Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Service Security: A Formal Solution to XML Rewriting Attack

Published byDomenic Turner Modified over 5 years ago

Similar presentations

Presentation on theme: "Web Service Security: A Formal Solution to XML Rewriting Attack"— Presentation transcript:

1 Web Service Security: A Formal Solution to XML Rewriting Attack
Smriti Kumar Sinha, Azzedine Benameur Research Associate SAP Research- Security & Trust

2 Agenda Web Services XML Rewriting Attacks Scenarios State of the art
Proposed Approach Conclusion and Remarks

3 Web Services Web Services publish find bind UDDI WS-Provider
WS-Requestor WS-Provider bind SOAP

4 Web Services Soap message Envelope Body Header alertcontrol Alert
priority expires

5 Agenda Web Services XML Rewriting Attacks Scenarios State of the art
Proposed Approach Conclusion and Remarks

6 XML Rewriting Attacks Scenarios
SOAP Request

7 XML Rewriting Attacks Scenarios
SOAP Request Replay Attack

8 XML Rewriting Attacks Scenarios
Redirection Attack SOAP Request

9 XML Rewriting Attacks Scenarios
Multiple Security Header Exploitation

10 Agenda Web Services XML Rewriting Attacks Scenarios State of the art
Proposed Approach Conclusion and Remarks

11 State of the art solution: WSE Policy Advisor
rule-based tool for detecting typical errors in Web Service Enhancements configuration and policy WSE 2.0 SP2 out of the box WSE Policy Advisor code C#/VB policy config static queries WSE 2.0 security report CLR (IL) SOAP processing © SAP 2007 / Page 11

12 State of the art solution: TulaFale
TulaFale = pi + XML + predicates + assertions What TulaFale does TulaFale script predicate library WSE 1.0 out of the box TulaFale C# code intermediate pi-calculus WSE 1.0 CLR (IL) ProVerif analyzer OK, or No because… SOAP processing © SAP 2007 / Page12

13 State of the art solution: SOAP Account
Each successive SOAP node must sign its own SOAP account concatenated with the signature of the previous node © SAP 2007 / Page 13

14 Limitations1,2 1. S. Gajek, L. Liao, and J. Schwenk. Breaking and fixing the inline approach. In In SWS ’07: Proceedings of the 2007 ACM workshop on Secure web services 2. XML Rewriting Attacks: Existing Solutions and their Limitations.   A. Benameur, F. Abdul Kadir, S. Fenet.   In IADIS Applied Computing 2008, Algarve, Portugal

15 SOAP Account It does not include any mechanism to detect the replay attack The approach does not include any mechanism that can uniquely identify the parent of the Signed element The SOAP account itself is prone to XML Rewriting attack, impossible to guess the number of SOAP account present in a message Relocation of SOAP account element possible Keep track of the siblings of the Signed element, However, according to SOAP specification, an intermediary can append its own element in any place of a SOAP message. Therefore this sibling information might change from node to node. © SAP 2007 / Page 15

16 Agenda Web Services XML Rewriting Attacks Scenarios State of the art
Proposed Approach Conclusion and Remarks

17 Proposed Approach: Formalism introduction
Regular Tree Grammar: Regular Tree Grammar(RTG) is a 4-tuple G = (N, T, S, P) where: N is a finite set of nonterminals T is a finite set of terminals S is the start symbol S ∈ N, P is the set of production rules of the form X←aR where X ∈ N, a ∈ T, and R is a regular expression over N ∪ T X is the left-hand side, aR is the right-hand side, and R is called the content model of this production rule and it is a Regular Expression , where R[n] defines that R must occur exactly n times N set of variable/non terminal, S belongs non terminal/veriable X←aR which as a left side with only one variable

18 Proposed Approach: Foundation of XML
Formal basis of the XML schema languages is the Regular Tree grammar. All the Xchema etc…. Used RTG and the paper is the following. Murata M, Lee D., Mani, M.: Taxonomy of XML Schema Languages Using Formal Language Theory, ACM Transactions on Internet Technology, Vol. 5, No. 4, November 2005, Pages 660–704.

19 Context-Free Signature
Definition: A Context-Free Signature(CFS) is a digital signature defined as a 2-tuple < S,M > where : S ={δM}sA, δM = h(M) be the digest of message M h() is a one-way hash function, {δM}sA means M is encrypted with the secret key sA of a user A, which can only be decrypted with its conjugate public key pA. © SAP 2007 / Page 19

20 Context-Sensitive Signature
Definition: A Context-Sensitive Signature(CSS) is a digital signature defined as a 3-tuple < S,M, CtM > where : S ={δM}sA, δM = h(M) be the digest of message M M is a message CtM is the context in which the message has been signed at a time t

21 Capture the context in which the message has been signed
Context of a message: A formal context is a 2-tuple < SCtM, CtM > of a tree at time t, where : CtM is the message context: state of surrounding of M. Mapping of M to CtM 1:1 onto. A message context CtM of a marked node [M] ∈ N of a tree at a particular time is defined by a set of well-formed productions of the RTG which are required during derivation of the node. SCtM is the corresponding security context For each marked node [M] ∈ N of a tree ∃ a corresponding marked node [B] ∈ N. The security context SCtM at a time t is defined by a set of well formed productions of the RTG which are required during the derivation of the marked node [B]. © SAP 2007 / Page 21

22 Context-Sensitive Signature: Example
© SAP 2007 / Page 22

23 Context-Sensitive Signature: Example
Message Context CtM © SAP 2007 / Page 23

24 Context-Sensitive Signature: Example
Message Context CtM Message Security Context SCtM © SAP 2007 / Page 24

25 Context-Sensitive Signature: Example
© SAP 2007 / Page 25

26 Context-Sensitive Signature: Example
Header(Security, ReplyTo) © SAP 2007 / Page 26

27 Context-Sensitive Signature: Example
Header(Security) © SAP 2007 / Page 27

28 Agenda Web Services XML Rewriting Attacks Scenarios State of the art
Proposed Approach Conclusion and Remarks

29 Conclusion & Remarks Provided a formal solution called CSS
Could be used in formal verification tools as formalism for the message layer. Possible extension of Dolev-Yao Trade off: Context generation and storage

30 Technologies For the implementation of our prototype we used the following technologies: Apache Tomcat Servlet container Axis2 Web Services, SOAP Engine WSS4J WS-Security (XML Encryption, XML Signature, Security Tokens) Rampart Axis2 module which provides WS-Security, WS-Trust (STS, Token issuance) and WS-SecurityPolicy implementations

Download ppt "Web Service Security: A Formal Solution to XML Rewriting Attack"

Similar presentations

1 Formal Modeling & Verification of Messaging Framework of Simple Object Access Protocol (SOAP) Manzur Ashraf Faculty,BRAC University.

1 Formal Modeling & Verification of Messaging Framework of Simple Object Access Protocol (SOAP) Manzur Ashraf Faculty,BRAC University.
General introduction to Web services and an implementation example

General introduction to Web services and an implementation example
Web Service Security CS409 Application Services Even Semester 2007.

Web Service Security CS409 Application Services Even Semester 2007.
XML Rewrite Attacks in The Context of SOAP Messages, Evaluating The Current Solutions AHMED ALGHAMDI CSCE 813.

XML Rewrite Attacks in The Context of SOAP Messages, Evaluating The Current Solutions AHMED ALGHAMDI CSCE 813.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Presentation 7 part 2: SOAP & WSDL. Ingeniørhøjskolen i Århus Slide 2 Outline Building blocks in Web Services SOA SOAP WSDL (UDDI)

Presentation 7 part 2: SOAP & WSDL. Ingeniørhøjskolen i Århus Slide 2 Outline Building blocks in Web Services SOA SOAP WSDL (UDDI)
Grid Computing, B. Wilkinson, 20043a.1 WEB SERVICES Introduction.

Grid Computing, B. Wilkinson, 20043a.1 WEB SERVICES Introduction.
Web services security I

Web services security I
Prashanth Kumar Muthoju

Prashanth Kumar Muthoju
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
X.509 Certificate management in.Net By, Vishnu Kamisetty

X.509 Certificate management in.Net By, Vishnu Kamisetty
Selective and Authentic Third-Party distribution of XML Documents - Yashaswini Harsha Kumar - Netaji Mandava (Oct 16 th 2006)

Selective and Authentic Third-Party distribution of XML Documents - Yashaswini Harsha Kumar - Netaji Mandava (Oct 16 th 2006)
Module 14: WCF Send Adapters. Overview Lesson 1: Introduction to WCF Send Adapters Lesson 2: Consuming a Web Service Lesson 3: Consuming Services from.

Module 14: WCF Send Adapters. Overview Lesson 1: Introduction to WCF Send Adapters Lesson 2: Consuming a Web Service Lesson 3: Consuming Services from.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
Links and Security Andy Gordon (TulaFale is joint work with Karthik Bhargavan, Cédric Fournet, and Riccardo Pucella) Microsoft Research Links Meeting,

Links and Security Andy Gordon (TulaFale is joint work with Karthik Bhargavan, Cédric Fournet, and Riccardo Pucella) Microsoft Research Links Meeting,
Architecting Web Services Unit – II – PART - III.

Architecting Web Services Unit – II – PART - III.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
CSC-682 Cryptography & Computer Security Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Pompi Rotaru Based on an article.

CSC-682 Cryptography & Computer Security Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Pompi Rotaru Based on an article.
RELATIONAL FAULT TOLERANT INTERFACE TO HETEROGENEOUS DISTRIBUTED DATABASES Prof. Osama Abulnaja Afraa Khalifah 1103999.

RELATIONAL FAULT TOLERANT INTERFACE TO HETEROGENEOUS DISTRIBUTED DATABASES Prof. Osama Abulnaja Afraa Khalifah

Similar presentations

Ads by Google