论文信息 - Design Issues of a Hybrid Wrapping Attack Protecting Scheme in Cloud Computing Environment

Design Issues of a Hybrid Wrapping Attack Protecting Scheme in Cloud Computing Environment

In the cloud era, cloud security and user privacy have become important issues. Since cloud users often use web browsers to request services from the cloud service providers, when a signed message request is sent to the service receiver from the service provider, attackers can use wrapping attacks to tamper with the SOAP message transferred through the internet in order to avoid legal verifications and access web services without being detected to implement wrapping attacks. This paper is to integrate and improve Node Counting mechanism to propose a hybrid wrapping attack protection scheme called HWRAP.

Shin-Jer Yang | Yu-Hsuan Huang

[1] P. Santhi Thilagam,et al. Detection of XML Signature Wrapping Attack Using Node Counting , 2016 .

[2] Michael McIntosh,et al. XML signature element wrapping attacks and countermeasures , 2005, SWS '05.

[3] P. Mell,et al. The NIST Definition of Cloud Computing , 2011 .

[4] Jörg Schwenk,et al. Analysis of Signature Wrapping Attacks and Countermeasures , 2009, 2009 IEEE International Conference on Web Services.

[5] Alexander G. Chefranov,et al. Countering Wrapping Attack on XML Signature in SOAP Message for Cloud Computing , 2013, ArXiv.

[6] Jörg Schwenk,et al. All your clouds are belong to us: security analysis of cloud management interfaces , 2011, CCSW '11.

[7] Juraj Somorovsky,et al. On the effectiveness of XML Schema validation for countering XML Signature Wrapping attacks , 2011, 2011 1st International Workshop on Securing Services on the Cloud (IWSSC).