Konferenzpaper

Erschienen in: Proceedings 2009 IEEE International Conference on Web Services

Herausgeberliste: Damiani, E.; Chand, R.; Zhang, J.

Jahr der Veröffentlichung: 2009

Seiten: 625-631

ISBN: 978-0-7695-3709-2

DOI Link: https://doi.org/10.1109/ICWS.2009.70

Konferenz: 2009 IEEE International Conference on Web Services (ICWS 2009)

Abstract: 

The service-oriented architecture paradigm is influencing modern software systems remarkably and Web services are a common technology to implement such systems. However, the numerous Web service standard specifications and especially their ambiguity result in a high complexity which opens the door for security-critical mistakes.This paper aims on raising awareness of this issue while discussing a vulnerability in Amazonpsilas Elastic Compute Cloud (EC2) services to XML wrapping attacks, which has since been resolved as a result of our findings and disclosure. More importantly, this paper discusses the verification steps required to effectively validate an incoming SOAP request. It reviews the available work in the light of the discovered Amazon EC2 vulnerability and provides a practical guideline for achieving a robust and effective SOAP message security validation mechanism.

Harvard-Zitierstil: Gruschka, N. and Lo Iacono, L. (2009) Vulnerable Cloud: SOAP Message Security Validation Revisited, in Damiani, E., Chand, R. and Zhang, J. (eds.) Proceedings 2009 IEEE International Conference on Web Services. Piscataway, NJ: IEEE. pp. 625-631. https://doi.org/10.1109/ICWS.2009.70

APA-Zitierstil: Gruschka, N., & Lo Iacono, L. (2009). Vulnerable Cloud: SOAP Message Security Validation Revisited. In Damiani, E., Chand, R., & Zhang, J. (Eds.), Proceedings 2009 IEEE International Conference on Web Services. (pp. 625-631). IEEE. https://doi.org/10.1109/ICWS.2009.70