Forensic web services

IFIP International Federation for Information Processing

Volumn 285, Issue , 2008, Pages 163-176

  Gunestas, Murat ^a   Wijesekera, Duminda ^a   Singhal, Anoop ^b  

^a GEORGE MASON UNIVERSITY   (United States)

^b NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY   (United States)

Author keywords

Service oriented architecture; Transaction forensics; Web services

Indexed keywords

DYNAMIC INVOCATION; FINANCIAL FRAUD; TRANSACTION FORENSICS; TRANSACTION HISTORY; TRANSACTION RECORDS;

CRIME; INFORMATION SERVICES; SERVICE ORIENTED ARCHITECTURE (SOA); WEB SERVICES; SOCIAL NETWORKING (ONLINE); WEBSITES;

WEBSITES; WEB SERVICES;

EID: 51149093303     PISSN: 15715736     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-0-387-84927-0_14     Document Type: Article

References (33)

1. Apache Software Foundation, Axis2 Architecture Guide (ws.apache.org/ axis2/0_95/Axis2ArchitectureGuide.html), 2006.
2. BEA Systems, Specifying SOAP handlers for a web service, BEA WebLogic Workshop Help (Online), San Jose, California (edocs.bea.com/workshop/ docs81/doc/en/core/index.html).
3. M. Bilal, J. Thomas, M. Thomas and S. Abraham, Fair BPEL processes transaction using non-repudiation protocols, Proceedings of the IEEE International Conference on Services Computing, pp. 337-340, 2005.
4. T. Coffey and P. Saidha, Non-repudiation with mandatory proof of receipt, ACM SIGCOMM Computer Communication Review, vol. 26(1), pp. 6-17, 1996.
5. S. da Cruz, L. Campos, M. Campos and P. Pires, A data mart approach for monitoring web services usage and evaluating quality of services, Proceedings of the Twenty-Eighth Brazilian Symposium on Databases, 2003.
6. S. da Cruz, M. Campos, P. Pires and L. Campos, Monitoring e-business web service usage through a log based architecture, Proceedings of the IEEE International Conference on Web Services, pp. 61-69, 2004.
7. Y. Demchenko, L. Gommans, C. de Laat and B. Oudenaarde, Web services and grid security vulnerabilities and threats analysis and model, Proceedings of the Sixth IEEE/ACM International Workshop on Grid Computing, 2005.
8. S. Faust, SOAP web services attacks (www.net-security.org/dl/articles/ SOAP_Web_Security.pdf), 2003.
9. D. Green, Attacking and defending web services, presented at the Nebraska CERT Conference (www.certconf.org/presentations/2006/files/TA2.pdf), 2006.
10. A. Herzberg and I. Yoffe, The Delivery and Evidence Layer, Report 2007/ 139, Cryptology ePrint Archive (eprint.iacr.org/2007/139.pdf), 2007.
11. C. Hosmer, Digital evidence bag, Communications of the ACM, vol. 49(2), pp. 69-70, 2006.
12. IBM Corporation, JAX-RPC handlers collection, Armonk, New York (publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/ com.ibm.websphere.pmc.express.doc/sibusresources/JAXRPC Handler CollectionForm.html), 2007.
13. C. Jayalath and R. Fernando, A modular architecture for secure and reliable distributed communication, Proceedings of the Second International Conference on Availability, Reliability and Security, pp. 621-628, 2007.
14. M. Juric, Business Process Execution Language for Web Services, Packt Publishing, Birmingham, United Kingdom, 2006.
15. S. King and P. Chen, Backtracking intrusions, ACM SIGOPS Operating Systems Review, vol. 37(5), pp. 223-236, 2003.
16. S. Kremer, O. Markowitch and J. Zhou, An intensive survey of fair non-repudiation protocols, Computer Communications, vol. 25(17), pp. 1606-1621, 2002.
17. J. Mallery, J. Zahn, P. Kelly, W. Noonan, E. Seagren, P. Love, R. Kraft and M. O'Neill, Hardening Network Security, McGraw-Hill/Osborne, Emeryville, California, 2005.
18. M. McIntosh and P. Austel, XML signature element wrapping attacks and countermeasures, Proceedings of the Second ACM Workshop on Secure Web Services, pp. 20-27, 2005.
19. S. Micali, Certified e-mail with invisible post offices, presented at the Sixth Annual RSA Data Security Conference, 1997.
20. W. Negm, Anatomy of a web services attack: A guide to threats and preventative countermeasures (www.bitpipe.com/detail/RES/ 1084293354_294.html), 2004.
21. OASIS Web Services Secure Exchange Technical Committee, WS-Trust V1.0, OASIS (www.oasis-open.org/committees/download.php/16138/ oasis-wssx-ws-trust-1.0.pdf), 2006.
22. OASIS Web Services Secure Exchange Technical Committee, WS-SecureConversation 1.3, OASIS (docs.oasis-open.org/ws-sx/ ws-secureconversation/200512/ws-secureconversation-1.3-os.html), 2007.
23. J. Onieva, J. Zhou, M. Carbonell and J. Lopez, Intermediary non-repudiation protocols, Proceedings of the IEEE International Conference on E-Commerce Technology, pp. 207-214, 2003.
24. Oracle, Using JAX-RPC handlers, Oracle Application Server Web Services Developer's Guide, Redwood Shores, California (download.oracle.com/docs/cd/B31017 01/web.1013/b28974/ jaxrpchandlers.htm), 2006.
25. S. Perera, C. Herath, J. Ekanayake, A. Ranabahu. D. Jayasinghe, S. Weerawarana and G. Daniels, Axis2: Middleware for next generation web services, Proceedings of the IEEE International Conference on Web Services, pp. 833-840, 2006.
26. P. Robinson, N. Cook and S. Shrivastava, Implementing fair non-repudiable interactions with web services, Proceedings of the Ninth IEEE International EDOC Enterprise Computing Conference, pp. 195-206, 2005.
27. J. Rosenberg and D. Remy, Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature and XML Encryption, Sams Publishing, Indianapolis, Indiana, 2004.
28. M. Rouached and C. Godart, Analysis of composite web services using logging facilities, Proceedings of the Second International Workshop on Engineering Service-Oriented Applications: Design and Composition, pp. 74-85, 2006.
29. K. Shanmugasundaram, N. Memon, A. Savant and H. Bronnimann, ForNet: A distributed forensics network, Proceedings of the Second International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security, pp. 1-16, 2003.
30. J. Sremack, Investigating real-time system forensics, Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communication Networks, pp. 25-32, 2005.
31. A. Vorobiev and J. Han, Security attack ontology for web services, Proceedings of the Second International Conference on Semantics, Knowledge and Grid, p. 42, 2006.
32. W. Wang and T. Daniels, Building evidence graphs for network forensics analysis, Proceedings of the Twenty-First Annual Computer Security Applications Conference, pp. 254-266, 2005.
33. W. Yu, P. Supthaweesuk and D. Aravind, Trustworthy web services based on testing, Proceedings of the IEEE International Workshop on Service-Oriented System Engineering, pp. 159-169, 2005.