XML重写攻击检测技术研究

Study on Detecting Technique for XML Rewriting Attack

下载PDF

导出

摘要细粒度的XML数字签名中存在重写攻击的问题,已有多种方案用来检测XML重写攻击。文中在分析评估了这些检测方案的基础上,讨论了针对各种常见重写攻击类型的安全应对方案以及各种检测方案的最佳应用场景。研究结果表明:安全策略、验证互补(过滤器)、Fast XPath以及标记DOM树中元素位置方案能有效地检测到常见的重写攻击方式,且除内联法及验证互补(位置指示器)方案外,已有方案都可应用于有效的检测中间人攻击和重放攻击的场景中。然而,针对修改签名元素上下文关联信息的攻击方式,已有方案都不能检测到。 There is rewriting attack problem in the free-grained XML digital signature now. There are several can be used to detect XML rewriting attack. It makes a discussion on the security scheme to deal with the common rewriting attacks and the best appli- cation scenarios of the existing detection scheme based on the analysis and evaluation of the existing detection scheme. The study results show that security policy,verification complementary （filter） ,FastXPath and mark element position scheme in the DOM tree can detect the common attacks effectively and existing scheme can apply to detecting man-in-the-middle attack and repay attack effectively except for inline approach and verification complementary （position indicator ） scheme. However, for attacks against modifying signature element context-sensitive information, all the existing detection scheme can＇t detect.

作者刘宝龙杨威陈桦

机构地区西安工业大学计算机科学与工程学院

出处《计算机技术与发展》 2016年第6期101-105,共5页 Computer Technology and Development

基金教育部留学归国人员科研启动金资助项目(2013693) 面向重大装备和能源化工的制造业信息化综合应用示范项目(2012BAF12B04) 陕西省教育专项科研计划项目(15KJ1350)

关键词 XML重写攻击安全策略 SOAPAccount 验证互补 FastXPath 重定向攻击多Security头攻击 XML rewriting attack security policy SOAP Account verification complementary FastXPath redirection attack multiple security header attack

分类号 TP309.2 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献14

1McIntosh tacks and M, Austel P. XML signature element wrapping at- ACM workshop on secure Press ,2005:20-27. [ C ]//Proceedings of the 2005 web services. Fairfax, USA: ACM.
2Web Services Policy 1.2 - Framework ( WS - Policy ) [ EB/ OL]. 2006-05- 25. http ://www. w3. org/Submission/2006/ SUBM-WS-Policy - 20060425/.
3Della-Libera G, Hondo M ,Janczuk T, et al. Web Services Se- curity Policy language ( WS - Security Policy ) [ EB/OL ]. 2002. http://msdn, microsoft, corn/library/default, asp? url =/library/en-us/dnglobspec/htmL/wssecuritypolicy. asp.
4Bhargavan K, Fournet C, Gordon A, et al. TulaFale : a security tool for web services[ C ]//Proceedings of the 2nd internation- al symposium on formal methods for components and objects. [s. 1. ] :Is. n. ] ,2004:197-222.
5Bhargavan K, Fournet C, Gordon A. An advisor for web serv- ices security policies [ C ]//Proceeding of the secure web services workshop. [ s. 1. ]: [ s. n. ] ,2005 : 1-9.
6朱云,徐枫,宴轲.基于XML重写的SOAP安全[J].信息工程大学学报,2013,14(5):634-640. 被引量：1
7Rahaman M A, Marten R, Schaad A. An inline approach for secure soap requests and early validation[ C]//Proceeding of the Open Web Application Security Project Europe conference ( OWASP). Leuven,Belgium: [ s. n. ] ,2006:1-15.
8Rahaman M A, Sehaad A. Soap-based secure conversation and collaboration [ C ]//Proceedings of IEEE international conference on web services. Salt Lake City, Utah: IEEE, 2007:471-480.
9Rahaman M A, Schaad A, Rits M. Towards secure soap mes- sage exchange in a SOA[ C ]//Proceedings of the 3rd ACM workshop on secure web services. Virginia,USA:ACM ,2006 : 77-84.
10Benameur A, Kadir F A, Fenet S. XML rewriting attacks: exist- ing solutions and their limitations [ C ]//Proceeding of the in- ternational conference on applied computing. Algavre, Portu- gal:[ s. n. ] ,2008:94-102.

二级参考文献12

1AI-Shammary D, Khalil I. Redundancy-aware SOAP messages compression and aggregation for enhanced performanc [ J]. Journal of Network and Computer Applications, 2011, 1 : 365-381.
2Benameur, Abdul Kadir F, Fenet S. XML Rewriting Attacks: Existing Solutions and their Limitations[ EB/OL]. [ 2008-08- 11 ]. http ://arxiv. org/abs/0812. 4181.
3Mohammad Ashiqur Rahaman, Maarten Rits, Andreas Sehaad. An Inline Approach for Secure SOAP Requests and Early Vali- dation[C]//OWASP Europe Conference. 2006 : 1-15.
4Mohammad Ashiqur Rahaman, Maarten Rits, Andreas Schaad. Towards Secure SOAP Message Exchange in a SOA [ C ]// Proceedings of the Secure Web Services Workshop. 2006:77-$4.
5Murata M, Lee D, Mani M, et al. Taxonomy of xml schema languages using formal language theory[J]. ACM Trans. Interet Teehnol, 2005,4:660-704.
6Michael McIntosh, Paula Austel. XML Signature Element Wrapping Attacks and Countermeasures [ C ]//Proceedings of the Secure Web Services Workshop. 2005:20-27.
7Smriti Kumar Sinha, Azzedine Benameur. A Formal Solution to Rewriting Attacks on SOAP Messages [ C ]//SWS, Fairfax, Virginia. 2008:53-59.
8Bhargavan K, Fournet C, Gordon A,et al. TulaFale: A Security Tool for Web Services[ C ]//Proceedings of the 2nd Interna- tional Symposium on Formal Methods for Components and Objects. 2004:197-222.
9Bhargavan K, Fournet C, Gordon A. An Advisor for Web Services Security Policies[ C ]//Proceeding of the Secure Web Serv- ices Workshop. 2005 : 1-9.
10Bhargavan K, Fournet C, Gordon A. Verifying Policy-Based Security for Web Services [ C ]//Proceeding of the 11 th ACM Conference on Computer and Communications Security. 2004:268-277.

1吴铮,段友祥.基于PI演算的反XML重写攻击安全模型验证[J].微计算机应用,2008,29(4):39-43.
2宋瑞,赵强.基于SOA的SOAP消息交换安全的研究[J].科学技术与工程,2009,9(9):2487-2491. 被引量：2
3朱云,徐枫,宴轲.基于XML重写的SOAP安全[J].信息工程大学学报,2013,14(5):634-640. 被引量：1
4陈其杉,方勇,李岳璘,邓远林,袁媛,石稀林.移动IPv6中的重定向攻击分析及防御[J].网络安全技术与应用,2006(9):89-91.
5孔德剑,李勇.ICMP重定向攻击与防范方法研究[J].中小企业管理与科技,2015(28):211-212.
6周文,陈凯,张艳.SIP重定向攻击实现及防范[J].信息安全与通信保密,2009,31(4):87-88. 被引量：1
7万扬,戴运桃,李丽.嵌入式系统VxWorks下界面元素位置存储文件的创建和应用[J].应用科技,2006,33(3):42-45. 被引量：1
8辛志东,李祥和,冉晓旻,童珉.局域网中的ARP重定向攻击及防御措施[J].微计算机信息,2005,21(08X):10-12. 被引量：17
9杨杨,房超,刘辉.ARP欺骗及ICMP重定向攻击技术研究[J].计算机工程,2008,34(2):103-104. 被引量：13
10胡旭栋,于建华,张根度.对移动IPv6中的重定向攻击的防御[J].计算机工程,2004,30(11):101-102.

计算机技术与发展

2016年第6期

浏览历史

内容加载中请稍等...

XML重写攻击检测技术研究

参考文献14

二级参考文献12

相关作者

相关机构

相关主题

浏览历史