Advanced XML Security Lab
From Wikipedia, the free encyclopedia
The Advanced XML Security Lab (AXSL) was established as a collaboration between the Center for Advanced Defense Studies (CADS) and Sarvega, Inc. (acquired by Intel Corporation in 2006), the leading provider of XML networking products. The Advanced XML Security Lab (AXSL) researches technologies relevant to XML Web Services and information security. AXSL aims to improve government and private sector information sharing initiatives and systems interoperability.
[edit] Activities
AXSL's charter includes investigating threat scenarios and signatures that impact the deployment of XML Web Services and secure information exchange. Located at the Center for Advanced Defense Studies in Washington, DC, AXSL aims to make XML Web Services and information security technologies commercially available. Membership in AXSL is open to organizations interested in conducting advanced research into XML Web Services security, XML vulnerabilities, and the secure exchange of information amongst trading partners in the public and private sectors.
[edit] Achievements
In February 2005, AXSL made available the XML Web Services Vulnerability Model, the first tool designed to help network and application security managers plan and implement XML Web Services threat mitigation solutions. The model is the result of extensive research performed by AXSL and its partner organizations.
XML Web Services traffic can be modified, processed or secured in layered form, illustrating one clear distinction from network based threats. The AXSL research highlights another type of XML threat, referred to as vertical threats, which are multi-dimensional in nature and span multiple layers of the protocol and application stack. AXSL research further categorizes horizontal and vertical XML threats. Horizontal Threats include encoding threats, structural threats, grammar validation threats, semantic representation threats and semantic implementation threats. Vertical Threats involve Algorithmic threats, external entity threats and XML web services security threats.