Title :
Vulnerable Cloud: SOAP Message Security Validation Revisited
Author :
Gruschka, Nils ; Iacono, Luigi Lo
Author_Institution :
NEC Labs. Eur., Sankt Augustin, Germany
Abstract :
The service-oriented architecture paradigm is influencing modern software systems remarkably and Web services are a common technology to implement such systems. However, the numerous Web service standard specifications and especially their ambiguity result in a high complexity which opens the door for security-critical mistakes.This paper aims on raising awareness of this issue while discussing a vulnerability in Amazonpsilas Elastic Compute Cloud (EC2) services to XML wrapping attacks, which has since been resolved as a result of our findings and disclosure. More importantly, this paper discusses the verification steps required to effectively validate an incoming SOAP request. It reviews the available work in the light of the discovered Amazon EC2 vulnerability and provides a practical guideline for achieving a robust and effective SOAP message security validation mechanism.
Keywords :
Web services; formal specification; message authentication; program verification; software architecture; Elastic Compute Cloud services; SOAP message security validation; Web service; XML wrapping attack; service-oriented architecture paradigm; vulnerable Cloud; Cloud computing; Guidelines; Robustness; Security; Service oriented architecture; Simple object access protocol; Software systems; Web services; Wrapping; XML; Cloud Computing; Web Service Security; XML Wrapping Attack;
Conference_Titel :
Web Services, 2009. ICWS 2009. IEEE International Conference on
Conference_Location :
Los Angeles, CA
Print_ISBN :
978-0-7695-3709-2
DOI :
10.1109/ICWS.2009.70
