Conference paper

Appeared in: ICT Systems Security and Privacy Protection

Editor list: Jøsang, Audun; Futcher, Lynn; Hagen, Janne

Publication year: 2021

Pages: 3-18

ISBN: 978-3-030-78119-4

eISBN: 978-3-030-78120-0

DOI Link: https://doi.org/10.1007/978-3-030-78120-0_1

Conference: 36th IFIP TC 11 International Conference on Information Security and Privacy Protection (SEC 2021)

Title of series: IFIP Advances in Information and Communication Technology

Number in series: 625

Abstract: 

XML Signature Wrapping (XSW) has been a relevant threat to web services for 15 years until today. Using the Personal Health Record (PHR), which is currently under development in Germany, we investigate a current SOAP-based web services system as a case study. In doing so, we highlight several deficiencies in defending against XSW. Using this real-world contemporary example as motivation, we introduce a guideline for more secure XML signature processing that provides practitioners with easier access to the effective countermeasures identified in the current state of research.

Harvard Citation style: Höller, P., Krumeich, A. and Lo Iacono, L. (2021) XML Signature Wrapping Still Considered Harmful: A Case Study on the Personal Health Record in Germany, in Jøsang, A., Futcher, L. and Hagen, J. (eds.) ICT Systems Security and Privacy Protection. Cham: Springer. pp. 3-18. https://doi.org/10.1007/978-3-030-78120-0_1

APA Citation style: Höller, P., Krumeich, A., & Lo Iacono, L. (2021). XML Signature Wrapping Still Considered Harmful: A Case Study on the Personal Health Record in Germany. In Jøsang, A., Futcher, L., & Hagen, J. (Eds.), ICT Systems Security and Privacy Protection. (pp. 3-18). Springer. https://doi.org/10.1007/978-3-030-78120-0_1