Verifying policy-based security for web services
Proceedings of the 11th ACM conference on Computer and communications security
Breaking and fixing the inline approach
Proceedings of the 2007 ACM workshop on Secure web services
Efficient SOAP message exchange and evaluation through XML similarity
Proceedings of the 2008 ACM workshop on Secure web services
A formal solution to rewriting attacks on SOAP messages
Proceedings of the 2008 ACM workshop on Secure web services
A framework using service oriented architecture in a community information and referral system
Journal of Computing Sciences in Colleges
Protecting Global SOA from DoS and Other Security Threats
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
A Solution CBR Agent-Based to Classify SOAP Message within SOA Environments
HAIS '09 Proceedings of the 4th International Conference on Hybrid Artificial Intelligence Systems
The curse of namespaces in the domain of XML signature
Proceedings of the 2009 ACM workshop on Secure web services
Enabling user authentication and authorization to support context-aware UPnP applications
WebMedia '09 Proceedings of the XV Brazilian Symposium on Multimedia and the Web
Experimental analysis of attacks against web services and countermeasures
Proceedings of the 12th International Conference on Information Integration and Web-based Applications & Services
On breaking SAML: be whoever you want to be
Security'12 Proceedings of the 21st USENIX conference on Security symposium
The technical security issues in cloud computing
International Journal of Information and Communication Technology
| Hi-index | 0.00 |
SOAP message exchange is one of the core services required for system integration in Service Oriented Architecture (SOA) environments. One key concern in a SOA is thus to provide Message Level Security (as opposed to point to point security). We observe that systems are communicating with each other in a SOA over SOAP messages, often without adequate protection against XML rewriting attacks.We have already provided a solution to protect the integrity of SOAP messages in earlier work [1]. This solution was based on the usage of messagestructure information (SOAP Account) for preservation of message integrity. However, this earlier work did not discuss the issue of forging the SOAP Account itself. In this paper, we discuss the integrity feature of a SOAP Account within a more general context of the current web service security state of the art.