Request-Response—this is so since notification and solicit-response can both be represented by one-way and request-response types, respectively.

Complete Chapter List

Search this Book:
Reset