XSpRES - Robust and Effective XML Signatures for Web Services

Christian Mainka; Meiko Jensen; Luigi Lo Iacono; Jörg Schwenk

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

XSpRES - Robust and Effective XML Signatures for Web Services

Topics: Cloud Security; Cloud Standards; Service-Oriented Architecture; Web Services

In Proceedings of the 2nd International Conference on Cloud Computing and Services Science CLOSER - Volume 1, 187-197, 2012 , Porto, Portugal

Authors: Christian Mainka ¹ ; Meiko Jensen ¹ ; Luigi Lo Iacono ² and Jörg Schwenk ¹

Affiliations: ¹ Horst Görtz Institute for IT-Security, Germany ; ² Cologne University of Applied Sciences, Germany

Keyword(s): XML Signature, XML Signature Wrapping, Web Services, WS-security, SOA, Cloud.

Related Ontology Subjects/Areas/Topics: Cloud Computing ; Cloud Standards ; Collaboration and e-Services ; Communication and Software Technologies and Architectures ; Data Engineering ; e-Business ; Enterprise Information Systems ; Fundamentals ; Languages, Tools and Architectures ; Mobile Software and Services ; Model-Driven Software Development ; Ontologies and the Semantic Web ; Service-Oriented Architectures ; Services Science ; Software Agents and Internet Computing ; Software Engineering ; Software Engineering Methods and Techniques ; Technology Platforms ; Telecommunications ; Web Services ; Wireless Information Networks and Systems

Abstract: XML Encryption and XML Signature are fundamental security standards forming the core for many applications which require to process XML-based data. Due to the increased usage of XML in distributed systems and platforms such as in SOA and Cloud settings, the demand for robust and effective security mechanisms increased as well. Recent research work discovered, however, substantial vulnerabilities in these standards as well as in the vast majority of the available implementations. Amongst them, the so-called XML Signature Wrapping attack belongs to the most relevant ones. With the many possible instances of this attack type, it is feasible to annul security systems relying on XML Signature and to gain access to protected resources as has been successfully demonstrated lately for various Cloud infrastructures and services. This paper contributes a comprehensive approach to robust and effective XML Signatures for SOAP-based Web Services. An architecture is proposed, which integrates the required enhancements to ensure a fail-safe and robust signature generation and verification. Following this architecture, a hardened XML Signature library has been implemented. The obtained evaluation results show that the developed concept and library provide the targeted robustness against all kinds of known XML Signature Wrapping attacks. Furthermore the empirical results underline, that these security merits are obtained at low efficiency and performance costs as well as remain compliant with the underlying standards. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 3.135.184.136

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Mainka, C.; Jensen, M.; Lo Iacono, L. and Schwenk, J. (2012). XSpRES - Robust and Effective XML Signatures for Web Services. In Proceedings of the 2nd International Conference on Cloud Computing and Services Science - CLOSER; ISBN 978-989-8565-05-1; ISSN 2184-5042, SciTePress, pages 187-197. DOI: 10.5220/0003925701870197

@conference{closer12,
author={Christian Mainka. and Meiko Jensen. and Luigi {Lo Iacono}. and Jörg Schwenk.},
title={XSpRES - Robust and Effective XML Signatures for Web Services},
booktitle={Proceedings of the 2nd International Conference on Cloud Computing and Services Science - CLOSER},
year={2012},
pages={187-197},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003925701870197},
isbn={978-989-8565-05-1},
issn={2184-5042},
}

TY - CONF

JO - Proceedings of the 2nd International Conference on Cloud Computing and Services Science - CLOSER
TI - XSpRES - Robust and Effective XML Signatures for Web Services
SN - 978-989-8565-05-1
IS - 2184-5042
AU - Mainka, C.
AU - Jensen, M.
AU - Lo Iacono, L.
AU - Schwenk, J.
PY - 2012
SP - 187
EP - 197
DO - 10.5220/0003925701870197
PB - SciTePress