Inferring relevance and presence of evidence in service-oriented and SaaS architectures

Gathering forensic evidence in distributed or cloud environments poses a number of legal, administrative, and technical challenges even at relatively coarse levels of granularity. For Software-as-a-Service (SaaS) and related Service-Oriented Architectures (SOA), however, the addition of loose binding lending such architectures their important flexibility and adaptability renders even identifying possible loci of evidence problematic. Moreover, even where the existence of evidence is known, its relevance for a given hypothesis may vary. We describe an approach to identify the existence of potential evidence based on a causality model of control flow, and seek to prioritise relevance based on a probabilistic graph model. This allows not only the explicit formulation of hypotheses and derivation of criteria for locating and retrieving evidence to be evaluated by Bayesian belief networks (BBN), but to minimise the otherwise highly problematic complexity of maximum a posteriori (MAP) hypotheses based on service orchestration and choreography semantics.

[1]  Richard E. Overill,et al.  Sensitivity Analysis of a Bayesian Network for Reasoning about Digital Forensic Evidence , 2010, 2010 3rd International Conference on Human-Centric Computing.

[2]  C. Peltz,et al.  Web Services Orchestration and Choreography , 2003, Computer.

[3]  Richard E. Overill,et al.  Evaluation of Evidence in Internet Auction Fraud Investigations , 2010, IFIP Int. Conf. Digital Forensics.

[4]  J. Pearl Causality: Models, Reasoning and Inference , 2000 .

[5]  Stephen D. Wolthusen,et al.  Overcast: Forensic Discovery in Cloud Environments , 2009, 2009 Fifth International Conference on IT Security Incident Management and IT Forensics.

[6]  Richard E. Overill,et al.  Sensitivity Analysis of Bayesian Networks Used in Forensic Investigations , 2011, IFIP Int. Conf. Digital Forensics.

[7]  Y. Iraqi,et al.  A State-of-the-Art Review of Cloud Forensics , 2014, J. Digit. Forensics Secur. Law.

[8]  Kam-Pui Chow,et al.  Reasoning About Evidence Using Bayesian Networks , 2012, IFIP Int. Conf. Digital Forensics.

[9]  Jeroen Keppens,et al.  Compositional Bayesian modelling for computation of evidence collection strategies , 2011, Applied Intelligence.

[10]  Nir Friedman,et al.  Probabilistic Graphical Models: Principles and Techniques - Adaptive Computation and Machine Learning , 2009 .

[11]  Min Wu,et al.  A pattern classification framework for theoretical analysis of component forensics , 2008, 2008 IEEE International Conference on Acoustics, Speech and Signal Processing.

[12]  Eugene H. Spafford,et al.  A hypothesis-based approach to digital forensic investigations , 2006 .

[13]  S. Almulla,et al.  Cloud forensics: A research perspective , 2013, 2013 9th International Conference on Innovations in Information Technology (IIT).

[14]  Stefanos Gritzalis,et al.  Cloud Forensics: Identifying the Major Issues and Challenges , 2014, CAiSE.