A Study on Detection Techniques of XML Rewriting Attacks in Web Services

Aziz Nasridinov; Jeong-Yong Byun; Young-Ho Park

A Study on Detection Techniques of XML Rewriting Attacks in Web Services

원문정보

Aziz Nasridinov, Jeong-Yong Byun, Young-Ho Park

보안공학연구지원센터(IJCA) International Journal of Control and Automation Vol.7 No.1 2014.01 pp.391-400 SCOPUS

피인용수 : 0건 (자료제공 : 네이버학술정보)

초록

영어

Making Web Services secure means making SOAP messages secure and keeping them secure wherever they go. Several security standards of Web Service Security (WS-Security), such as XML Digital Signature, are used to secure SOAP messages exchange in Web Service environment. However, the content of a SOAP message, protected with XML Digital Signature, can be changed without invalidating the signature. In this paper, we present a study on detection techniques of XML Rewriting attacks in Web Services. We first explore the XML Rewriting Attack that can take place in Web Service communication. We further investigate detection techniques and describe their limitations. Finally, we discuss general countermeasures for prevention and mitigation of XML Rewriting attacks.

Abstract
1. Introduction
2. Preliminaries
  2.1. Web Services
  2.2. SOAP Messages
  2.3. XML Digital Signature
3. XML Rewriting Attack
4. XML Rewriting Attack Detection in Web Services
  4.1. Policy-Based Approaches
  4.2. Inline-Based Approaches
  4.3. String-Based Approaches
  4.4. Others
5. Analysis of XML Rewriting Attack Detection Techniques
6. Conclusion
Acknowledgement
References

키워드

저자정보

Aziz Nasridinov Department of Multimedia Science, Sookmyung Women’s University
Jeong-Yong Byun School of Computer Engineering, Dongguk University at Gyeongju
Young-Ho Park Department of Multimedia Science, Sookmyung Women’s University

참고문헌

자료제공 : 네이버학술정보

함께 이용한 논문

※ 원문제공기관과의 협약기간이 종료되어 열람이 제한될 수 있습니다.

0개의 논문이 장바구니에 담겼습니다.

earticle