@inproceedings{H{\"o}llerKrumeichLo Iacono2021, author = {H{\"o}ller, Paul and Krumeich, Alexander and Lo Iacono, Luigi}, title = {XML Signature Wrapping Still Considered Harmful: A Case Study on the Personal Health Record in Germany}, booktitle = {J{\o}sang, Futcher et al. (Eds.): ICT Systems Security and Privacy Protection. SEC 2021. IFIP Advances in Information and Communication Technology, Vol 625}, isbn = {978-3-030-78119-4}, doi = {10.1007/978-3-030-78120-0_1}, institution = {Fachbereich Informatik}, pages = {3 -- 18}, year = {2021}, abstract = {XML Signature Wrapping (XSW) has been a relevant threat to web services for 15 years until today. Using the Personal Health Record (PHR), which is currently under development in Germany, we investigate a current SOAP-based web services system as a case study. In doing so, we highlight several deficiencies in defending against XSW. Using this real-world contemporary example as motivation, we introduce a guideline for more secure XML signature processing that provides practitioners with easier access to the effective countermeasures identified in the current state of research.}, language = {en} }