@inproceedings{HoellerKrumeichLoIacono2021,
  author    = {Paul H{\"o}ller and Alexander Krumeich and Luigi Lo Iacono},
  title     = {XML Signature Wrapping Still Considered Harmful: A Case Study on the Personal Health Record in Germany},
  series = {J{\o}sang, Futcher et al. (Eds.): ICT Systems Security and Privacy Protection. SEC 2021. IFIP Advances in Information and Communication Technology, Vol 625},
  publisher = {Springer},
  address   = {Cham},
  isbn      = {978-3-030-78119-4},
  doi       = {10.1007/978-3-030-78120-0\_1},
  url       = {https://nbn-resolving.org/urn:nbn:de:hbz:1044-opus-55487},
  pages     = {3 -- 18},
  year      = {2021},
  abstract  = {XML Signature Wrapping (XSW) has been a relevant threat to web services for 15 years until today. Using the Personal Health Record (PHR), which is currently under development in Germany, we investigate a current SOAP-based web services system as a case study. In doing so, we highlight several deficiencies in defending against XSW. Using this real-world contemporary example as motivation, we introduce a guideline for more secure XML signature processing that provides practitioners with easier access to the effective countermeasures identified in the current state of research.},
  language  = {en}
}