Forensics-aware web services composition and ranking

Web service composition has been extensively studied in recent years. Although a lot of new models and mechanisms have been proposed, many issues in service composition still remain unsolved. Among them, forensics examination is one of the major concerns. As opposed to traditional forensics implementations, applying forensics to Web service infrastructures introduces novel problems such as the need for neutrality, comprehensiveness, and reliability. Existing approaches fail to recognize that even optimized strategies for service selection and composition involve the exchange of large amounts of potentially sensitive data, causing potentially serious forensics leaks. Consequently, forensics is still among the key challenges that keep hampering service composition-based solutions. In this context, this paper proposes a built in forensics-aware framework for Web services (Fi4SOA). Fi4SOA uses Sherwood Applied Business Security (SABSA) methodology to merge forensics properties with business requirements at service design phase. It uses reasoning machine over a new proposed ontology to define forensics properties and monitor forensics events at run time phase.