owasp-wascappsec2007sanjose_attackingxmlsecurity

7/21/2019 OWASP-WASCAppSec2007SanJose_AttackingXMLSecurity

1/121

Copyright 2007 - The OWASP FoundationPermission is granted to copy, distriute and!or modi"y this documentunder the terms o" the Creati#e Commons Attriution-ShareA$i%e 2&'(icense& To #ie) this $icense, #isithttp*!!creati#ecommons&org!$icenses!y-sa!2&'!

The OWASPFoundation

OWASP &WASC

AppSec2007

ConferenceSan +ose o#

2007

http*!!)))&o)asp&org!http*!!)))&)eappsec&org!

Attacking XML Securit

!rad "i##

Principa$ Security Consu$tantrad.isecpartners&com

$


2/121

OWASP & WASC AppSec 2007 Conference % San o'e % (o)2007

Agenda

/ntroductionWho am /

Why care aout 1( Security

3o) do 1( 4igita$ Signatures )or%

3o) to ui$d a cross-p$at"orm )orm in

1(5

Can )e use this techno$ogy sa"e$y

2


3/121


Specia# Thank' to*

A#e+ Sta,o' 6 Scott Stender, iSC Partners Attacking Web Services: The Next Generation of VulnerableEnterprise Apps

http*!!isecpartners&com!8$es!iSC-Attac%ing-We-Ser#ices&SyScan&pd"

-an .a,in'k o" 4o9Para 6 /OActi#e

-r/ Laurence !u## o" onash :ni#ersity, Austra$ia

-r/ !rian LaMacchia o" icroso"t Corporation

Andrea' une'ta,,e''e !urn', Chri' C#ark and Chri'Pa#,er o" iSC Partners
http://isecpartners.com/files/iSEC-Attacking-Web-Services.SyScan.pdfhttp://isecpartners.com/files/iSEC-Attacking-Web-Services.SyScan.pdfhttp://isecpartners.com/files/iSEC-Attacking-Web-Services.SyScan.pdfhttp://isecpartners.com/files/iSEC-Attacking-Web-Services.SyScan.pdf


4/121


1ntroduction

Who am /

Principa$ Security Consu$tant "or iSC Partners

App$ication security consu$tants andresearchers

;ased in San Francisco and Seatt$e, :SA

To get the $atest #ersion o" these s$ides* https*!!)))&isecpartners&com!spea%ing&htm$
https://www.isecpartners.com/speaking.htmlhttps://www.isecpartners.com/speaking.html


5/121


Wh care a3out XML Securit4

We Ser#ices ha#e gone mainstream*SOA 6 ;2; integrationWe Sing$e Sign On

And everbo!has 1( app$ications&/tP4igita$ identity systems

5


6/121


T6o ear' ago

A$e9 Stamos 6 Scott Stender o" iSCpresent*?Attacking Web Services:The e9t @eneration

o" u$nera$e nterprise App$icationsB

We Ser#ices can e scary*a$ua$e

isi$eu$nera$e

8


7/121


We3 Ser)ice app#ication9#e)e# attack'

The OWASP Top 0 sti$$ app$y to WeSer#ices

O$d Da)s $i%e SE( inection

And ne) Da)s $i%e 1( and 1Path inection

P$us comp$e9ity attac%s and denia$ o"ser#ices against 1( parsers andapp$ications

7


8/121


Toda:' topic i' protoco#9#e)e# attack'

A$e9 6 Scott


9/121


Wh XML-S1< & XML=(C4

For meG/ didn


10/121


!ui#ding an attack pro+

/ )anted a too$ $i%e WeScara or Fidd$er"or attac%ing We Ser#ices uti$iJing WS-Security&

First order o" usiness )as 89ing up 1(Signatures&

Then / "ound this in the interop #ectors)hi$e doing unit testing*

H er$in 3ughes, ;a$timore Techno$ogies, 2002I

$0


11/121


2>

5oo

4#

/0vvtdT9@AUnlBpC$*pAh*4s=

/0vvtdT9@AUnlBpC$*pAh*4s=

...

$$
http://www.w3.org/2000/09/xmldsighttp://www.w3.org/TR/2001/REC-xml-c14n-20010315http://www.w3.org/TR/1999/REC-xpath-19991116http://www.w3.org/TR/1999/REC-xslt-19991116http://example.org/foohttp://example.org/uspshttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/TR/2001/REC-xml-c14n-20010315http://www.w3.org/2000/09/xmldsighttp://www.w3.org/TR/xml-stylesheethttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/Signature/2002/04/xml-stylesheet.b64http://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/TR/1999/REC-xpath-19991116http://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/TR/1999/REC-xpath-19991116http://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/TR/1999/REC-xpath-19991116http://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/TR/1999/REC-xpath-19991116http://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/Signature/2002/04/xml-stylesheet.b64http://www.w3.org/2000/09/xmldsighttp://www.w3.org/TR/xml-stylesheethttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/TR/2001/REC-xml-c14n-20010315http://www.w3.org/2000/09/xmldsighttp://example.org/uspshttp://example.org/foohttp://www.w3.org/TR/1999/REC-xslt-19991116http://www.w3.org/TR/1999/REC-xpath-19991116http://www.w3.org/TR/2001/REC-xml-c14n-20010315http://www.w3.org/2000/09/xmldsig


12/121


ETlEAhvvOte%PABh4CEE=

JD0Chd3&&*%5gINEB0%IpO=



LB%,8eO99th1+,h3&8Bs8=

...

$2
http://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/TR/2001/REC-xml-c14n-20010315http://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/TR/2001/REC-xml-c14n-20010315http://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/TR/2001/REC-xml-c14n-20010315http://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/TR/2001/REC-xml-c14n-20010315http://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsighttp://www.w3.org/2000/09/xmldsig


13/121


NvUJOJPMPvne$vvAU3)L8UT/p+AIE@3oIi/O1L==

the te&t.


14/121


,=e#lin C6ghesQDU=e)6#eQD=9ltio#e Te)hnologies Btd.QT=764linQ,=E

,=T#nsient ,OQDU=e)6#eQD=9ltio#e Te)hnologies Btd.QT=764linQ,=E

101AA88A0*8

7U7,,O&,gO9OgIOD*/g$sOLI9MI**9O4EBOLIO1UE9h,UU&

7O9g9OgT9L+1;&p4EL,IO1UE,h4PFsdIlt4JlF+l;$h64$&v$ll

)9dIP6+E7;7PPBEh;B1l;TE9IO1UEO&CJh4npN0E9

9*7TO7PTLFo7TE7P&TLo4EBOLIO1UE9h,UU&


)9dIP6+E7;7PPBEh;B1l;TEN9PIO1UEO&TN4Il6Eh1$hl

),,O4)ggEs9g)MhLDDOP99CK9gP7d**,@M)TNl4/K,t$3tg6pDn doUig6A&9L$POhE5Np8i+0dKB&@JPB)D#)n0NlhhN0sl

8d,M$#t7CooB&4IT3MtOBE/vsP,LiBtIhAgPAMACT,hUg;1

Pet+O1s6sPOP9t9v&8%NM8T#A7318lOoI9OJ8e*NM&A&

;J$&/K0e10NnK7U+n@T%iFF4K+FElK7eot;D8#e+IL,@$@5iU

$4dNTT/B44L@0A3*DD&J/NB%I6;)DP)v*$&h*73CdM*dlt+$

O@Dd*8#p4*L*)i#1/$8LgO*IEOOK9gCC$K;oPECnMN+U67OI0E;/P

*6),/8+D;B/IKMOUF4vC$U&P7AInt;g;3&i,)%*i8#gNgA%%O

+;vADd@6e#/TlU*6@@&;v+o@sv*%l4JKe,@d3MeU1TL,4U+B

B5#7siUvhvooD7OD9gCP89O58E9O,9*OEP;7+0D9OoE,t;AE

lED9IO1UdPOMO,DI3L9$6KTOLI9MI**9O7BOBOUvT0$iP Pd*Npe09vsAI6,)s,F,E)Pp4U5n&FNiFP*%#NMn

7,,O6gO9OgIOD*/5JOLI9MI**9O4EBOLIO1UE9h,UU&



9*7TO7PTLo7TE7P&TLo4EBOLIO1UE9h,UU&



...

$


15/121


That:' no Crptographic 1ntegritPri,iti)e

/t


16/121



17/121


!ut not a #ot of pu3#ic attention et/

There ha#e een e9ce$$ent papers on se#era$ o" the WS-Ksecurity standards in the academic )or$d&

Worth searching the AC, Springer or / $iraries "or&

http*!!)))&Jurich&im&com!security!identities!

There are e#en "u$$ "orma$ proo"s o" some o" theseprotoco$s&

;ut they o"ten start )ith sentences $i%e* ?A''u,e thatthe participating co,puter' and the u'er:'3ro6'er Bare correct/B

$7
http://www.zurich.ibm.com/security/identities/http://www.zurich.ibm.com/security/identities/


18/121


A for,a## correct ,echani', for putting 3urning #og' right in the ,idd#e of o

What the architect de'igned

$;


19/121


Photo Credit: Jeff Leighton, Inspect-It 1stProperty Inspection. Used with permission.

What the re)ie6er 'o,eti,e' Bnd'*

$>


20/121


Attack Surface Ana#'i'

Typica$ "or app$ications start )ith a threatmode$&

numerate a$$ the entry points, inter"acesand operations&

Which are anonymous$y accessi$eA#ai$a$e to authenticated users

AuthoriJed to a$$ users, administrators, or anindi#idua$ user

(oca$$y or remote$y accessi$e

Comp$e9ity o" inputs or operations,dependencies, assumptions&

20


21/121


3TTPS Ha it simp$i8edI

A BTLS Message1

Per9'e''ion ke e+change

LOn# X/50> certiBcate''upported a' ke'LMu#tip#e ,e''age' o)er'ing#e 'e''ionL(o pre'er)ation of e)idence

-icu#t to co,po'e 6ith re#ia3#e

de#i)erLOpaDue to inter,ediarie'LMe''age' on# protected in thechanne#LFor6ard 'ecrec 6ith -" kee+change

Channel privacy & integrity with KSESSION

SymmetricKSESSIONerive !r"m #$%' certs & () *ey e+change

Messagen

2$


22/121


EncryptKB

SignKC

WS-Security HOne o" "anpossii$ities&I

A BCM

SignKA

Mp1 Mp,

SignKA

(L-ura3#e 'ecuritLSe#ecti)e 'ecuritLMi+ed keEtoken tpe'LMi+ed ke e+change

)TT-

)TT-S

.MS

TC-

L1nter,ediate actor'LCo,po'a3#ea''ertion'LTran'port agno'tic KB

Kc

Mp/ Mp1 Mp,

22


23/121


2

3TTP

1(, SOAP, WS4(, Schema, WS-Addressing, etc&

1( 4igita$ Signatures

1( ncryption

SA( Mereros 1&'0N

Security To%en Pro8$es

WS-Trust

WS-Federation WS-SecureCon#ersation

WS-Po$icy

WS-SecurityPo$icy

WS-Security

&et TCP Channe$,Fast /n"oSet, etc&

WS-Actua$$y @et Some Wor% 4one

SS(


24/121


2

SS(


25/121


25

3TTP

1(, SOAP, WS4(, Schema, WS-Addressing, etc&

1( 4igita$ Signatures

1( ncryption

SA( Mereros 1&'0N

Security To%en Pro8$es

WS-Trust

WS-Federation WS-SecureCon#ersation

WS-Po$icy

WS-SecurityPo$icy

WS-Security

&et TCP Channe$,Fast /n"oSet, etc&


26/121



27/121


Counter9intuiti)e 1ntegrit

(ots o" stu can change )ithoutin#a$idating the signature&

/mportant i" you


28/121


The Structure & Propertie' of XML

-igita# Signature'

2;


29/121


XMLG

P==)-2IfT/9h(1*Ce'l)'

L


30/121


!a'ic 'tructure of an XML-S1


40/121


A''u,ption $* Co,p#e+it & -oS

Standard' Co,,ittee*

?/t


41/121



Securit9,inded de)e#oper*

?/ )ish 1( )ere $ess comp$e9, ut i" /"o$$o) est practices / can do it sa"e$y&B

4on


42/121



A)erage -e)e#oper*

?/ authenticate my 1(

inputs )ith a signature no),so / don


43/121


C$( =ntit =+pan'ion Attack'

CQ


44/121


=+a,p#e =ntit =+pan'ion

This document e9pands to around 2 @; )hen parsed*

DOCTYPE foo

ENTITY & F,G'


45/121


C$( i' e+pen'i)e in genera#/

A some)hat comp$e9 a$gorithm )ith $argeresource reuirements&;ui$d a 4O, #a$idate, canonica$iJe, seria$iJe&

Schema and speci8cation do not $imit thenumer o" CQ trans"orms that may eapp$ied to a re"erence&

Cou$d detect and optimiJe a)ay redundantCQ, ut / ha#e not seen anyone do this yet&

5


46/121


!eference H

Tr&nsformsH

Tr&nsform &lgorithmBhtt==****'org=T!=G)),=!EC%xml%c,


47/121


C$( 6ith Co,,ent' & "a'hCo##i'ion'

OPT/OA( a$gorithm, ut a$most a$)ays supported

Comments may e semantica$$y signi8cant in the doc&

;ut are they e#er in the RSigned/n"o metadataA$most certain$y not e#en e9amined&

An unusua$ degree o" "reedom in cra"ting a hash co$$isionthat is sti$$ )e$$-"ormed and doesn


48/121



49/121


IeferenceG

=e"erences descrie )hat is eing signed&

/denti"y the signed content )ith a :=/&

Trans"orms to re8ne the speci8cation orcanonica$iJe&

Speci"y the digest method and digest#a$ue&

>


50/121


IeferenceG

A$$ re"erences are primari$y identi8ed y a:=/&

Fu$$ document re"erence* !IBFF

1Pointer ;are* !IBF#o;ectF Oect =e"erence* !IBF#xointerRidRo;ectF Same-document 1Path* !IBFxointerR=F

9terna$ re"erence*!IBFhtt==****'org=T!=xml%st"lesheetF

50


51/121


IeferenceG

Three types o" signatures*

n#e$oping* =e"erences are descendantso" the signature in the 1( document&

n#e$oped* Signature is a descendant o"the signed content&

4etached* Signed content is a si$ing orat an e9terna$ $ocation&

5$


52/121


=+terna# Ieference'

+ust "ai$ed another o" our est practices&

An attac%er can insert a ma$icious e9terna$ re"erence,and you ha#e to chase it to see i" the signature#a$idates&

o simp$e Dag to turn this o in, e&g& +a#a AP/s&

aye not #a$id in WS-Security conte9t* ?ele"ents containe! inthe signature S#$%&' refer to a resource (ithin the enclosingS$A) envelopeB

http*!!)))&oasis-open&org!committees!do)n$oad&php!7N0!)ss-#&-spec-os-SOAPessageSecurity&pd"

/mportant to AP/ c$ients&

Ca$$ers need to pro#ide a custom !IDereferencerimp$ementation&

52
http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdfhttp://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf


53/121


Ti,e of Check Ti,e of H'e

What i" an e9terna$ re"erence changes or ecomesuna#ai$a$e Fetch on #a$idate, "etch again on use& Pro#ide ma$icious

content the second time, repudiate transaction, etc&

eed to use cached re"erence retrie#a$&

+a#a pro#ides AP/ support, ut it is not a de"au$teha#ior&

Can


54/121


Thi' i' 3ad/

The need to pu$$ "rom the #a$idation cachema%es "or a #ery tight coup$ing et)eenthe security and app$ication $ayer&

/s there any )ay to do this correct$y "roman net)or%-edge security gate)aySimi$ar to e)sham and Ptace%


55/121


XPath & XPointer

=e"erences to 1( content to e signed can a$so eidenti8ed y an 1Path or 1Pointer e9pression&

This can e comp$e9 and resource intensi#e&

1Path Fi$ter 2&0 Hintersect, sutract, unionI is a$soa#ai$a$e as a Trans"orm& This (as speci*call create! because +)ath (as beco"ing an

acci!ental 'oS vector,

Speci"y an un$imited numer o" 1Path Fi$tersHinter$ea#ed )ith CQ "or good measureI "or a good4oS&

55


56/121


XPath & XPointer

Another "ai$ure o" the comp$e9ity 6 4oSassumption mismatch&

WS-Security recommends against, utagain does not "orid, 1Path 6 1Pointerre"erence :=/s&

58


57/121


(e6 The,e*

Securit:' Wor't =ne, i'Co,p#e+itN

Seen more than a it o" this a$ready&

ore to come&

57


58/121


Fri'k Ieference'

Content re"erenced y /4 or an amiguous1Path can e mo#ed aout in the document)ithout in#a$idating the signature&

This a document-speci8c attac%, ute$ements )ith conte9tua$ semantics muste signed in-situ "or sa"ety&

&g& the "o$$o)ing t)o documents oth #eri"y)ith the same signature #a$ue*

5;

(a)e# 'ign u't the price to pre)ent


59/121


(a)e# 'ign u't the price to pre)ent,odiBcation

5>

orderH

itemH

n&meH4ox of Pencils=n&meHrice IdBF,FHU,5)=riceH

6$&ntit"H,=6$&ntit"H

=itemH

itemH

n&meHL&to=n&meH

rice IdBFGFHUG5))))=riceH

6$&ntit"H,))=6$&ntit"H =itemH

=orderH

Sign&t$re xmlnsBFhtt==****'org=G)))=)8=xmldsig#FH

SignedInfoH

!eference !IBF#xointerRidR,FH =!eferenceH

!eference !IBF#xointerRidRGFH =!eferenceH

=SignedInfoH

Sign&t$re:&l$eH =Sign&t$re:&l$eH

7e"InfoH =7e"InfoH

=Sign&t$reH


60/121


Signature 'ti## )a#id* )er diQerent 'e,antic'/

80

orderH

itemH

n&meH4ox of Pencils=n&meH rice IdBFGFHUG5))))=riceH

6$&ntit"H,=6$&ntit"H

=itemH

itemH

n&meHL&to=n&meH

rice IdBF,FHU,5)=riceH

6$&ntit"H,))=6$&ntit"H =itemH

=orderH

Sign&t$re xmlnsBFhtt==****'org=G)))=)8=xmldsig#FH

SignedInfoH

!eference !IBF#xointerRidR,FH =!eferenceH

!eference !IBF#xointerRidRGFH =!eferenceH

=SignedInfoH

Sign&t$re:&l$eH =Sign&t$re:&l$eH

7e"InfoH =7e"InfoH

=Sign&t$reH

# i k


61/121


=#e,ent Wrapping Attack'N

4iscussed rieDy in WS-Security standard )ithregard to SOAP headers&o#ing e$ements "rom optiona$ #s& must-understand

?+-& Signature Ele"ent Wrapping Attacks an!.ounter"easuresBichae$ c/ntosh 6 Pau$a Auste$/; =esearch, 3a)thorne, V

Wor%shop On Secure We Ser#ices

Proceedings o" the 200' Wor%shop on Secure We Ser#icesAC Press

http*!!porta$&acm&org!citation&c"mid0>026mpcit6co$$AC6d$AC6CF/4Q00'2N6CFTOM77NX>>'XYC/T

8$
http://portal.acm.org/citation.cfm?id=1103026&jmp=cit&coll=ACM&dl=ACM&CFID=14005269&CFTOKEN=77983358http://portal.acm.org/citation.cfm?id=1103026&jmp=cit&coll=ACM&dl=ACM&CFID=14005269&CFTOKEN=77983358


62/121


Wrapper:' -e#ight

ot ust repositioning signed e$ements&An attac%er can a$so add or de$ete content or

modi"y the unsigned portions )ithout rea%ingthe signature&

App$ies to o#er$y speci8c 1Pointers, 1Path andFi$ters as )e$$ as re"erences y /d&

Again, need to pu$$ content direct$y "rom#a$idation cache&

ore tight coup$ing to the security $ayerore attac%s possi$e against gate)ay

app$iances

82


63/121


749=Ha&SOn#4?9D'v0z@"V)IA


64/121


Tran'for,'

9tra processing instructions=e8ne se$ection o" signed content

Additiona$ steps to arri#e at the correct digest

We


65/121


=n)e#oped & =n)e#oping Signature'

ode$ed as Trans"orms&

9tract the signature "rom the content, or#ice-#ersa, e"ore canonica$iJing 6

digesting&

85

=+ten'i3#e St#e'heet


66/121


=+ten'i3#e St#e'heetLanguage Tran'for,' KXSLT

1S(T is a $anguage "or processing andtrans"orming 1( documents&

:sed "or content e9traction or, most

common$y, trans"orming 1( content "romone "ormat to another&

A pattern-matching temp$ate processorta%es a source and temp$ate documentand produces a third document as output&

88

XSLT


67/121


XSLT

Pro#ide an e9treme$y e9pressi#e means tose$ect content "or signing&

?Sign )hat is meant, not )hat is said&B

;ut too c$e#er y ha$"&

87

Th - d A # i


68/121


The,e* -ependenc Ana#'i'

Ta%ing dependencies on othercomponents or code corre$ates strong$y)ith security de"ects&

Threat mode$s don


69/121


Mi',atched A''u,ption' Again

1S(T is not ust 1PathZZ&

/t

Th 3i ##i i


70/121


The 3ig co##i'ion/

;ut de#e$opers )ant "unctiona$ity and"unctiona$ity is attac% sur"ace&

1S(T as speci8ed in NNN )as a "unctiona$

programming $anguage&

o side eects& o /!O& o access to OS

"aci$ities&?+ust another 4oS&B

70

( t ## M t k ti


71/121


7$

(ot rea##* More net6ork operation'/

Pu$$ in an e9terna$ sty$esheet )ith&sl:in)l6deand &sl:ipo#t

Pu$$ in aritrary e9terna$ content )iththe do)6entGH"unction during thetrans"orm&

Th .i## XSLT = t i


72/121


The .i##er* XSLT =+ten'ion'

A$$ in one p$ace* /nsecure 4ependencies

Comp$e9ity

ismatched Assumptions&

1S(T is comp$icated& Code reuse and modu$arity is great5+ust import someody e$se


73/121


R9s$*sty$esheet #ersion[&0[9m$ns*9s$[http*!!)))&)>&org!NNN!1S(!Trans"orm[

9m$ns*rt[http*!!9m$&apache&org!9a$an!a#a!a#a&$ang&=untime[9m$ns*o[http*!!9m$&apache&org!9a$an!a#a!a#a&$ang&Oect[

e9c$ude-resu$t-pre89es [rt,o[ R9s$*temp$ate match[![

R9s$*#aria$e name[runtimeOect[ se$ect[rt*get=untimeHI

R9s$*#aria$e name[command[se$ect[rt*e9ecH\runtimeOect,

6apos]c*^Windo)s^system>2^cmd&e9e6apos]I[! R9s$*#aria$e name[commandAsString[ se$ect[o*toStrin R9s$*#a$ue-o" se$ect[\commandAsString[!

R!9s$*temp$ateR!9s$*sty$esheet

7


74/121


R9s$*sty$esheet9m$ns*9s$[http*!!)))&)>&org!NNN!1S(!Trans"orm[

9m$ns*9s$tc[http*!!9m$&apache&org!9a$an!9s$tc[

9m$ns*redirect[http*!!9m$&apache&org!9a$an!redirect[e9tension-e$ement-pre89es[9s$tc redirect[

#ersion[&0[R9s$*temp$ate match[![

R9s$tc*output 8$e[$o&9m$[R9s$*te9tThis ends up in the 8$e

_$o&9m$_R!9s$*te9t

R!9s$tc*outputRredirect*)rite 8$e[^^aritrary:CPath[R9s$*te9tThis ends up at an aritrary :C path5

R!9s$*te9tR!redirect*)rite

R!9s$*temp$ateR!9s$*sty$esheet

7


75/121


R9s$*sty$esheet9m$ns*9s$[http*!!)))&)>&org!NNN!1S(!Trans"orm[#ersion[&0[

9m$ns*9a$an[http*!!9m$&apache&org!9a$an[9m$ns*my-e9t[e9t[e9tension-e$ement-pre89es[my-e9t[

R5--The component and its script are in the 9a$annamespace

and de8ne the imp$ementation o" the e9tension&--R9a$an*component pre89[my-e9t[ "unctions [o)nage[R9a$an*script $ang[a#ascript[

!! Fun, aritrary +a#aScript in the +5 ;SF a$so a#ai$a$R!9a$an*script

R!9a$an*component

75

A)ai#a3#e on ,o't XSLT


76/121


78

A)ai#a3#e on ,o't XSLTproce''or'

Those )ere e9amp$es "rom 1a$an-+&

4angerous e9tensions a#ai$a$e in* 1a$an-1S(TC Sa9ond&9s$t

Orac$e 14M 0g Sa$otron 1T :nicorn

msxmlscritHV msxslscritHV xslscritHV msscritH

a$$o) +Script, ;Script and &et $anguages O y de"au$t in S1( & ;ut &et doesn


77/121


Optiona# 3ut 6ide# i,p#e,ented

200> reported interoperai$ity resu$ts "or 1S(T Trans"orm

http*!!)))&)>&org!Signature!200!0Q!0'-9m$dsig-interop&htm$

;a$timore Hgone, un%no)n disposition o" 1(4S/@techno$ogyI

3P

/A/M /;icroso"tCPhaos Hno) Orac$eI

Apache1(Sec4ataPo)er Hno) /;I

77

(o idea no AP1
http://www.w3.org/Signature/2001/04/05-xmldsig-interop.htmlhttp://www.w3.org/Signature/2001/04/05-xmldsig-interop.html


78/121


(o idea no AP1/

1(Sec is the on$y AP/ /rd

party $irary yourse$"&

oody has any idea that this stu isthere&

#en i" they do, they ha#e no )ay to turnit o&

7;

What ne+t4


79/121

OWASP & WASC AppSec 2007 Conference % San o'e % (o)

2007

What ne+t4

We


80/121


2007

@a#idation of an XML -igita# Signature

;0

http*!!)))&)>&org!T=!9m$dsig-core!Ysec-Corea$idation

What doe' thi' ,ean4
http://www.w3.org/TR/xmldsig-core/http://www.w3.org/TR/xmldsig-core/http://www.w3.org/TR/xmldsig-core/http://www.w3.org/TR/xmldsig-core/


81/121


2007

;$

What doe' thi' ,ean4

I Process e#ery =e"erence, deri#e a digest #a$ue

and compare it&

2ICanonica$iJe and digest the entire Signed/n"oe$ement and compare to the decrypted the

?Signaturea$ueB&

>IAccording to deep discussion on the mai$ing $ists,this order is non-normati#e[1], utG

T"1S 1S T"= WIO(< OI-=I OFOP=IAT1O(S/

[1] http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/21!ct"ec/#$

Pure Function' )' Attack Surface
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0064http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0064


82/121


2007

Pure Function' )'/ Attack Surface

Cryptographica$$y, the order o" operationsis not important&

Assuming no side eects&

;ut )e


83/121


2007

Correct Order of Operation'

First see i" the signature is e#en "rom a %eyyou trust&

Then #a$idate the Signaturea$ue against

the Signed/n"o&

Then#eri"y the digests&

;

1,p#e,enter' fo##o6 the 'peciBcation


84/121


2007

1,p#e,enter' fo##o6 the 'peciBcation

Comine the )rong order o" operations)ith 1S(T e9tensions&

Anonymous, remote code e9ecution )ithinvali!signature&

;

The Fa##out


85/121


2007

The Fa##out

Aout a doJen Sun products anythingusing the +S= 0' AP/s, inc$uding the core

+4M &

/A/M +a#a Crypto Too$%its

;A +roc%it

Se#era$ more )ith 4enia$ o" Ser#ice#u$nerai$ities that ha#en


86/121


2007

;8

-eBnite# 6or,a3#e/

Can inc$ude mu$tip$e Trans"orms in a signature&

Same attac% sur"ace on the c$ient and ser#er&

=e$ia$e cross-p$at"orm e9ecution&

1S(T ma%es se$"-dup$ication easy )ith sele)tGRSH

:44/ )ou$d ma%e a nice )orm propagation directory& :44/ #> supports 1(4S/@, and suggests use o" 1S(T

trans"orms&

At $east the :;= is dead&

More on order of operation'


87/121


2007

More on order of operation'/

+a#a does e9pose enough o" the interna$operations "or AP/ c$ients to do it right -- i"they


88/121


2007

p Ie'u#t'

;;

+-& Signature Extensibilit %sing.usto" Transfor"s

(aurence ;u$$ and 4a#id & SuireSchoo$ o" Computer Science and So"t)are ngineering, onash

:ni#ersity, Austra$ia5th 1nternationa# Conference on We3

1nfor,ation S'te,' =ngineering !ri'3aneAu'tra#ia (o)e,3er 2292 200

We3 1nfor,ation S'te,' % W1S= 200 pp $029$$2Lecture (ote' in Co,puter Science

Springer !er#in E "eide#3erg

1S!(* >7;995092;>92

http*EE'pringer#ink/co,EcontentEDp0er3gdcn7h$

!u## & SDuire
http://springerlink.com/content/qp0eyrbgdcn47jh1http://springerlink.com/content/qp0eyrbgdcn47jh1


89/121


2007

!u## & SDuire

4iscuss ris%s o" aritrary trans"orms, `acti#e

Anon,ou' Attack Surface


94/121


2007

Anon,ou' Attack Surface

Mey/n"o is not integrity protected&Cou$d e re"erenced in Signed/n"o, ut you

(o Safe Order of Operation'


95/121


2007

(o Safe Order of Operation'

A$$ the same ris%s o" R=e"erenceprocessing&

Again, AP/s "ai$ the user y not pro#idingadeuate %nos and s)itches to hardenthis&

>5

And a punt/


96/121


2007

And a punt/

sta$ishing trust in a %ey is comp$ete$y out o" scope& =easona$e enough&

;ut rememer the mediocre de#e$oper&

ost SS( AP/s en"orce chaining certs to a trusted root

y de"au$t, and many, many de#e$opers sti$$ get SS()rong&

The na#e de#e$oper )ho assumes 4S/@ AP/s ?ust)or%B, $i%e SS(, accomp$ishes nothing ut increasinghis attac% sur"ace dramatica$$y&

>8

1f it:' hard fai# 3 defau#t/


97/121


2007

' a d a 3 de au

The a#erage de#e$oper on$y %eeps going unti$ it

?)or%sB&

M:!M: certi8cate e9tensions Chaining ot a c$ue&

Fai$ing c$osed is a signa$ that the trust mode$ issomething that needs consideration&

=e-structure the AP/ to high$ight this*

$;lic ;oole&n v&lid&teRSign&t$re sV7e"Tr$stM&n&ger Ktm

>7

Si,p#icit i' not alwaysgood/


98/121


2007

p y g

1(4S/@ is a great case study )herepro#iding on$y a simp$e pu$ic AP/ to a #erycomp$e9 under$ying techno$ogy is cripp$ing&

Ca$$ers shou$d e ena$e dierent trans"orma$gorithms and :=/!1( reso$#ers )ithdierent properties "or the anonymous andthe authenticated attac% sur"ace&

o AP/s /;

An ,itigation'4


99/121


2007

g

Code Access Security HCASI and the +a#aPermissions mode$ ought to e a$e toconstrain the eha#ior o" signature#a$idating code&

;ut #ery uncommon to actua$$y see this&

And the +a#a AP/s )ou$d "ai$ i" run in aSecurityanager unti$ #ery recent$y&=eading system properties not )rapped&

>>


100/121


2007

XML =ncrption K)er 3rie

$00

XML =ncrption KXML=(C


101/121


2007

p K

The other pi$$ar o" WS-Security

A great dea$ ui$ds on 1(4S/@&

=e"erences

Trans"orms

Mey/n"o

/nherits the same ris%s&

$0$

XML =ncrption % What:' ne64


102/121


2007

p

:sing encryption to hide comp$e9ity oms, ma$icious

signatures, etc&

ore $ayers o" #a$idation5

Circu$ar %ey re"erences and other 4oS opportunities

Spec says* e a$e to restrict the tota$ amount o"processor and net)or% resources that can e

consumed& 4iUcu$t to do in $anguages $i%e +a#a and +a#aScript&

$02


103/121


2007

So ho6 can 6e u'e thi' 'tuQ 'afe#4

$0

Signature ProB#e'


104/121


2007

g

entioned WS-Security recommendationsas )e )ent&SOAP adds a "e) constraints, too&

SA( speci8cation oers more

recommendations&4escries ho) to do cached re" retrie#a$

P>P, CardSpace, WS-4isco#ery a$$ speci"ytheir o)n

$0

WS91 !a'ic Securit ProB#eK$ 0 and $ $ are 3oth 'ti## 6orking group draft'


105/121


2007

K$/0 and $/$ are 3oth 'ti## 6orking group draft'

http*!!)))&)s-i&org! /ntended "or compati$e "u$$ WS-K

stac%s&

any o" the concerns discussed today are addressedy this standard, He&g& Trans"orms are high$y restrictedI

though the ris%s are not made e9p$icit&

/mp$ementers o" "u$$ SOAP and WS-K stac%s )rite tothese standards "or interoperai$ity purposes&

ost WS-/ ;SP &0 or & comp$iant stac%s )on


106/121


2007

Some amiguity sti$$&

States that Trans"orms ?:ST ha#e a #a$ue o"B one o" a set o""our Hre$ati#e$yI sa"e ones&

This de8nite$y imp$ies that*

A comp$iant imp$ementation :ST OT produce other trans"orms& A comp$iant imp$ementation :ST understand the speci8ed

trans"orms&

A care$ess imp$ementer might not thin% it


107/121


2007

And "e) s)itches a#ai$a$e to the direct AP/userTo ui$d your o)n pro8$e to meet your needs

To $oc% do)n your processor

Pro8$es are inadeuate "or the genera$ case(itt$e "ran% discussion o" the ris%s they mitigate

Scattered across many speci8cations

Focused on interoperai$ity, not security and

emerging attac% patternsA minima$$y comp$iant WS-/ ;SP stac% is the

est et "or no)&

$07

For AP1 ca##er'*


108/121


2007

:se schema #a$idation to en"orce a pro8$ee"ore per"orming signature #a$idation&

Constrain the RSignature e$ement to

e9act$y )hat you e9pect it to $oo% $i%e andreect e#erything e$se&

;ut you ha#e to do this out-o"-$ineSchema #a$idation can rea% signatures& He&g&

de"au$t attrsI

ot great "or per"ormance&

$0;


109/121


2007

Le''on' Learned

$0>

Le''on' Learned


110/121


2007

Attac% sur"ace reduction matters& Comp$e9itymatters& Ta%ing dependencies matters&

Signature #a$idation is part o" authentication

this is anonymous or, at est, pre-authoriJation attac% sur"ace&

=e$easing a %itchen-sin% speci8cation, then

pu$ishing a compatii$ity and security pro8$e"our years $ater Wrong or!er of operations,

$$0

Propertie' of an 1ntegrit


111/121


2007

Mechani',4eterministic resource consumption&

Fast "ai$ure&

o side eects&

Simp$e enough to e an e9traordinari$y

roust ui$ding $oc% "or e#erything thatrests upon it&

$$$

-iQerent c#a''e' of pro3#e,/


112/121


2007

/ntegrity is a "oundationa$ security pro$em ui$t on

core mathematica$ operations&

Adding 1S(T, in any "orm, adds the pro$em o" moi$ecode security&

A c$ear $ayering #io$ation and an un"air pro$em to"oist upon imp$ementers and c$ients&

On$y cou$d snea% in ecause o" a$ready too-permissi#eassumptions aout comp$e9ity and denia$ o" ser#ice&

$$2

Ie9Learning Le''on'


113/121


2007

The Co,p#e+it Trap*Security


114/121


2007

it cou#d )e 3een/

That )as "rom*

A .rptographic Evaluation of 0)Secie$s Ferguson and ;ruce Schneier

Counterpane /nternet Security, /nc& NNN

$$

Takea6a'*


115/121


2007

;e cautious i" )riting direct$y to 1( SecurityAP/s&

arious #endors< WS-K stac%s are at dierent

$e#e$s o" security maturity today&ore research needed&

:se WS-Security )here use cases demand it&;ut protect anonymous endpoints )ith SS( Z

c$ient cert auth 8rst&

$$5

Ongoing re'earch/


116/121


2007

Watch )))&isecpartners&com"or updatesto the dec%, ad#isory )hite papers,de#e$oper est practices and too$s&

And the W>C is )or%ing on updates to thestandard*http*!!)))&)>&org!2007!9m$sec!

$$8

Thank ouR
http://www.isecpartners.com/http://www.w3.org/2007/xmlsec/http://www.w3.org/2007/xmlsec/http://www.isecpartners.com/


117/121


2007

$$7

Euestions

;rad 3i$$

rad.isecpartners&com

!i3#iograph


118/121


2007

& ;arte$, +& ;oyer, ;& Fo9, ;& (aacchia, and & Simon& 1(-Signature Synta9 and Processing& /n 4& ast$a%e, +& =eag$e, and 4&So$o, editors, W>C =ecommendation& Wor$d Wide We Consortium, 2 Feruary 2002&

http*!!)))&)>&org!T=!2002!=C-9m$dsig-core-2002022!

T& /mamura, ;& 4i$$a)ay and & Simon& 1( ncryption Synta9 and Processing& /n 4& ast$a%e, +& =eag$e, editors, W>C=ecommendation& Wor$d Wide We Consortium, 0 4ecemer 2002&

http*!!)))&)>&org!T=!2002!=C-9m$enc-core-200220!

T& ;eth, & Frisch, and @&+& Simmons, editors& Pu$ic-Mey Cryptography* State o" the Art and Future 4irections, #o$ume '7X o"(ecture otes in Computer Science& Springer, > +u$y

NN2& &/&S&S&Wor%shop Oer)o$"ach Fina$ =eport&

9tensi$e ar%up (anguage H1(I &0 HFourth ditionI& T& ;ray, +& Pao$i, C& & Spererg-cEueen, & a$er and F& Vergeau,editors& W>C =ecommendation& Wor$d Wide We Consortium, August 200, edited in p$ace 2N Septemer 200&

4& ast$a%e and M& i$es, Secure +-&: The Ne( Sntax for Signatures an! Encrption1 )earson ducation, +u$y N, 2002

+& =osenerg and 4& =emy, Securing Web Services (ith WS2Securit: 'e"stifing WS2Securit1 WS)olic1 SA-&1 +-&Signature an! +-& Encrption1 Sa"s1 34 -a 4556

T& ;erners-(ee, =& Fie$ding, (& asinter, :ni"orm =esource /denti8er H:=/I* @eneric Synta9& The /nternet Society, 200'

& 3o)ard, +& Pincus and +& & Wing, easuring =e$ati#e Attac% Sur"aces, in .o"puter Securit in the 43st .entur1 ', T, &ee1 S,), Sheih an! 7, ', Tgar1 e!itors1 pp 358239, Springer %S1 455;

http*!!springer$in%&com!content!#>$QQ'07'QmX9p27

$$;

!i3#iograph


119/121


2007

(& ;u$$ and 4& Suire, 1( Signature 9tensii$ity :sing Custom Trans"orms, in Web 0nfor"ation Sste"s < W0SE 45561 pp 3542334, Springer =erlin > #ei!elberg1 Nove"ber 4556

http*!!springer$in%&com!content!p0eyrgdcnQ7h

1S( Trans"ormations H1S(TI ersion &0& +& C$ar%, editor, W>C =ecommendation, Wor$d Wide We Consortium, o#emer NNN&

http*!!)))&)>c&org!T=!NNN!=C-9s$t-NNN

4& Tid)e$$,+S&T1 $?@eill -e!ia1 3; August 4553

;rainerd, W&S&, (and)eer, (&3& HN7QI, Theor of .o"putation1 Wile

A& S%onnard, 9tending 1S(T )ith +Script, CY, and isua$ ;asic &T, S4 agaJine, icroso"t Corporation, arch 2002&

http*!!msdn&microso"t&com!msdnmag!issues!02!0>!9m$!

& 3aro$d, Simp$e 1a$an 9tension Functions* i9ing +a#a )ith 1S(T, /; de#e$operWor%s, 07 o#emer 200

http*!!)))-2X&im&com!de#e$oper)or%s!$irary!9-9a$ane9tensions&htm$

1a$an-+a#a 9tensions, The Apache So"t)are Foundation, 200'

http*!!9m$&apache&org!9a$an-!e9tensions&htm$

1S(T Security, S4 (irary, icroso"t Corporation, 2007http*!!msdn2&microso"t&com!en-us!$irary!ms7>X00&asp9

O& Predescu, et a$&, 1a$an-+a#a, The Apache So"t)are Foundation, 3e)$ett Pac%ard Corporation, /; Corporation, Sunicrosystems and (otus 4e#e$opment Corporation NNN-2007&

http*!!9m$&apache&org!9a$an-!

$$>

!i3#iograph


120/121


2007

Path HcomputingI, Wi%imedia Foundation, 2007

http*!!en&)i%ipedia&org!)i%i!PathbHcomputingI

S1(, icroso"t Corporation& 2000-2007

http*!!msdn&microso"t&com!9m$!de"au$t&asp9

& May, SA1O, & May 2007

http*!!sa9on&source"orge&net!

+& 4$er, d&9s$t, AJtecrider, 200

Orac$e 1( 4e#e$opers Mit, 14M 0g Production, Orac$e Corporation, 200Q-200http*!!)))&orac$e&com!techno$ogy!tech!9m$!9d%!so"t)are!production0g!inde9&htm$

Sa$otron, @inger A$$iance 200

http*!!)))&gingera$$&org!sa$otron&htm$

+& C$ar% and ;& (indsey, 1T 200

http*!!)))&$nJ&com!9t!inde9&htm$

:nicorn 1S(T Processor, :nicorn nterprises 2000-200>

http*!!)))&unicorn-enterprises&com!productsbu9t&htm$

Code Access Security, &T Frame)or% 4e#e$oper07)0HS&X0I&asp9

$20

!i3#iograph


121/121

T& ;e$$)ood, S& Cape$$, (& C$ement, +& Co$gra#e, & 4o#ey, 4& Feygin, A& 3ate$y, =& Mochman, P& acias, & o#otny, & Pao$ucci, C&=iegen, T& =ogers, M& Sycara, P& WenJe$, and he Wu, :44/ ersion >&0&2& :44/ Spec Technica$ Committee 4ra"t, 4ated200Q0N, (& C$ement, A& 3ate$y, C& =eigen and T& =ogers, editors&, Accenture, Aria, /nc&, Commerce One, /nc&, Fuitsu

(imited, 3e)$ett-Pac%ard Company, i2 Techno$ogies, /nc&, /nte$ Corporation, /nternationa$ ;usiness achines Corporation,icroso"t Corporation, Orac$e Corporation, SAP A@, Sun icrosystems, /nc&, and eriSign, /nc& 200-2002, OAS/S Open 2002-200Q

http*!!uddi&org!pus!uddi-#>&0&2-200Q0N&htm

http*!!$ists&)>&org!Archi#es!Pu$ic!)>c-iet"-9m$dsig!200Oct4ec!00Q

+a#a AP/ "or 1( Processing H+A1PI, Sun 4e#e$oper et)or%, Sun icrosystems, /nc& 2007

http*!!a#a&sun&com!)eser#ices!a9p!

Trans"orm Features, Apache So"t)are Foundation, 200'

http*!!9m$&apache&org!9a$an-!"eatures&htm$Ysecureprocessing

(& @ong, +a#a 2 P$at"orm Security Architecture, Sun icrosystems, /nc& 2002-2007

http*!!a#a&sun&com!2se!&Q&2!docs!guide!security!spec!securityspec&doc>&htm$YNX02

;asic Security Pro8$e ersion &, Wor%ing @roup 4ra"t, & c/ntosh, & @udgin, M& S& orrison, A&;arir, editors& We Ser#ices/nteroperai$ity OrganiJation, 200-0-N

http*!!)))&)s-i&org!Pro8$es!;asicSecurityPro8$e-&&htm$

@& 4e$$a-(iera, & @udgin, P& 3a$$am-;a%er, & 3ondo, 3& @ran#ist, C& Ma$er, 3& aruyama, & c/ntosh, A& ada$in, &agaratnam, =& Phi$pott, 3& Pra"u$$chandra, +& She)chu%, 4& Wa$ter, and =& o$"onoon, We Ser#ices Security Po$icy(anguage, C& Ma$er and A& ada$in, editors& /nternationa$ ;usiness achines Corporation, icroso"t Corporation, =SASecurity /nc and eriSign /nc +u$y 200'

owasp-wascappsec2007sanjose_attackingxmlsecurity

Documents

owasp wasc appsec

attackthe owasp

owasp foundationpermission

sy owaspwascappsec2007sanjose

san oe

e scary

e sta

e nterprise app