Detailed Information

Cited 0 time in webofscience Cited 2 time in scopus
Metadata Downloads

UNWRAP: An approach on wrapping-attack tolerant SOAP messages

Authors
Nasridinov A.Byun J.-Y.Park Y.-H.
Issue Date
Nov-2012
Publisher
IEEE
Keywords
ontology; SOAP message; XML Signature Wrapping Attacks
Citation
2012 Second International Conference on Cloud and Green Computing, v.2013-FEB, pp 794 - 798
Pages
5
Journal Title
2012 Second International Conference on Cloud and Green Computing
Volume
2013-FEB
Start Page
794
End Page
798
URI
https://scholarworks.sookmyung.ac.kr/handle/2020.sw.sookmyung/12402
DOI
10.1109/CGC.2012.122
ISSN
0000-0000
Abstract
The group of security standards in WS-Security is used to secure exchanges of SOAP messages in Web Service environment. However, despite all of these security standards, SOAP messages can still be vulnerable to types of attacks based on the malicious interception, manipulation, and transmission of SOAP messages. We refer to these types of attacks as XML Signature Wrapping Attacks. In this paper, we propose an approach on wrapping-attack tolerant SOAP messages called UNWRAP. In our approach, we first build SOAP message elements structure using ontology and then attach it in SOAP message header. By validating the ontology in the receiving end, we will be able to detect attacks early in validating process. Also, in our approach, all modifications on SOAP messages are written to a log. So if security failures are occurred, we could check this log and recover from effect of successful execution. Experiments show that the proposed solution has better performance in securing the exchange of SOAP messages. © 2012 IEEE.
Files in This Item
There are no files associated with this item.
Appears in
Collections
ICT융합공학부 > IT공학전공 > 1. Journal Articles

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Related Researcher

Researcher Park, Young Ho photo

Park, Young Ho
공과대학 (인공지능공학부)
Read more

Altmetrics

Total Views & Downloads

BROWSE