Abstract | ||
---|---|---|
The increased usage of XML in distributed systems and platforms increases the demand for robust and effective security mechanisms likewise. Recent research work discovered, however, substantial vulnerabilities in the XML Signature standard as well as in the vast majority of the available implementations. Amongst them, the so-called XML Signature Wrapping (XSW) attack belongs to the most relevant ones. With the many possible instances of the XSW attack class, it is feasible to annul security systems relying on XML Signature and to gain access to protected resources as has been successfully demonstrated lately for various Cloud services. This work introduces a comprehensive approach to robust and effective XML Signatures for SOAP-based Web Services denoted as XSpRES. An architecture is presented, which integrates the required enhancements to ensure a fail-safe and sound signature generation and verification. Following this architecture, a hardened XML Signature library has been implemented. The obtained evaluation results show that the developed concept and library provide the targeted robustness against all kinds of known XSW attacks. Moreover, the empirical results underline that these security merits are obtained at low efficiency and performance costs as well as remain compliant with the underlying standards. |
Year | DOI | Venue |
---|---|---|
2012 | 10.1007/978-3-319-04519-1_10 | Communications in Computer and Information Science |
Keywords | Field | DocType |
XML Signature,XML Signature Wrapping,Web Services,SOAP,WS-Security,XSpRES,SOA,Cloud | XML Encryption,XML,Computer security,Computer science,Implementation,SOAP,Web service,WS-Security,Database,Cloud computing,XML Signature | Conference |
Volume | ISSN | Citations |
367 | 1865-0929 | 6 |
PageRank | References | Authors |
0.48 | 12 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
christian mainka | 1 | 66 | 10.80 |
Meiko Jensen | 2 | 567 | 43.93 |
Luigi Lo Iacono | 3 | 386 | 50.08 |
Jörg Schwenk | 4 | 899 | 88.54 |