SOA and Web services: New technologies, new standards - New attacks

Proceedings of the 5th IEEE European Conference on Web Services, ECOWS 07

Volumn , Issue , 2007, Pages 35-44

  Jensen, Meiko ^a   Gruschka, Nils ^a   Herkenhöner, Ralph ^a   Luttenberger, Norbert ^a  

^a UNIVERSITY OF KIEL   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

INFORMATION SERVICES; INTERNET; STANDARDS; TECHNOLOGY; WEB SERVICES; WEIGHT CONTROL; WORLD WIDE WEB;

COUNTERMEASURES (CM); EUROPEAN; INTERNET COMMUNICATIONS; NEW TECHNOLOGIES; OPEN NETWORKS; SECURITY ATTACKS;

INTERNET PROTOCOLS;

EID: 47749117614     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ECOWS.2007.9     Document Type: Conference Paper

References (28)

1. Tony Andrews, Francisco Curbera, Hitesh Dholakia, Yaron Goland, Johannes Klein, Frank Leymann, Kevin Liu, Dieter Roller, Doug Smith, Satish Thatte, Ivana Trickovic, and Sanjiva Weerawarana. Business Process Execution Language for Web Services Version 1.1. May 2003.
2. Chris Anley. Advanced SQL injection in SQL server applications. Technical report, NGSSoftware Insight Security Research, 2002.
3. Keith Ballinger, David Ehnebuske, Christopher Ferris, Martin Gudgin, Canyang Kevin Liu, Mark Nottingham, and Prasad Yendluri. Basic Profile Version 1.1. WS-I Organisation, 2004.
4. Mark Bartel, John Boyer, Barb Fox, Brian LaMacchia, and Ed Simon. XML-Signature Syntax and Processing. W3C Recommendation, 2002.
5. Karthikeyan Bhargavan, Cedric Fournet, Andrew D. Gordon, and Greg O'Shea. An advisor for Web Services security policies. In SWS '05: Proceedings of the 2005 workshop on Secure web services, pages 1-9, New York, NY, USA, 2005. ACM Press.
6. Matt Bishop. Computer Security. Addison Wesley, 2003.
7. Erik Christensen, Francisco Curbera, Greg Meredith, and Sanjiva Weerawarana. Web Services Description Language (WSDL). W3C Note, 2001.
8. Ruchith Fernando. Secure web services with apache rampart. Technical report, WSO2 Oxygen Tank, 2006.
9. Nils Gruschka and Ralph Herkenhöner. WS-Security Policy Decision and Enforcement for Web Service Firewalls. In Proceedings of the IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation, 2006.
10. Nils Gruschka, Ralph Herkenhöner, and Norbert Luttenberger. Access Control Enforcement for Web Services by Event-Based Security Token Processing. In T. Braun, G. Carle, and B. Stiller, editors, 15. ITG/Gi Fachtagung Kommunikation in Verteilten Systemen (KiVS 2007), pages 371-382, 2007.
11. Nils Gruschka, Meiko Jensen, and Norbert Luttenberger. A Stateful Web Service Firewall for BPEL. To be published in: Proceedings of the IEEE International Conference on Web Services (ICWS 2007), 2007.
12. Nils Gruschka and Norbert Luttenberger. Protecting Web Services from DoS Attacks by SOAP Message Validation. In Proceedings of the IFIP TC-11 21. International Information Security Conference (SEC 2006), 2006.
13. Nils Gruschka, Norbert Luttenberger, and Ralph Herkenhöner. Event-based SOAP message validation for WS-Security Policy-Enriched web services. In Proceedings of the 2006 International Conference on Semantic Web & Web Services, 2006.
14. Martin Gudgin, Marc Hadley, and Tony Rogers. Web Services Addressing 1.0 - SOAP Binding. W3C Recommendation, May 2006.
15. Arnaud Le Hors, Philippe Le Hegaret, Lauren Wood, Gavin Nicol, Jonathan Robie, Mike Champion, and Steve Byrne. Document Object Model (DOM) Level 3 Core Specification. W3C Recommendation, 2004.
16. Takeshi Imamura, Blair Dillaway, and Ed Simon. XML Encryption Syntax and Processing. W3C Recommendation, 2002.
17. Deepal Jayasinghe. SOA development with Axis2: Understanding Axis2 basis. IBM developerWorks, 2006.
18. Meiko Jensen. Konzeption und Implementierung einer BPEL Firewall. Diploma Thesis, 2007.
19. Chris Kaler and Anthony Nadalin (editors). Web Services Security Policy Language (WS-SecurityPolicy) 1.1. 2005.
20. J. Leiwo, P. Nikander, and T. Aura. Towards network denial of service resistant protocols. In Proc. of the 15th International Information Security Conference (IFIP/SEC), 2000.
21. Pete Lindstrom. Attacking and Defending Web Service. A Spire Research Report, 2004.
22. Michael McIntosh and Paula Austel. XML signature element wrapping attacks and countermeasures. In SWS '05: Proceedings of the 2005 workshop on Secure web services, pages 20-27, New York, NY, USA, 2005. ACM Press.
23. Anthony Nadalin, Chris Kaler, Ronald Monzillo, and Phillip Hallam-Baker. Web Services Security: SOAP Message Security 1.1 (WS-Security 2004). 2006.
24. Roger M. Needham. Denial of service: an example. Commun. ACM, 37(11):42-46, 1994.
25. Markus L. Noga, Steffen Schott, and Welf Löwe. Lazy XML processing. In DocEng '02: Proceedings of the 2002 ACM symposium on document engineering, pages 88-94, New York, NY, USA, 2002. ACM Press.
26. Günter Schäfer. Sabotageangriffe auf Kommunikationsstrukturen: Angriffstechniken und Abwehrmaßnahmen. PIK 28, pages 130-139, 2005.
27. Adam Smith. Estonia: Under siege on the web. Time Magazine, http://www.time.com/time/magazine/article/0,9171,1626744,00.html, 2007.
28. The SAX Project. Simple API for XML-SAX 2.0.1. http://www.saxproject.org/ , 2002.