UNWRAP: An Approach on Wrapping-Attack Tolerant SOAP Messages

The group of security standards in WS-Security is used to secure exchanges of SOAP messages in Web Service environment. However, despite all of these security standards, SOAP messages can still be vulnerable to types of attacks based on the malicious interception, manipulation, and transmission of SOAP messages. We refer to these types of attacks as XML Signature Wrapping Attacks. In this paper, we propose an approach on wrapping-attack tolerant SOAP messages called UNWRAP. In our approach, we first build SOAP message elements structure using ontology and then attach it in SOAP message header. By validating the ontology in the receiving end, we will be able to detect attacks early in validating process. Also, in our approach, all modifications on SOAP messages are written to a log. So if security failures are occurred, we could check this log and recover from effect of successful execution. Experiments show that the proposed solution has better performance in securing the exchange of SOAP messages.