XML Rewriting Attacks: Existing Solutions and their Limitations

Web Services are web-based applications made available for web users or remote Web-based programs. In order to promote interoperability, they publish their interfaces in the so-called WSDL file and allow remote call over the network. Although Web Services can be used in different ways, the industry standard is the Service Oriented Architecture Web Services that doesn't rely on the implementation details. In this architecture, communication is performed through XML-based messages called SOAP messages. However, those messages are prone to attacks that can lead to code injection, unauthorized accesses, identity theft, etc. This type of attacks, called XML Rewriting Attacks, are all based on unauthorized, yet possible, modifications of SOAP messages. We present in this paper an explanation of this kind of attack, review the existing solutions, and show their limitations. We also propose some ideas to secure SOAP messages, as well as implementation ideas

Non-Blocking Signature of very large SOAP Messages

Data transfer and staging services are common components in Grid-based, or more generally, in service-oriented applications. Security mechanisms play a central role in such services, especially when they are deployed in sensitive application fields like e-health. The adoption of WS-Security and related standards to SOAP-based transfer services is, however, problematic as a straightforward adoption of SOAP with MTOM introduces considerable inefficiencies in the signature generation process when large data sets are involved. This paper proposes a non-blocking, signature generation approach enabling a stream-like processing with considerable performance enhancements.Comment: 13 pages, 5 figure

Non-Blocking Signature of very large SOAP Messages

Data transfer and staging services are common components in Grid-based, or more generally, in service-oriented applications. Security mechanisms play a central role in such services, especially when they are deployed in sensitive application fields like e-health. The adoption of WS-Security and related standards to SOAP-based transfer services is, however, problematic as a straightforward adoption of SOAP with MTOM introduces considerable inefficiencies in the signature generation process when large data sets are involved. This paper proposes a non-blocking, signature generation approach enabling a stream-like processing with considerable performance enhancements.Comment: 13 pages, 5 figure

A personal networking solution

This paper presents an overview of research being conducted on Personal Networking Solutions within the Mobile VCE Personal Distributed Environment Work Area. In particular it attempts to highlight areas of commonality with the MAGNET initiative. These areas include trust of foreign devices and service providers, dynamic real-time service negotiation to permit context-aware service delivery, an automated controller algorithm for wireless ad hoc networks, and routing protocols for ad hoc networking environments. Where possible references are provided to Mobile VCE publications to enable further reading

BOF4WSS : a business-oriented framework for enhancing web services security for e-business

When considering Web services' (WS) use for online business-to-business (B2B) collaboration between companies, security is a complicated and very topical issue. This is especially true with regard to reaching a level of security beyond the technological layer, that is supported and trusted by all businesses involved. With appreciation of this fact, our research draws from established development methodologies to develop a new, business-oriented framework (BOF4WSS) to guide e-businesses in defining, and achieving agreed security levels across these collaborating enterprises. The approach envisioned is such that it can be used by businesses-in a joint manner-to manage the comprehensive concern that security in the WS environment has become

"BURO Case Study" In "Making the Repository Count: lessons from successful implementation"

Matt Holland and Tim Denning continue the research theme and consider the importance of IRs in support of research, focussing on three areas; how the IR fits with the university organisation; how to promote the use of the IR to end users and contributors; and how to secure long term benefits for the broadest range of stakeholders. They incorporate two case studies into the discussion, and include a description of the implementation of Bournemouth University Research Online (BURO). With contributions from Emma Crowley, BURO Manager

Australian subject gateways, the successes and the challenges

The paper provides an overview of subject gateway development in Australia and takes a closer look at three subject gateways coordinated by the University of Queensland: AustLit: Australian Literature Gateway; AVEL Sustainability Knowledge Network, an engineering and sustainable development gateway; and WebLaw, a gateway for legal professionals. The challenges facing subject gateways are examined, including interoperability, coordination and most significantly, sustainability. The paper concludes with the overarching questions being considered by gateway coordinators such as the place of subject gateways and their future given trends in the evolution of the web.<br /