Konferenzpaper
Autorenliste: Mainka, C.; Jensen, M.; Lo Iacono, L.; Schwenk, J.
Erschienen in: Cloud Computing and Services Science
Herausgeberliste: Ivanov, I.; Sinderen, M.; Leymann, F.; Shan, T.
Jahr der Veröffentlichung: 2013
Seiten: 151-167
ISBN: 978-3-319-04518-4
eISBN: 978-3-319-04519-1
DOI Link: https://doi.org/10.1007/978-3-319-04519-1_10
Konferenz: 2nd International Conference on Cloud Computing and Services Science (CLOSER 2012)
Serientitel: Communications in Computer and Information Science
Serienzählung: 367
The increased usage of XML in distributed systems and platforms increases the demand for robust and effective security mechanisms likewise. Recent research work discovered, however, substantial vulnerabilities in the XML Signature standard as well as in the vast majority of the available implementations. Amongst them, the so-called XML Signature Wrapping (XSW) attack belongs to the most relevant ones. With the many possible instances of the XSW attack class, it is feasible to annul security systems relying on XML Signature and to gain access to protected resources as has been successfully demonstrated lately for various Cloud services.
Abstract:
This work introduces a comprehensive approach to robust and effective XML Signatures for SOAP-based Web Services denoted as XSpRES. An architecture is presented, which integrates the required enhancements to ensure a fail-safe and sound signature generation and verification. Following this architecture, a hardened XML Signature library has been implemented. The obtained evaluation results show that the developed concept and library provide the targeted robustness against all kinds of known XSW attacks. Moreover, the empirical results underline that these security merits are obtained at low efficiency and performance costs as well as remain compliant with the underlying standards.
Zitierstile
Harvard-Zitierstil: Mainka, C., Jensen, M., Lo Iacono, L. and Schwenk, J. (2013) Making XML Signatures Immune to XML Signature Wrapping Attacks, in Ivanov, I., Sinderen, M., Leymann, F. and Shan, T. (eds.) Cloud Computing and Services Science. Cham: Springer. pp. 151-167. https://doi.org/10.1007/978-3-319-04519-1_10
APA-Zitierstil: Mainka, C., Jensen, M., Lo Iacono, L., & Schwenk, J. (2013). Making XML Signatures Immune to XML Signature Wrapping Attacks. In Ivanov, I., Sinderen, M., Leymann, F., & Shan, T. (Eds.), Cloud Computing and Services Science. (pp. 151-167). Springer. https://doi.org/10.1007/978-3-319-04519-1_10
