New Attacks on XML Signatures in WS-Attacker

Allgemein

Betreuer: Christian Mainka, Juraj Somorovsky

Beginn: sofort

Weitere Details: [Attacks] [WS-Attacker]

Beschreibung

In October 2013 James Forshaw published new attacks on XML Signatures. These attacks range from heap and stack overflows to different bypasses of XML Signatures using XSLT transformations or DTDs.

The goal of this thesis is to analyze these attacks and develop a WS-Attacker plugin, which allows for automatic evaluation of these attacks.

Voraussetzungen

Erfolgreiche Teilnahme an der Vorlesung XML- und Webservices-Sicherheit

Praktische Erfahrungen mit Java-Programmierung wünschenswert (aber nicht zwingend notwendig)