Tailoring the Dolev-Yao abstraction to web services realities
Proceedings of the 2005 workshop on Secure web services
Breaking and fixing the inline approach
Proceedings of the 2007 ACM workshop on Secure web services
XML security - A comparative literature review
Journal of Systems and Software
A formal solution to rewriting attacks on SOAP messages
Proceedings of the 2008 ACM workshop on Secure web services
The curse of namespaces in the domain of XML signature
Proceedings of the 2009 ACM workshop on Secure web services
Extending the similarity-based XML multicast approach with digital signatures
Proceedings of the 2009 ACM workshop on Secure web services
XML security in healthcare web systems
2010 Information Security Curriculum Development Conference
Experimental analysis of attacks against web services and countermeasures
Proceedings of the 12th International Conference on Information Integration and Web-based Applications & Services
All your clouds are belong to us: security analysis of cloud management interfaces
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
Proceedings of the 18th ACM conference on Computer and communications security
Security in opensocial-instrumented social networking services
CMS'10 Proceedings of the 11th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security
CMS'10 Proceedings of the 11th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security
Let's parse to prevent pwnage invited position paper
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Web Security: Web service layer security (WSLS)
Network Security
On breaking SAML: be whoever you want to be
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Towards verifiable resource accounting for outsourced computation
Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
The technical security issues in cloud computing
International Journal of Information and Communication Technology
Automatic verification of protocols with lists of unbounded length
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.00 |
Naive use of XML Signature may result in signed documents remainingvulnerable to undetected modification by an adversary. In thetypical usage of XML Signature to protect SOAP messages, anadversary may be capable of modifying valid messages in order togain unauthorized access to protected resources.This paperdescribes the general vulnerability and several related exploits,and proposes appropriate countermeasures. While the attacksdescribed herein may se obvious to security experts once they areexplained, effective countermeasures require careful securitypolicy specification and correct implentation by signed messageproviders and consumers. Since these implenters are not alwayssecurity experts, this paper provides the guidance necessary toprevent these attacks.