Security analysis of XML, XML usage and XML parsing

Computers and Security

Volumn 22, Issue 6, 2003, Pages 494-505

  Blyth, Andrew ^a   Cunliffe, Daniel ^a   Sutherland, Iain ^a  

^a UNIVERSITY OF GLAMORGAN   (United Kingdom)

Author keywords

Domain Object Models; Electronic Commerce; Information Integrity and Proctection; Information Security; XML; XML Parsing

Indexed keywords

ELECTRONIC COMMERCE; HTML; SEMANTICS; XML;

PARSING;

SECURITY OF DATA;

EID: 0141972446     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/S0167-4048(03)00607-2     Document Type: Note

References (28)

1. Tim Bray, Jean Paoli, C.M. Sperberg-mcqueen, Eve Maler (eds), Extensible Markup Language (XML) 1.0 (Second Edition), W3C Recommendation 6 October 2000, http://www.w3.org/TR/REC-xml.
2. Ramez Elmasri and Shamkant B. Navathe, Fundamentals of Database Systems, Second Edition, Benjamin Cummings Publishing Company, 1994, ISBN0-8053-1753-8.
3. Volker Turau, Web and e-business application: A framework for automatic generation of web-based data entry applications based on XML. Proceedings of 2002 ACM symposium on applied computing ACM Press, 2002
4. Kevin Spett, SQL injection - Are Your Web Applications Vulnerable, A White Paper from SPI Dynamics, 2002.
5. Michael Stonebraker and Joseph M. Hellerstein, Content Integration for E-Business, Proceedings of the 2001 ACM SIGMOD International Conference on Management of Data, ACM Press, May 2001.
6. Benjamin N. Grosof, Yannis Labrou and Hoi Y. Chan, A declarative approach to business rules in contracts: courteous logic programs in XML, Proceedings of the first ACM conference on Electronic commerce, ACM Press, 1999.
7. Henry Chan, Raymond Lee, Tharam Dillon, and Elizabeth Chang, E-Commerce: Fundamentals and Applications, Wiley, 2001.
8. Richard Han, Veronique Perret and Mahmoud Naghshineh, WebSplitter: a unified XML framework for multi-device collaborative Web browsing Proceedings of the 2000 ACM conference on Computer supported cooperative work, ACM Press, 2000.
9. J. Yang, W. J. van den Heuvel, M. P. Papazoglou, Service deployment for virtual enterprises Australian Computer Science Communications, Proceedings of the Workshop on Information Technology for Virtual Enterprises, ACM Press, 2001.
10. Donald Eastlake, Joseph Reagle, and David Solo, XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, http://www.w3.org/TR/xmldsig-core/
11. Kevin Kline and Daniel Kline, SQL in a Nutshell, O'Reilly, 2001.
12. Eva Soderstrom, Standardising the business vocabulary of standards, in Proceedings of the 2002 ACM Symposium on Applied Computing, ACM Press, Madrid, Spain, 2002.
13. Ernesto Damiani, Sabrina De Capitani Di Vimercati, Stefano Paraboschi and Pierangela Samarati, A Fine-Grained Access Control Systems for XML Documents, ACM Transactions on Information and System Security, Vol. 5(2), pp. 169-202, May 2002.
14. Daniel J. Polivy and Roberto Tamassia, Authenticating distributed data using Web services and XML signatures, Proceedings of the 2002 ACM Workshop on XML security, ACM Press, 2002.
15. C. Joncheng Kuo and Polar Humenn, Dynamically authorized role-based access control for secure distributed computation, Proceedings of the 2002 ACM Workshop on XML Security, ACM Press, 2002.
16. Takeshi Imamura, Blair Dillaway and Ed Simom, XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002, http://www.w3.org/TR/xmlenc-core/
17. Phillip Hallam-Baker (Eds), XML Key Management Specification (XKMS), W3C Working Draft 18 April 2003, http://www.w3.org/TR/xkms2
18. J. E. Funderburk, S. Malaika and B. Reinwald, XML Programming with SQL/XML and XQuery, IBM Systems Journal, Vol. 41(2), 2002.
19. Arnaud Le Hors, Philippe Le Hégaret, Lauren Wood, Gavin Nicol, Jonathan Robie, Mike Champion and Steve Byrne, Document Object Model (DOM) Level 2 Core Specification, Version 1.0, W3C Recommendation 13 November, 2000, http://www.w3.org/TR/DOM-Level-2-Core
20. John C. Worsley and Joshua D. Drake, Practical PostgreSQL, O'Reilly, 2002.
21. Len Seligman and Arnon Roseenthal, XML's Impact on Databases and Data Sharing, IEEE Computer, June 2001.
22. Michiharu Kudo and Satoshi Hada, XML Document Security based on provisional Authorization, Proceedings of the 2002 ACM Workshop on XML Security, ACM Press, 2002.
23. R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach and T. Berners-Lee, Hypertext Transfer Protocol - HTTP/1.1, RFC 2616, http://www.rfc.net/rfc2616.html
24. Kennard Scribner and Mark C. Stiver, Understanding SOAP,SAMS, 2000, ISBN 0-672-31922-5.
25. Martin Gudgin, Marc Hadley, Noah Mendelsohn, Jean-Jacques Moreau, and Henrik Frystyk Nielsen, SOAP Version 1.2 Part 1: Messaging Framework, W3C Proposed Recommendation 07 May 2003, http://www.w3c.org/2000/xp/Group/2/06/LC/soap12-part1.html
26. Simon St. Laurent, Edd Dumbill, Joe Johnston, Programming Web Services with XML-RPC, O'Reilly & Associates, 2001, ISBN 0596001193
27. Xin Wang, Guillermo Lao, Thomas DeMartini, Hari Reddy, Mal Nguyen and Edgar Valenzuela, XrML - extensible rights Markup Language, ACM Workshop on XML Security, ACM Press, Nov 22, 2002.
28. John Viege, Matt Messier and Pravir Chandra, Network Security with OpenSSL, O'Reilly and Associates, 2002, ISBN: 0-596-00270-X.