XML signature element wrapping attacks and countermeasures
Proceedings of the 2005 workshop on Secure web services
Taxonomy of XML schema languages using formal language theory
ACM Transactions on Internet Technology (TOIT)
Towards secure SOAP message exchange in a SOA
Proceedings of the 3rd ACM workshop on Secure web services
Breaking and fixing the inline approach
Proceedings of the 2007 ACM workshop on Secure web services
The curse of namespaces in the domain of XML signature
Proceedings of the 2009 ACM workshop on Secure web services
Hi-index | 0.00 |
In Service Oriented Architecture Web Services, communication among services is banking on XML-Based messages, called SOAP messages. These messages are prone to attacks that are classified in literature as XML rewriting attacks. Since rewriting is a formal mechanism used in formal language theory, and the rewriting attack problem is designed under the framework of formal language theory, the solution also lies under the same framework. In this paper we propose a formal solution to XML rewriting attacks on SOAP messages using regular tree grammar. To the best of our knowledge this is the first formal solution to this problem. We define current XML signatures used in a SOAP message as context-free signature. The formal solution proposed here is a context-sensitive XML signature. To address the additional requirements of SOAP extensibility model, where a SOAP message can pass through several intermediaries before reaching the final receiver, an adaptive variant of context-sensitive signature is also proposed. The solution addresses different forms of XML rewriting attacks. An analysis of the solution is also given in the paper.