Conference paper

Appeared in: Proceedings 2009 IEEE International Conference on Web Services

Editor list: Damiani, E.; Chand, R.; Zhang, J.

Publication year: 2009

Pages: 625-631

ISBN: 978-0-7695-3709-2

DOI Link: https://doi.org/10.1109/ICWS.2009.70

Conference: 2009 IEEE International Conference on Web Services (ICWS 2009)

Abstract: 

The service-oriented architecture paradigm is influencing modern software systems remarkably and Web services are a common technology to implement such systems. However, the numerous Web service standard specifications and especially their ambiguity result in a high complexity which opens the door for security-critical mistakes.This paper aims on raising awareness of this issue while discussing a vulnerability in Amazonpsilas Elastic Compute Cloud (EC2) services to XML wrapping attacks, which has since been resolved as a result of our findings and disclosure. More importantly, this paper discusses the verification steps required to effectively validate an incoming SOAP request. It reviews the available work in the light of the discovered Amazon EC2 vulnerability and provides a practical guideline for achieving a robust and effective SOAP message security validation mechanism.

Harvard Citation style: Gruschka, N. and Lo Iacono, L. (2009) Vulnerable Cloud: SOAP Message Security Validation Revisited, in Damiani, E., Chand, R. and Zhang, J. (eds.) Proceedings 2009 IEEE International Conference on Web Services. Piscataway, NJ: IEEE. pp. 625-631. https://doi.org/10.1109/ICWS.2009.70

APA Citation style: Gruschka, N., & Lo Iacono, L. (2009). Vulnerable Cloud: SOAP Message Security Validation Revisited. In Damiani, E., Chand, R., & Zhang, J. (Eds.), Proceedings 2009 IEEE International Conference on Web Services. (pp. 625-631). IEEE. https://doi.org/10.1109/ICWS.2009.70