{"id":"https://openalex.org/W2013578787","doi":"https://doi.org/10.1145/1103022.1103026","title":"XML signature element wrapping attacks and countermeasures","display_name":"XML signature element wrapping attacks and countermeasures","publication_year":2005,"publication_date":"2005-11-11","ids":{"openalex":"https://openalex.org/W2013578787","doi":"https://doi.org/10.1145/1103022.1103026","mag":"2013578787"},"language":"en","primary_location":{"id":"doi:10.1145/1103022.1103026","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1103022.1103026","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2005 workshop on Secure web services","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5056495392","display_name":"Michael McIntosh","orcid":null},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Michael McIntosh","raw_affiliation_strings":["IBM Research, Hawthorne, NY","[IBM Research, Hawthorne, NY]"],"affiliations":[{"raw_affiliation_string":"IBM Research, Hawthorne, NY","institution_ids":["https://openalex.org/I1341412227"]},{"raw_affiliation_string":"[IBM Research, Hawthorne, NY]","institution_ids":["https://openalex.org/I1341412227"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5090094255","display_name":"Paula Austel","orcid":null},"institutions":[{"id":"https://openalex.org/I1341412227","display_name":"IBM (United States)","ror":"https://ror.org/05hh8d621","country_code":"US","type":"company","lineage":["https://openalex.org/I1341412227"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Paula Austel","raw_affiliation_strings":["IBM Research, Hawthorne, NY","[IBM Research, Hawthorne, NY]"],"affiliations":[{"raw_affiliation_string":"IBM Research, Hawthorne, NY","institution_ids":["https://openalex.org/I1341412227"]},{"raw_affiliation_string":"[IBM Research, Hawthorne, NY]","institution_ids":["https://openalex.org/I1341412227"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5056495392"],"corresponding_institution_ids":["https://openalex.org/I1341412227"],"apc_list":null,"apc_paid":null,"fwci":16.1129,"has_fulltext":false,"cited_by_count":169,"citation_normalized_percentile":{"value":0.98692395,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"20","last_page":"27"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10679","display_name":"Service-Oriented Architecture and Web Services","score":0.9945999979972839,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10679","display_name":"Service-Oriented Architecture and Web Services","score":0.9945999979972839,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9836999773979187,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.9832000136375427,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7912692427635193},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7891111969947815},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.7692922353744507},{"id":"https://openalex.org/keywords/xml-signature","display_name":"XML Signature","score":0.6954636573791504},{"id":"https://openalex.org/keywords/xml","display_name":"XML","score":0.6778887510299683},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6130874752998352},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6128573417663574},{"id":"https://openalex.org/keywords/soap","display_name":"SOAP","score":0.5637190341949463},{"id":"https://openalex.org/keywords/xml-encryption","display_name":"XML Encryption","score":0.5046685934066772},{"id":"https://openalex.org/keywords/signature","display_name":"Signature (topology)","score":0.4911060333251953},{"id":"https://openalex.org/keywords/digital-signature","display_name":"Digital signature","score":0.4298960566520691},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.23105290532112122},{"id":"https://openalex.org/keywords/xml-framework","display_name":"XML framework","score":0.21896150708198547},{"id":"https://openalex.org/keywords/efficient-xml-interchange","display_name":"Efficient XML Interchange","score":0.1846843659877777}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7912692427635193},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7891111969947815},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.7692922353744507},{"id":"https://openalex.org/C34330436","wikidata":"https://www.wikidata.org/wiki/Q979532","display_name":"XML Signature","level":4,"score":0.6954636573791504},{"id":"https://openalex.org/C8797682","wikidata":"https://www.wikidata.org/wiki/Q2115","display_name":"XML","level":2,"score":0.6778887510299683},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6130874752998352},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6128573417663574},{"id":"https://openalex.org/C17881449","wikidata":"https://www.wikidata.org/wiki/Q189620","display_name":"SOAP","level":2,"score":0.5637190341949463},{"id":"https://openalex.org/C173242113","wikidata":"https://www.wikidata.org/wiki/Q607488","display_name":"XML Encryption","level":4,"score":0.5046685934066772},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.4911060333251953},{"id":"https://openalex.org/C118463975","wikidata":"https://www.wikidata.org/wiki/Q220849","display_name":"Digital signature","level":3,"score":0.4298960566520691},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.23105290532112122},{"id":"https://openalex.org/C21761406","wikidata":"https://www.wikidata.org/wiki/Q8042330","display_name":"XML framework","level":3,"score":0.21896150708198547},{"id":"https://openalex.org/C11508877","wikidata":"https://www.wikidata.org/wiki/Q1124477","display_name":"Efficient XML Interchange","level":3,"score":0.1846843659877777},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C99138194","wikidata":"https://www.wikidata.org/wiki/Q183427","display_name":"Hash function","level":2,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/1103022.1103026","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1103022.1103026","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2005 workshop on Secure web services","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.126.6026","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.126.6026","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://domino.research.ibm.com/library/cyberdig.nsf/papers/73053f26bfe5d1d385257067004cfd80/$file/rc23691.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":1,"referenced_works":["https://openalex.org/W2156877380"],"related_works":["https://openalex.org/W2149234266","https://openalex.org/W2390942931","https://openalex.org/W2377054769","https://openalex.org/W4244266090","https://openalex.org/W2383119387","https://openalex.org/W2379396088","https://openalex.org/W2182298176","https://openalex.org/W1490314555","https://openalex.org/W1720562168","https://openalex.org/W2114959466"],"abstract_inverted_index":{"Naive":[0],"use":[1],"of":[2,22,34],"XML":[3,23],"Signature":[4,24],"may":[5,31,65],"result":[6],"in":[7,38],"signed":[8,86],"documents":[9],"remaining":[10],"vulnerable":[11],"to":[12,25,40,44,68,105],"undetected":[13],"modification":[14],"by":[15,85],"an":[16,29],"adversary.":[17],"In":[18],"the":[19,49,61,102],"typical":[20],"usage":[21],"protect":[26],"SOAP":[27],"messages,":[28],"adversary":[30],"be":[32],"capable":[33],"modifying":[35],"valid":[36],"messages":[37],"order":[39],"gain":[41],"unauthorized":[42],"access":[43],"protected":[45],"resources.This":[46],"paper":[47,100],"describes":[48],"general":[50],"vulnerability":[51],"and":[52,56,82,89],"several":[53],"related":[54],"exploits,":[55],"proposes":[57],"appropriate":[58],"countermeasures.":[59],"While":[60],"attacks":[62],"described":[63],"herein":[64],"se":[66],"obvious":[67],"security":[69,79,97],"experts":[70],"once":[71],"they":[72],"are":[73,94],"explained,":[74],"effective":[75],"countermeasures":[76],"require":[77],"careful":[78],"policy":[80],"specification":[81],"correct":[83],"implentation":[84],"message":[87],"providers":[88],"consumers.":[90],"Since":[91],"these":[92,107],"implenters":[93],"not":[95],"always":[96],"experts,":[98],"this":[99],"provides":[101],"guidance":[103],"necessary":[104],"prevent":[106],"attacks.":[108]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":9},{"year":2019,"cited_by_count":10},{"year":2018,"cited_by_count":8},{"year":2017,"cited_by_count":8},{"year":2016,"cited_by_count":6},{"year":2015,"cited_by_count":10},{"year":2014,"cited_by_count":15},{"year":2013,"cited_by_count":19},{"year":2012,"cited_by_count":16}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}