Datenschutz und Datensicherheit - DuD

, Volume 36, Issue 4, pp 236–240 | Cite as

XML Signature Wrapping Angriffe wirksam unterbinden

  • Meiko Jensen
  • Holger Junker
  • Luigi Lo Iacono
  • Christian Mainka
  • Jörg Schwenk
Schwerpunkt
  • 127 Downloads

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Literatur

  1. [1]
    Die Beauftragte der Bundesregierung für Informationstechnik: SAGA, http://www.cio.bund.de/DE/Architekturen-und-Standards/SAGA/saga_node.html
  2. [2]
    Die Beauftragte der Bundesregierung für Informationstechnik: Leitfaden Plattformunabhängigkeit, http://www.cio.bund.de/SharedDocs/Publikationen/DE/Architekturen-und-Standards/leitfaden_plattformunabhaengigkeit_Stand_2007_download.html
  3. [3]
  4. [4]
  5. [5]
    Die Beauftragte der Bundesregierung für Informationstechnik: IT-Dienstleistungszentren des Bundes, http://www.cio.bund.de/DE/IT-Angebot/IT-Dienstleistungszentren/dienstleistungszentren_node.html
  6. [6]
    T. Jager, J. Somorovsky: How To Break XML Encryption. 18th ACM Conference on Computer and Communications Security (CCS), 2011Google Scholar
  7. [7]
    J. Somorovsky, M. Heiderich, M. Jensen, J. Schwenk, N. Gruschka, L. Lo Iacono: All Your Clouds Are Belong to Us — Security Analysis of Cloud Management Interfaces. ACM Cloud Computing Security Workshop (CCSW), 2011Google Scholar
  8. [8]
    N. Gruschka, M. Jensen, L. Lo Iacono, J. Schwenk: XML Signature Wrapping Angriffe, DuD, 9/2009, Seiten 553–560, 2009CrossRefGoogle Scholar
  9. [9]
    N. Gruschka, L. Lo Iacono: Vulnerable Cloud: SOAP Message Security Validation Revisited, IEEE International Conference on Web Services (ICWS), 2009Google Scholar
  10. [10]
    K. Bhargavan, C. Fournet, A. D. Gordon, G. O’shea: An advisor for Web Services Security policies, Workshop on Secure Web Services (SWS), 2005Google Scholar
  11. [11]
    M. A. Rahaman, A. Schaad, M. Rits: Towards secure SOAP message exchange in a SOA, Workshop on Secure Web Services (SWS), 2006Google Scholar
  12. [12]
    S. Gajek, L. Liao, J. Schwenk: Breaking and fixing the inline approach, Workshop on Secure Web Services (SWS), 2007Google Scholar
  13. [13]
    S. Gajek, M. Jensen, L. Liao, J. Schwenk: Analysis of signature wrapping attacks and countermeasures, IEEE International Conference on Web Services (ICWS), 2009Google Scholar
  14. [14]
    M. Jensen, L. Liao, J. Schwenk: The curse of namespaces in the domain of xml signature. Workshop on Secure Web Services (SWS), 2009.Google Scholar
  15. [15]
    M. Jensen, C, Meyer, J. Somorovsky, J. Schwenk: On the effectiveness of xml schema validation for countering xml signature wrapping attacks. First International Workshop on Securing Services on the Cloud (IWSSC), 2011.Google Scholar
  16. [16]
    McIntosh, Michael; Austel, Paula: XML Signature Element Wrapping Attacks and Countermeasures, IBM Research Report, RC23691, August 9, 2005.Google Scholar

Copyright information

© Springer Fachmedien Wiesbaden 2012

Authors and Affiliations

  • Meiko Jensen
  • Holger Junker
  • Luigi Lo Iacono
  • Christian Mainka
  • Jörg Schwenk

There are no affiliations available

Personalised recommendations