{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,4,1]],"date-time":"2022-04-01T00:18:55Z","timestamp":1648772335564},"reference-count":33,"publisher":"Springer Science and Business Media LLC","issue":"9","license":[{"start":{"date-parts":[[2009,9,1]],"date-time":"2009-09-01T00:00:00Z","timestamp":1251763200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["DuD"],"published-print":{"date-parts":[[2009,9]]},"DOI":"10.1007\/s11623-009-0142-z","type":"journal-article","created":{"date-parts":[[2009,10,1]],"date-time":"2009-10-01T07:09:12Z","timestamp":1254380952000},"page":"553-560","source":"Crossref","is-referenced-by-count":1,"title":["XML Signature Wrapping Angriffe"],"prefix":"10.1007","volume":"33","author":[{"given":"Nils","family":"Gruschka","sequence":"first","affiliation":[]},{"given":"Meiko","family":"Jensen","sequence":"additional","affiliation":[]},{"given":"Luigi Lo","family":"Iacono","sequence":"additional","affiliation":[]},{"given":"J\u00f6rg","family":"Schwenk","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2009,10,2]]},"reference":[{"key":"142_CR1","unstructured":"Gesetz \u00fcber Rahmenbedingungen f\u00fcr elektronische Signaturen (Signaturgesetz \u2014 SigG), BGBl. I S. 876, 16. Mai 2001. http:\/\/bundesrecht.juris.de\/sigg_2001\/index.html"},{"key":"142_CR2","unstructured":"Richtlinie 1999\/93\/EG des Europ\u00e4ischen Parlaments und des Rates vom 13. Dezember 1999 \u00fcber gemeinschaftliche Rahmenbedingungen f\u00fcr elektronische Signaturen, 19. Januar 2000. http:\/\/eur-lex.europa.eu\/smartapi\/cgi\/sga_doc?smartapi!celexapi!prod!CELEXnumdoc&numdoc=31999 L0093&model=guichett&lg=de"},{"key":"142_CR3","unstructured":"A. J\u00f8sang, D. Povey, A. Ho, What You See Is Not Always What You Sign, Australian UNIX User Group, 2002"},{"key":"142_CR4","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1145\/1103022.1103026","volume-title":"Workshop on Secure Web Services (SWS 2005)","author":"M. McIntosh","year":"2005","unstructured":"M. McIntosh, P. Austel, XML signature element wrapping attacks and countermeasures. Workshop on Secure Web Services (SWS 2005), pp. 20\u201327. ACM Press, New York, NY, USA (2005)"},{"key":"142_CR5","unstructured":"M. Bartel, J. Boyer, B. Fox, B. LaMacchia, E. Simon, XML-Signature Syntax and Processing (Second Edition), W3C Recommendation, Juni 2008. http:\/\/www.w3.org\/TR\/xmldsig-core\/"},{"key":"142_CR6","doi-asserted-by":"crossref","unstructured":"B. Kaliski, PKCS #7: Cryptographic Message Syntax Version 1.5, IETF RFC 2315, M\u00e4rz 1998. http:\/\/tools.ietf.org\/html\/rfc2315","DOI":"10.17487\/rfc2315"},{"key":"142_CR7","doi-asserted-by":"crossref","unstructured":"T. Berners-Lee, R. Fielding, L. Masinter, Uniform Resource Identifier (URI): Generic Syntax, IETF RFC 3986, Januar 2005. http:\/\/tools.ietf.org\/html\/rfc3986","DOI":"10.17487\/rfc3986"},{"key":"142_CR8","unstructured":"A. J. Menezes, P. C. van Oorschot, S. A. Vanstone, Handbook of applied cryptography, CRC Press, August 2001. http:\/\/www.cacr.math.uwaterloo.ca\/hac\/"},{"key":"142_CR9","unstructured":"B. Hill, A Taxonomy of Attacks against XML Digital Signatures & Encryption, 2007. http:\/\/www.isecpartners.com\/files\/iSEC_HILL_AttackingXMLSecurity_Handout.pdf"},{"key":"142_CR10","unstructured":"OSCI Leistelle, OCSI-Transport 1.2, 6. Juni 2002. http:\/\/www.ocsi.de\/"},{"key":"142_CR11","unstructured":"W3C, XML Advanced Electronic Signatures (XAdES), W3C Note, 20. Februar 2003. http:\/\/www.w3.org\/TR\/XAdES\/"},{"key":"142_CR12","unstructured":"D. Box, D. Ehnebuske, G. Kakivaya, A. Layman, N. Mendelsohn, H. F. Nielsen, S. Thatte, D. Winer, Simple Object Access Protocol (SOAP) 1.1, W3C Note, 2000"},{"key":"142_CR13","unstructured":"A. Nadalin, C. Kaler, R. Monzillo, P. Hallam-Baker, Web Services Security: SOAP Message Security 1.1 (WS-Security 2004), 2006"},{"key":"142_CR14","unstructured":"T. Imamura, B. Dillaway, E. Simon, XML Encryption Syntax and Processing, W3C Recommendation, Dezember 2002. http:\/\/www.w3.org\/TR\/xmlenc-core\/"},{"key":"142_CR15","unstructured":"M. McIntosh, M. Gudgin, K. S. Morrison, A. Barbir, Basic security profile version 1.0, WS-I Organisation, 2007"},{"key":"142_CR16","unstructured":"D. Box, F. Curbera (Editoren), Web Services Addressing (WS-Addressing), W3C Member Submission, August 2004. http:\/\/www.w3.org\/Submission\/ws-addressing\/"},{"key":"142_CR17","unstructured":"K. Iwasa, J. Durand, T. Rutt, M. Peel, S. Kunisetty, D. Bunting, WS-Reliability 1.1, OASIS Standard, November 2004. http:\/\/www.oasis-open.org\/commit tees\/tc_home.php? wg_abbrev=wsrm"},{"key":"142_CR18","doi-asserted-by":"crossref","unstructured":"N. Gruschka, L. Lo Iacono, Vulnerable Cloud: SOAP Message Security Validation Revisited, IEEE ICWS 2009","DOI":"10.1109\/ICWS.2009.70"},{"key":"142_CR19","unstructured":"Amazon Elastic Compute Cloud (EC2), http:\/\/aws.amazon.com\/ec2"},{"key":"142_CR20","unstructured":"Amazon Elastic Compute Cloud Developer Guide, Using the APIs, Using the SOAP API, http:\/\/docs.amazonwebservices.com\/AWSEC2\/latest\/DeveloperGuide\/"},{"key":"142_CR21","unstructured":"A. Sotirov, M. Stevens, J. Appelbaum, A. Lenstra, D. Molnar, D. A. Osvik, B. de Weger, MD5 considered harmful today, Dezember 2008. http:\/\/www.win.tue.nl\/hashclash\/rogue-ca\/"},{"key":"142_CR22","unstructured":"N. Gruschka, N. Luttenberger, R. Herkenh\u00f6ner, Event-based SOAP message validation for WS-SecurityPolicy-enriched Web Services, International Conference on Semantic Web & Web Services, 2006"},{"key":"142_CR23","doi-asserted-by":"crossref","unstructured":"K. Bhargavan, C. Fournet, A. D. Gordon, A semantics forWeb Services authentication. Theoretical Computer Science 340(1), 2005","DOI":"10.1016\/j.tcs.2005.03.005"},{"key":"142_CR24","volume-title":"An advisor for Web Services Security policies. Workshop on Secure Web Services","author":"K. Bhargavan","year":"2005","unstructured":"K. Bhargavan, C. Fournet, A. D. Gordon, G. O\u2019shea, An advisor for Web Services Security policies. Workshop on Secure Web Services (SWS 2005). ACM Press, New York, NY, USA, 2005"},{"key":"142_CR25","unstructured":"A. Nadalin, M. Goodner, M. Gudgin, A. Barbir, H. Granqvist (Editoren), WS-Security Policy 1.2, OASIS Standard, Juli 2007. http:\/\/docs.oasis-open.org\/ws-sx\/ws-securitypolicy\/v1.2\/ws-securitypolicy.html"},{"key":"142_CR26","volume-title":"Workshop on Secure Web Services (SWS 2006)","author":"M. A. Rahaman","year":"2006","unstructured":"M. A. Rahaman, A. Schaad, M. Rits, Towards secure SOAP message exchange in a SOA. Workshop on Secure Web Services (SWS 2006), ACM Press, New York, NY, USA, 2006"},{"key":"142_CR27","volume-title":"Workshop on Secure Web Services (SWS 2007)","author":"S. Gajek","year":"2007","unstructured":"S. Gajek, L. Liao, J. Schwenk, Breaking and fixing the inline approach. Workshop on Secure Web Services (SWS 2007), ACM Press, Fairfax, Virginia, USA, 2007"},{"key":"142_CR28","unstructured":"H. S. Thompson, D. Beech, M. Maloney, N. Mendelsohn (Editoren), XML Schema Part 1: Structures Second Edition, W3C Recommendation, Oktober 2004. http:\/\/www.w3.org\/TR\/xmlschema-1\/"},{"key":"142_CR29","unstructured":"E. Christensen, F. Curbera, G. Meredith, S. Weerawarana, Web Services Description Language (WSDL) 1.1, W3C Note, M\u00e4rz 2001. http:\/\/www.w3.org\/TR\/wsdl"},{"key":"142_CR30","doi-asserted-by":"crossref","unstructured":"N. Gruschka, N. Luttenberger, Protecting Web Services from DoS Attacks by SOAP Message Validation, International Information Security Conference (SEC 2006), 2006","DOI":"10.1007\/0-387-33406-8_15"},{"key":"142_CR31","doi-asserted-by":"crossref","unstructured":"S. Gajek, M. Jensen, L. Liao, J. Schwenk, Analysis of Signature Wrapping Attacks and Countermeasures. IEEE ICWS 2009, Los Angeles, CA, USA","DOI":"10.1109\/ICWS.2009.12"},{"key":"142_CR32","unstructured":"Thomas Kunz, Ulrich Pordesch, Andreas U. Schmidt: Das Pr\u00e4senta tionsproblem der XML-Signatur und seine L\u00f6sung durch Profiles, DuD 12\/2001, S. 740\u2013745."},{"key":"142_CR33","unstructured":"D. Fox: Zu einem prinzipiellen Pro blem digitaler Signaturen, DuD 7\/1998, S. 386\u2013389."}],"container-title":["Datenschutz und Datensicherheit - DuD"],"original-title":[],"language":"de","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11623-009-0142-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11623-009-0142-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11623-009-0142-z","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T18:20:55Z","timestamp":1559413255000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11623-009-0142-z"}},"subtitle":["What you process is not always what you verify"],"short-title":[],"issued":{"date-parts":[[2009,9]]},"references-count":33,"journal-issue":{"issue":"9","published-print":{"date-parts":[[2009,9]]}},"alternative-id":["142"],"URL":"https:\/\/doi.org\/10.1007\/s11623-009-0142-z","relation":{},"ISSN":["1614-0702","1862-2607"],"issn-type":[{"value":"1614-0702","type":"print"},{"value":"1862-2607","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009,9]]}}}