Conference paper
Authors list: Mainka, C.; Jensen, M.; Lo Iacono, L.; Schwenk, J.
Appeared in: Cloud Computing and Services Science
Editor list: Ivanov, I.; Sinderen, M.; Leymann, F.; Shan, T.
Publication year: 2013
Pages: 151-167
ISBN: 978-3-319-04518-4
eISBN: 978-3-319-04519-1
DOI Link: https://doi.org/10.1007/978-3-319-04519-1_10
Conference: 2nd International Conference on Cloud Computing and Services Science (CLOSER 2012)
Title of series: Communications in Computer and Information Science
Number in series: 367
The increased usage of XML in distributed systems and platforms increases the demand for robust and effective security mechanisms likewise. Recent research work discovered, however, substantial vulnerabilities in the XML Signature standard as well as in the vast majority of the available implementations. Amongst them, the so-called XML Signature Wrapping (XSW) attack belongs to the most relevant ones. With the many possible instances of the XSW attack class, it is feasible to annul security systems relying on XML Signature and to gain access to protected resources as has been successfully demonstrated lately for various Cloud services.
Abstract:
This work introduces a comprehensive approach to robust and effective XML Signatures for SOAP-based Web Services denoted as XSpRES. An architecture is presented, which integrates the required enhancements to ensure a fail-safe and sound signature generation and verification. Following this architecture, a hardened XML Signature library has been implemented. The obtained evaluation results show that the developed concept and library provide the targeted robustness against all kinds of known XSW attacks. Moreover, the empirical results underline that these security merits are obtained at low efficiency and performance costs as well as remain compliant with the underlying standards.
Citation Styles
Harvard Citation style: Mainka, C., Jensen, M., Lo Iacono, L. and Schwenk, J. (2013) Making XML Signatures Immune to XML Signature Wrapping Attacks, in Ivanov, I., Sinderen, M., Leymann, F. and Shan, T. (eds.) Cloud Computing and Services Science. Cham: Springer. pp. 151-167. https://doi.org/10.1007/978-3-319-04519-1_10
APA Citation style: Mainka, C., Jensen, M., Lo Iacono, L., & Schwenk, J. (2013). Making XML Signatures Immune to XML Signature Wrapping Attacks. In Ivanov, I., Sinderen, M., Leymann, F., & Shan, T. (Eds.), Cloud Computing and Services Science. (pp. 151-167). Springer. https://doi.org/10.1007/978-3-319-04519-1_10
