XML signature element wrapping attacks and countermeasures

XML signature element wrapping attacks and countermeasures,10.1145/1103022.1103026,Michael Mcintosh,Paula Austel

XML signature element wrapping attacks and countermeasures   (Citations: 36)
BibTex | RIS | RefWorks Download
Naive use of XML Signature may result in signed documents remainingvulnerable to undetected modification by an adversary. In thetypical usage of XML Signature to protect SOAP messages, anadversary may be capable of modifying valid messages in order togain unauthorized access to protected resources.This paperdescribes the general vulnerability and several related exploits,and proposes appropriate countermeasures. While the attacksdescribed herein may se obvious to security experts once they areexplained, effective countermeasures require careful securitypolicy specification and correct implentation by signed messageproviders and consumers. Since these implenters are not alwayssecurity experts, this paper provides the guidance necessary toprevent these attacks.
Conference: Secure Web Services - SWS , pp. 20-27, 2005
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
Sort by: