Breaking and fixing the inline approach

SWS'07 - Proceedings of the 2007 ACM Workshop on Secure Web Services

Volumn , Issue , 2007, Pages 37-43

  Gajek, Sebastian ^a   Liao, Lijun ^a   Schwenk, Jörg ^a  

^a RUHR UNIVERSITY BOCHUM   (Germany)

Author keywords

countermeasures; inline approach; wrapping attacks; XML signature

Indexed keywords

BOOLEAN VALUES; DIGITAL SIGNATURE; IN-LINE; SIGNATURE VERIFICATION; XML SIGNATURE;

MARKUP LANGUAGES; WEB SERVICES; XML;

NETWORK SECURITY;

EID: 74049118181     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1314418.1314425     Document Type: Conference Paper

References (17)

1. Security in a Web Services World: A Proposed Architecture and Roadmap, April 7, 2002. http://www.ibm.com/developerworks/library/specification/ws- secmap/.
2. A. Nadalin, C. Kaler, R. Monzillo, and P. Hallam-Baker (Editor). Web services security: SOAP message security 1.1, Nov. 2006.
3. M. Bartel, J. Boyer, B. Fox, B. LaMacchia, and E. Simon. XML-signature syntax and processing, Feb. 2002.
4. Berglund, S. Boag, D. Chamberlin, M. F. Fernandez, M. Kay, J. Robie, and J. Simon. XML path language (XPath), version 2.0, Jan. 2007.
5. K. Bhargavan, C. Fournet, A. Gordon, and G. O'Shea. An advisor for web services security policies. In Workshop on Secure Web Services, 2005.
6. K. Bhargavan, C. Fournet, and A. D. Gordon. Verifying policy-based security for web services. In CCS '04: Proceedings of the 11th ACM conference on Computer and communications security, pages 268-277, 2004.
7. J. Boyer. Canonical XML version 1.0, Mar. 2001.
8. J. Boyer, D. Eastlake, and J. Reagle. Exclusive XML canonicalization, version 1.0, July 2002.
9. J. Callas, L. Donnerhacke, H. Finney, and R. Thayer. OpenPGP message format, Nov. 1998.
10. T. Imamura, B. Dillaway, and E. Simon. XML encryption syntax and processing, Dec. 2002.
11. B. Kaliski. PKCS#7: Cryptographic message syntax standard, version 1.5, Mar. 1998.
12. M. McIntosh and P. Austel. XML signature element wrapping attacks and countermeasures. In Workshop on Secure Web Services, 2005.
13. M. McIntosh and P. Austel. XML signature element wrapping attacks and countermeasures. Technical report, IBM Research Devision, 2005.
14. M. A. Rahaman, R. Marten, and A. Schaad. An inline approach for secure soap requests and early validation. OWASP AppSec Europe, 2006.
15. M. A. Rahaman, A. Schaad, and M. Rits. Towards secure soap message exchange in a soa. In Workshop on Secure Web Services, 2006.
16. P. Wadler. A formal semantics of patterns in xslt. Technical report, Bell Labs, 2000.
17. P. Wadler. Two semantics for xpath. Technical report, Bell Labs, 2000.