In recent research it turned out that Boolean verification, of digital signatures in the context of WSSecurity, is likely to fail: If parts of a SOAP message, are signed and the signature verification applied to, the whole document returns true, then nevertheless the, document may have been significantly altered., In this paper, we provide a detailed analysis on the, possible scenarios that enable these signature wrapping, attacks. Derived from this analysis, we propose, a new solution that uses a subset of XPath instead of, ID attributes to point to the signed subtree, and show, that this solution is both efficient and secure.
|Titel||2009 IEEE International Conference on Web Services, ICWS 2009|
|Publikationsdato||19. nov. 2009|
|Status||Udgivet - 19. nov. 2009|