Abstract
Simple Object Access Protocol (SOAP) uses text-supported eXtensible Markup Language (XML) messaging configuration to interchange web encrypted information over a multitude of internet protocols such as SMTP, FTP, HTTP, etc. SOAP is one of the backbone solutions to exchange data between cloud and cloud service users via the Internet. The wide use of decentralized distributed cloud computing systems and rapidly increasing demand for cloud services result in a substantial increase in security vulnerabilities in the cloud. A comprehensive analysis of signature wrapping attack of XML Data and it’s countermeasures to detect and prevent this web security threats have been analyzed in this paper. In the context of security vulnerabilities, we have discussed the use of Xpath expression, ID referencing, relative XPath referencing, absolute XPath referencing, fastXPath Structure-based referencing, and their weaknesses.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Gruschka, N., Lo Iacono, L.: Vulnerable cloud: SOAP message security validation revisited. In: 2009 IEEE International Conference on Web Services, Los Angeles (2009)
Gruschka, N., Jensen, M., Lo Iacono, L., Luttenberger, N.: Server-side streaming processing of ws-security. IEEE T. Serv. Comput. 4, 272–285 (2011)
Gajek, S., Jensen, M., Liao, L., Schwenk, J.: Analysis of signature wrapping attacks and countermeasures. In: ICWS 2009. IEEE International Conference on Web Services, Bochum (2009)
McIntosh, M., Austel, P.: XML Signature Element Wrapping Attacks and Countermeasures. IBM Research Report, NewYork (2005)
Rahaman, M.A., Schaad, A., Rits, M.: Towards secure SOAP message exchange in a SOA. In: 3rd ACM workshop on Secure web services, New York (2006)
Kouchaksaraei, H.R., Chefranov, A.G.: Countering wrapping attack on XML signature in SOAP message for cloud computing. arXiv preprint arXiv:1310.0441 (2013)
Somorovsky, J., Jenson, M., Schwenk, J.: Streaming based verification of XML signature in SOAP messages. In: Proceedings of the 2010 6th World Congress on Services, SERVICES 2010, pp. 637–644. IEEE Computer Society, Washington, DC
Mainka, C., Jensen, M., Lo Iacono, L., Schwenk, J., Ivanov, I., Sinderen, M., Leymann, F., Shan, T.: Making XML signatures immune to XML signature wrapping attacks. In: Cloud Computing and Services Science, Springer International Publishing, vol. 367, pp. 151–167 (2013)
Gruschka, N., Lo Iacono, L.: Vulnerable: SOAP message security validation revised. In: ICWS 2009, Processing of the IEEE International Conference on Web Services. IEEE, Los Angeles (2009)
Gajek, S., Liao, L., Schwenk, J.: Breaking and fixing the inline approach. In: SWS ’07: Proceedings of the 2007 ACM workshop on secure web services, pp. 37–43. ACM, New York, NY, USA (2007)
Bhargavan, K., Fournet, C., Gordon, A.D.: A semantic for Web Services authentication. Theor. Comput. Sci. 340(1), 102–153 (2005)
Jensen, M., Schwenk, J.O., Gruschka, N., Iacono, L.L.: On technical security issues in cloud computing. In: IEEE International Conference on Cloud Computing (CLOUD-II 2009), pp. 109–116 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Modak, S., Majumder, K., De, D. (2021). Vulnerability of Cloud: Analysis of XML Signature Wrapping Attack and Countermeasures. In: Bhattacharjee, D., Kole, D.K., Dey, N., Basu, S., Plewczynski, D. (eds) Proceedings of International Conference on Frontiers in Computing and Systems. Advances in Intelligent Systems and Computing, vol 1255. Springer, Singapore. https://doi.org/10.1007/978-981-15-7834-2_70
Download citation
DOI: https://doi.org/10.1007/978-981-15-7834-2_70
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-7833-5
Online ISBN: 978-981-15-7834-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)