Diploma Thesis - Mirko Richter - Documents - General

Maven | Professur Rechnernetze

General Documents

This document provides an overview over all articles resulting from my search that have no special topic in particular but are related to security.

Documents

WS	Title/Loc	Author	Date of Publication	Description	Vote	Bibitem
P	Die Sicherheit hinkt der Funktionalität hinterher online offline		11/2002		5(old)
P	Top 10 Security Tips for Web Service Developer online offline	Keith Brown	10/2004		4	Br04
P	XML / SOAP Web Services Security online offline	Dietmar Mühmert	WS 02/03	Gliederung: Begriffserläuterungen: Web Services, XML, SOAP, WSDL, UDDI Einsatzgebiete von Web Services Merkmale und Sicherheitsrisiken von XML Web Services Welche Probleme sind neu? XML Web Services bezüglich einzelner Schutzziele Welchen Attacken sind Web Services ausgesetzt? Fazit		Mü02
P	Sicherheit online offline	Prof. Dr. Claudia Eckert	11/2002	Gliederung: Einführung Schutzziele, Sicherheitsbedenken, Angreifertypen Problembereich Kommunikationswege Problembereich Endgeräte Problembereich Dienste-Anbieter XML und Sicherheit Zusammenfassung	2	Ec02
P	Security for Parlay-X - challenges and solutions online offline	Tim Eckardt	11/2003	Gliederung: Web Services: A Paradigm Change brief overview from a security perspective security risks and problems Web Services Security Standards emerging security standards for XML, SOAP, & Web services Available Security Solutions & Best Practices WS-security toolkits SOAP firewalls, application firewalls for XML/SOAP/Web services	3	Ec03
P	An Economic Damage Model for Large-Scale Internet Attacks online offline	Thomas Dübendorfer, Arno Wagner, Bernhard Plattner		Gliederung: Introduction System Model The Internet Threat Model and User Impact Methodology Damage vs. Time Types of damage Downtime Loss Disaster Recovery Liability Customer Loss Calculating Financial Loss Downtime Loss Disaster Recovery Liability Customer Loss Sample Scenarios Backbone and Internet Service Providers Corporate Customers Web Service Provider Insurance Companies Telcos TV Cable Companies Swiss National Scenarios Conclusions and Outlook	4
P	Web Service Security - Sample Chapter Chapter 3 - New Challenges and New Threats online offline	ONeill	2002	Introduction to WS-Security Introduction to the specifications for expressing security information (digital signatures, encryption, authentication, and authorization data) Gliederung: WEB SERVICES SECURITY CHALLENGES The Challenge of Security Based on the End User of a Web Service End-User Access to a Web Service: A Practical Example Simple "Add" and "Subtract" Web Services The Challenge of Maintaining Security While Routing Between Multiple Web Services The Challenge of Abstracting Security from the Underlying Network SSL: A Pragmatic Solution MEETING THE CHALLENGES: NEW TECHNOLOGIES FOR WEB SERVICES SECURITY Persistent Security Including XML-Formatted Security Data in SOAP Messages: Introducing WS-Security Confidentiality for Web Services: Introducing XML Encryption Integrity for Web Services: Introducing XML Signature Web Services Authentication and Authorization: Introducing SAML, XACML, Passport, and Liberty PKI for Web Services: Introducing XKMS WEB SERVICES SECURITY THREATS Web Application Security The Role of Firewalls for Web Services Packet-Filtering Firewalls Circuit-Level Firewalls Application-Level Gateways Stateful-Inspection Firewalls Application Layer Firewalls Content-Filtering Security at the Application Layer The Next Steps for Firewalls	1	On02
P	Sicherung von Web Services durch Firewalls online offline	Jeckle, Zengler	01/2003	Gliederung: Kommunikation im Internet Grundidee Technik Protokolle Web Services SOAP Beschreibungsmodell Implementierung und Ausführungsmodell Firewalls Grundidee Klassische Ansätze "SOAP-Firewalls"	2	JZ03
	Telematik 4 / IT-Sicherheit online offline	Prof. Dr. Günter Müller	WS 2004/2005	Gliederung: Einführung Drei Epochen der Netzwerksicherheit Mittelalter Internet Allgegenwärtig Grundlegende Definitionen Akteure, Kanäle und Sicherheit Schutzziele, Bedrohungen und Sicherheitsmechanismen Zukünftige Herausforderungen der Sicherheit		Mü04
P	Secure Web services online offline	Shin, Sang	03/2003	Gliederung: SSL limitations XML digital signature What is XML Encryption? XKMS XACML SAML SAML use-cases SAML assertions SAML request/response protocol WS-Security ebXML Message Service How the initiatives work together Why identity management architecture? Ensure secure transmissions	2	Sh03
	2004 E-Crime Watch Survey Shows Significant Increase in Electronic Crimes online offline		05/2004
	CERT/CC Statistics 1988-2004 online offline		2004
	Denial of Service Attacks - DDOS, SMURF, FRAGGLE, TRINOO online offline

IBM-Developerworks

WS	Title/Loc	Author	Date of Publication	Description	Vote	Bibitem
P	Secure, Reliable, Transacted Web Services online offline	Ferguson, Storey, Lovering +	10/2003	Gliederung: Introduction Composable Services An Example of Composition in Practice Web Services: A Service-Oriented Architecture Services are described by schema and contract not type Service compatibility is more than type compatibility Service-orientation assumes that bad things can and will happen Service-orientation enables flexible binding of services Web Service Specifications and Functions A Composable Approach to Web Services The Basics - Transports and Messaging Transports - HTTP, HTTP/S, SMTP Message Formats - XSD WS-Addressing Description WSDL WS-Policy Obtaining Descriptions WS-MetadataExchange UDDI Service Assurances Security WS-Security WS-Trust WS-SecureConversation WS-Federation Reliable Messaging WS-ReliableMessaging Transactions WS-Coordination WS-AtomicTransaction WS-BusinessActivity Service Composition BPEL4WS Web Services in Practice - An Example Part 1: The Customer Experience Part 2: The Supplier Experience Conclusions Acknowledgements	2	FS+03
P	XML security : Implement security layers, Part 1 - Basic plumbing technologies online offline	Manish Verma	10/2003	What does security mean? What is XML canonicalization? PKI basics Algorithm type Symmetric algorithms Asymmetric algorithms Message Digests Key size Quality of algorithm How is the asymmetric algorithm type used in PKI? Generating a public-private key pair Step 1. Basic setup (JCE) Step 2. Key pair generation Generating a shared secret Conclusion	3	Ve03a
P	XML Security: Implement security layers, Part 2 - Core technologies -- XML encryption and XML signature online offline	Manish Verma	10/2003	XML encryption XML encryption overview The XML encryption process XML signatures XML signature overview Enveloping signature Enveloped signature Detached signature The XML signature process Conclusion	3	Ve03b
P	Enabling XML security - An introduction to XML encryption and XML signature online offline	Murdoch Mactaggart	09/2001	Introduction XML encryption and XML signature XML encryption examples Canonical XML XML signature examples Transforms Other relevant languages and specifications	3	Ma01
P	Exploring XML Encryption, Part 1 - Demonstrating the secure exchange of structured data online offline	Bilal Siddiqui	03/2002	A simple example of secure exchange of XML data Encrypting complete documents with XML Encryption Encrypting a single element with XML Encryption Encrypting the content of an element Encrypting non-XML data Asymmetric keys for exchange of secret keys Using keys we have already exchanged in the past Referring external encrypted data from our XML Encryption file Referencing a particular element of an external XML file The DOM structure of our API The Java Cryptographic Architecture (JCA) JCA Engine classes Java Cryptographic Extension (JCE)	4	Si02a
P	Exploring XML Encryption, Part 2 - Implement an XML Encryption engine online offline	Bilal Siddiqui	08/2002	Information exchange scenario Document-based security The demo application What the demo application does XML Encryption implementation details Encrypt a complete XML file with XML Encryption Encrypt an element in an XML file with XML Encryption Encrypt an element's content in an XML file with XML Encryption Using XML Encryption to decrypt an XML-encrypted file Super encryption Cryptography XML Encryption and SOAP Summary	4	Si02b
P	Donald Eastlake on XML digital signatures - An interview with one of the specification's pioneers online offline	Larry Loeb	03/2002	very common discussion	4	Lo02
P	XML signatures: Behind the curtain - Who can be trusted with authentication? online offline	Larry Loeb	12/2001	Good description of the structure of an XML-DigitalSignature! Introduction The overview What they don't tell you in the specification The geek part Signature elements An example to mull over A pithy summary	3	Lo01
P	The XML Security Suite: Increasing the security of e-business online offline	Doug Tidwell	05/2000	Too old! A brief overview of Web security Creating a secure session The XML Security Suite XML Signatures About the sample programs Creating a certificate (using Java 2 keytool command) Signing an internal XML resource Signing an external XML resource Signing a non-XML resource Verifying a digital signature The joys of nonrepudiability Canonical XML Element-level encryption Other utilities Summary	5	Ti00
	Digital signatures for SOAP messages online offline	Jayanthi Suryanarayana		Provides infos to a solution for incorporating digital signatures in a SOAP RPC call Old document but maybe the workflow is usefull for some future work of mine :) Introduction Purpose Prerequisites About the author Concepts Security for message transmission Confidentiality Authorization Message integrity Message origin authentication Non-repudiation Digital signatures SOAP and digital signatures Design approach Overview Technologies An example Implementation Utility functions Server side Client side Environment setup Tools setup Setting up CLASSPATH Setting up Tomcat and SOAP Deploying SOAP services Initial parameters and properties Getting the key Running the demo Conclusion Summary Resources		Su?