Abstract
This paper introduces a complementary extension to XML data binding enabling the (selective) protection of structured objects and members. By this contribution, an object can be transformed into a secured object which contains encrypted and/or signed parts according to an assigned security policy. The serialization of secured objects results in XML data which is protected by standard XML security means. Thus, this approach introduces a data-oriented security mechanism which seamlessly integrates into XML data binding and therefore enables cross-platform (de)serialization of secured objects without the need of programming against a specific XML security API. Distinct entities in a distributed processing environment then operate transparently either on plain or secured instances of a class.
Chapter PDF
Similar content being viewed by others
References
Bartel, M., Boyer, J., Fox, B., LaMacchia, B., Simon, E.: XML-Signature Syntax and Processing. W3C Recommendation (2002)
Box, D., Ehnebuske, D., Kakivaya, G., Layman, A., Mendelsohn, N., Nielsen, H.F., Thatte, S., Winer, D.: Simple Object Access Protocol (SOAP) 1.1. W3C Note (2000)
Bray, T., Paoli, J., Sperberg-McQueen, C.M., Male, E., Yergeau, F.: Extensible Markup Language (XML) 1.0. In: W3C Recommendation, 4th edn. (2006)
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.1. IETF request for comments, RFC 4346 (2006)
Erl, T.: Service-Oriented Architecture – Concepts, Technology, and Design. Prentice-Hall, Englewood Cliffs (2005)
Fielding, R.T.: Architectural Styles and the Design of Network-based Software Architectures. Dissertation. University of California, Irvine (2000)
Fielding, R.T., Gettys, J., Mogul, J.C., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T.: Hypertext Transfer Protocol – HTTP/1.1. IETF request for comments, RFC 2616 (1999)
Hors, A.L., Hégaret, P.L., Wood, L., Nicol, G., Robie, J., Champion, M., Byrne, S.: Document Object Model (DOM) Level 3 Core Specification. W3C Recommendation (2004)
Imamura, T., Dillaway, B., Simon, E.: XML Encryption Syntax and Processing. W3C Recommendation (2002)
Java Web Services Performance Team. Streaming APIs for XML Parsers. Technical report, Sun Microsystems (2005)
JBoss Community. JBoss Remoting, http://jboss.org/jbossremoting/
McIntosh, M., Austel, P.: XML signature element wrapping attacks and countermeasures. In: SWS ’05: Proceedings of the 2005 workshop on Secure web services, pp. 20–27. ACM Press, New York (2005)
McLaughlin, B.: Java and XML Data Binding. O’Reilly, Sebastopol (2002)
Nadalin, A., Kaler, C., Monzillo, R., Hallam-Baker, P.: Web Services Security: SOAP Message Security 1.1, WS-Security 2004 (2006)
Sundsted, T.: Signed and sealed objects deliver secure serialized content. JavaWorld (2000)
The SAX Project. Simple API for XML – SAX 2.0.1 (2002), http://www.saxproject.org/
van der Vlist, E.: XML Schema. O’Reilly, Sebastopol (2002)
Ward, A.: Encrypting the Java serialized object. Journal of Object Technologies (2006)
Zhang, J.: Simplify XML processing with VTD-XML. JavaWorld (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gruschka, N., Iacono, L.L. (2010). Security for XML Data Binding. In: De Decker, B., Schaumüller-Bichl, I. (eds) Communications and Multimedia Security. CMS 2010. Lecture Notes in Computer Science, vol 6109. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13241-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-13241-4_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13240-7
Online ISBN: 978-3-642-13241-4
eBook Packages: Computer ScienceComputer Science (R0)