원문정보
초록
영어
Making Web Services secure means making SOAP messages secure and keeping them secure wherever they go. Several security standards of Web Service Security (WS-Security), such as XML Digital Signature, are used to secure SOAP messages exchange in Web Service environment. However, the content of a SOAP message, protected with XML Digital Signature, can be changed without invalidating the signature. In this paper, we present a study on detection techniques of XML Rewriting attacks in Web Services. We first explore the XML Rewriting Attack that can take place in Web Service communication. We further investigate detection techniques and describe their limitations. Finally, we discuss general countermeasures for prevention and mitigation of XML Rewriting attacks.
목차
1. Introduction
2. Preliminaries
2.1. Web Services
2.2. SOAP Messages
2.3. XML Digital Signature
3. XML Rewriting Attack
4. XML Rewriting Attack Detection in Web Services
4.1. Policy-Based Approaches
4.2. Inline-Based Approaches
4.3. String-Based Approaches
4.4. Others
5. Analysis of XML Rewriting Attack Detection Techniques
6. Conclusion
Acknowledgement
References