Analysis on Countering XML-Based Attacks in Web Services

(*) Corresponding author

Authors' affiliations

DOI's assignment:
the author of the article can submit here a request for assignment of a DOI number to this resource!
Cost of the service: euros 10,00 (for a DOI)


Cloud Computing is found to be today’s most commonly used Service Oriented Architecture (SOA) implementation. Cloud utilizes XML-based technologies like Web Services for accessing and controlling the cloud, these are of particular importance for the security assessment of cloud systems. XML usage in Web Service introduces various vulnerabilities which affects basic security factors such as Confidentiality, Integrity and Availability. Various frameworks aiming at countering the XML based attacks were designed and developed.The Analysis of the frameworks available for countering the XML-based attacks simulated in the SOAP messages is presented benefiting the future researchers and also provides insight of various attack simulations and the countermeasures respectively. The parameters responsible for evaluating the strength of the frameworks were also specified and discussed as part of this work.
Copyright © Praise Worthy Prize - All rights reserved.


Web Services Security; XML Security; SOAP; Cloud Computing; Service Oriented Architecture

Full Text:



Gajek, S., M. Jensen, L. Liao, and J. Schwenk, Analysis of Signature Wrapping Attacks and Countermeasures. Proceedings of 2009 IEEE International Conference on Web Services. Washington, DC, USA: IEEE Computer Society,(Page No.575-582 Year of Publication 2009).

Gruschka ,N. and N. Luttenberger, Protecting Web Services from DoS Attacks by SOAP Message Validation. Proceedings of IFIP International Federation of Information Processing,(Page No.171-182 Year of Publication 2006).

Gruschka, N., N. Luttenberger, and R. Herkenh¨oner, Event-based SOAP Message Validation for WS-SecurityPolicy-enriched Web Services. Proceedings of 2006 International Conference on Semantic Web & Web Services, (PageNo.80-86 Year of Publication: 2006).

Gruschka, N., M. Jensen, and T. Dziuk, Event-based Application of WS-Security Policy on SOAP Messages. Proceedings of SWS, , (PageNo.1-8 Year of Publication: 2007).

Gruschka.N., and L .Lo Iacono, Vulnerable Cloud: SOAP Message Security Validation Revisited, Proceedings of IEEE International Conference on Web Services, (PageNo.625-631 Year of Publication: 2009).

Gruschka ,N., M. Jensen, and L Iacono, .A Design Pattern for Event-Based Processing of Security-Enriched SOAP Messages. Proceedings of Second International Workshop on Security Aspects in Grid and Cloud Computing (SAGC ’10), (PageNo.410-415 Year of Publication: 2010).

Imamura .T, A. Clark, and H Maruyama, 2002. A Stream-Based Implementation of XML Encryption. Proceedings of ACM Workshop XML Security (XMLSEC ’02), (PageNo.11-17 Year of Publication: 2002).

Jensen, M., N. Gruschka, and R. Herkenh¨oner, A survey of attacks on web services. Computer Science - Research and Development (CSRD) (PageNo.185-197 Year of Publication: 2009).

Lu, W., K. Chiu, A, Slominski, and D Gannon, 2005.A Streaming Validation Model for SOAP Digital Signature. Proceedings of the 14th IEEE International Symposium High Performance Distributed Computing (HPDC’05) (PageNo.243-252 Year of Publication: 2005).

McIntosh ,M. and P. Austel, 2005. XML signature element wrapping attacks and countermeasures. Proceedings of 2005 workshop on Secure web services. New York, NY, USA: ACM Press ( Page No.20-27 Year of Publication:2005).

Meiko Jensen, Christopher Meyer, Juraj Somorovsky, and J¨org Schwenk. On the Effectiveness of XML Schema Validation for Countering XML Signature Wrapping Attacks. Proceedings of International Workshop on Secured Services in the Cloud, IWSSC (Page: 7-13 Year of Publication: 2011).

Nils Gruschka, Meiko Jensen, Luigi Lo Iacono, and Norbert Luttenberger, Server-Side Streaming Processing of WS-Security. IEEE Transactions On Services Computing, Vol. 4, n. 4, 2011.

Somorovsky,J., M. Jensen, and J.Schwenk 2010. Streaming-Based Verification of XML Signatures in SOAP Messages. Proceedings of the 2010 6th World Congress on Services (SERVICES ’10) (Page: 637-644 Year of Publication: 2010).

Tiwari,S. and P. Singh, 2011. Survey of potential attacks on web services and web service compositions. Proceedings of 3rd International conference on Electronics Computer Technology (ICECT) (Page: 47-51 Year of Publication: 2011).

Vipul patel, Radhesh Mohandas and Alwyn R. Pais 2010. Attacks on web services and mitigation schemes. Proceeding of the 2010 Intenational conference on security and cryptography (SECRYPT) (Page: 1-6 Year of Publication: 2010).

N. Kakanakov, M. Shopov, I. Stankov, G. Spasov Web Service and Data Integration in Distributed Automation and Information Systems in Internet Environment, International Review on Computers and Software, Vol. 1, n. 3, pp. 194-201, 2006.

Igni Sabasti Prabu, S., Jawahar Senthil Kumar, V., Entropy based approach to prevent the DDoS attacks for secured web services, (2013) International Review on Computers and Software (IRECOS), 8 (4), pp. 888-891.


  • There are currently no refbacks.

Please send any question about this web site to
Copyright © 2005-2024 Praise Worthy Prize