Publications

Conference/Workshop

• Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Jörg Schwenk, Nils Gruschka, and Luigi Lo Iacono.

  All Your Clouds are Belong to us - Security Analysis of Cloud Management Interfaces.

  In Proceedings of the ACM Cloud Computing Security Workshop (CCSW), Chicago, Illinois, USA, 2011.

  
  
• Mario Heiderich, Tilman Frosch, Meiko Jensen, and Thorsten Holz.

  Crouching Tiger - Hidden Payload: Security Risks of Scalable Vectors Graphics.

  In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), Chicago, Illinois, USA, 2011.

  
  
• Meiko Jensen, Christopher Meyer, Juraj Somorovsky, and Jörg Schwenk.

  On the Effectiveness of XML Schema Validation for Countering XML Signature Wrapping Attacks.

  In Proceedings of the First International Workshop on Securing Services on the Cloud (IWSSC), Milan, Italy, 2011.

  
  
• Jens-Matthias Bohli, Meiko Jensen, Nils Gruschka, Luigi Lo Iacono, and Jörg Schwenk.

  Security Prospects through Cloud Computing by Adopting Multiple Clouds.

  In Proceedings of the 4th IEEE International Conference on Cloud Computing (CLOUD), Washington, D.C., USA, 2011.

  
  
• Meiko Jensen and Florian Kerschbaum.

  Towards Privacy-Preserving XML Transformation.

  In Proceedings of the 9th IEEE International Conference on Web Services (ICWS), Washington, D.C., USA, 2011.

  
  
• Meiko Jensen and Christopher Meyer.

  Expressiveness Considerations of XML Signatures.

  In Proceedings of the 3rd IEEE International Workshop on Security Aspects of Process and Services Engineering (SAPSE), Munich, Germany, 2011.

  
  
• Filip Majernik, Meiko Jensen, and Jörg Schwenk.

  MARV - Data Level Confidentiality Protection in BPEL-based Web Service Compositions.

  In Proceedings of the 6th International Conference on Network Architectures and Information Systems Security (SAR-SSI), La Rochelle, France, 2011.

  
  
• Ralph Herkenhöner, Meiko Jensen, Henrich C. Pöhls, and Hermann de Meer.

  Towards Automated Processing of the Right of Access in Inter-Organizational Web Service Compositions.

  In Proceedings of the IEEE International Workshop on Web Service and Business Process Security (WSBPS), Miami, Florida, U.S.A., 2010.

  
  
• Juraj Somorovsky, Meiko Jensen, and Jörg Schwenk.

  Streaming-Based Verification of XML Signatures in SOAP Messages.

  In Proceedings of the IEEE International Workshop on Web Service and Business Process Security (WSBPS), Miami, Florida, U.S.A., 2010.

  
  
• Meiko Jensen, Sven Schäge, and Jörg Schwenk.

  An Anonymous Access Control and Accountability Scheme for Cloud Computing.

  In Proceedings of the Third International Conference on Cloud Computing (IEEE CLOUD), Miami, Florida, U.S.A., 2010.

  
  
• Nils Gruschka and Meiko Jensen.

  Attack Surfaces: A Taxonomy for Attacks on Cloud Services.

  In Proceedings of the Third International Conference on Cloud Computing (IEEE CLOUD), Miami, Florida, U.S.A., 2010.

  
  
• Meiko Jensen and Jörg Schwenk.

  Definition, Application, and Enforcement of WS-SecurityPolicies in Model-Driven SOAs.

  In Proceedings of the Third International Symposium on Web Services (WSS), Dubai, U.A.E., 2010.

  
  
• Florian Kohlar, Jörg Schwenk, Meiko Jensen, and Sebastian Gajek.

  Secure Bindings of SAML Assertions to TLS Sessions.

  In Proceedings of the Fifth International Conference on Availability, Reliability and Security (ARES), Krakow, Poland, 2010.

  
  
• Nils Gruschka, Meiko Jensen, and Luigi Lo Iacono.

  A Design Pattern for Event-Based Processing of Security-enriched SOAP Messages.

  In Proceedings of the Second International Workshop on Security Aspects in Grid and Cloud Computing (SAGC), Krakow, Poland, 2010.

  
  
• Antonia Azzini, Stefania Marrara, Meiko Jensen, and Jörg Schwenk.

  Extending the Similarity-Based XML Multicast Approach with Digital Signatures.

  In Proceedings of the ACM Workshop on Secure Web Services (SWS), Chicago, Illinois, U.S.A., 2009.

  
  
• Meiko Jensen, Lijun Liao, and Jörg Schwenk.

  The Curse of Namespaces in the Domain of XML Signature.

  In Proceedings of the ACM Workshop on Secure Web Services (SWS), Chicago, Illinois, U.S.A., 2009.

  
  
• Meiko Jensen, Jörg Schwenk, Nils Gruschka, and Luigi Lo Iacono.

  On Technical Security Issues in Cloud Computing.

  In Proceedings of the IEEE International Conference on Cloud Computing (CLOUD-II), Bangalore, India, 2009.

  
  
• Meiko Jensen and Nils Gruschka.

  Privacy Against the Business Partner: Issues for Realizing End-to-End Confidentiality in Web Service Compositions.

  In Proceedings of the International Workshop on Business Processes Security (BPS), held as part of DEXA 2009, Linz, Austria.

  
  
• Sebastian Gajek, Meiko Jensen, Lijun Liao, and Jörg Schwenk.

  Analysis of Signature Wrapping Attacks and Countermeasures.

  In Proceedings of the 7th IEEE International Conference on Web Services (ICWS), Los Angeles, USA, 2009.

  
  
• Meiko Jensen and Jörg Schwenk.

  SOA Security - Web Services Standards und Angriffe.

  In Proceedings of D•A•CH Security, Bochum, Germany, 2009.

  
  
• Meiko Jensen.

  Generating WS-SecurityPolicy Documents via Security Model Transformation.

  In Proceedings of the Young Researchers Workshop on Modeling and Management of Business Processes (YRW-MBP), held as part of SABRE 2009, Leipzig, Germany.

  
  
• Meiko Jensen and Sven Feja.

  A Security Modeling Approach for Web-Service-based Business Processes.

  In Proceedings of the 7th IEEE Workshop on Model-Based Development for Computer-Based Systems (MBD), San Francisco, USA, 2009.

  
  
• Meiko Jensen and Jörg Schwenk.

  The Accountability Problem of Flooding Attacks in Service-Oriented Architectures.

  In Proceedings of the IEEE International Conference on Availability, Reliability and Security (ARES), Fukuoka, Japan, 2009.

  
  
• Sven Feja, Ralph Herkenhöner, Meiko Jensen, Andreas Speck, Hermann de Meer, and Jörg Schwenk.

  Modeling and Transformation of Security Requirements: An Approach for Service-oriented Architectures.

  In Proceedings of the First Euro-NF Workshop on Future Internet Architecture: New Trends in Service & Networking Architectures, 21. November 2008, Paris, France.

  
  
• Meiko Jensen and Nils Gruschka.

  Flooding Attack Issues of Web Services and Service-Oriented Architectures.

  In Proceedings of the Workshop on Security for Web Services and Service-Oriented Architectures (SWSOA), Munich, Germany, 2008.

  
  
• Meiko Jensen.

  A Fault Propagation Approach for Highly Distributed Service Compositions.

  In Proceedings of the IEEE International Conference on Services Computing (SCC), Honolulu, Hawaii, USA, 2008.

  
  
• Meiko Jensen, Nils Gruschka and Norbert Luttenberger.

  The Impact of Flooding Attacks on Network-based Services.

  In Proceedings of the IEEE International Conference on Availability, Reliability and Security (ARES), Barcelona, Spain, 2008.

  
  
• Meiko Jensen, Nils Gruschka, Ralph Herkenhöner, Norbert Luttenberger.

  SOA and Web Services: New Technologies, New Standards - New Attacks.

  In Proceedings of the 5th IEEE European Conference on Web Services (ECOWS), Halle(Saale), Germany, 2007.

  
  
• Nils Gruschka, Meiko Jensen and Torben Dziuk.

  Event-based Application of WS-Security Policy on SOAP Messages.

  In Proceedings of the ACM Workshop on Secure Web Services (SWS), Fairfax, Virginia, U.S.A., 2007.

  
  
• Meiko Jensen.

  Eine zustandsbehaftete Web Service Firewall für BPEL (in german).

  In Proceedings of the Second GI SIG SIDAR Graduate Workshop on Reactive Security (SPRING2). Technical Report SR-2007-01, GI FG SIDAR, Dortmund, July 2007.

  
  
• Nils Gruschka, Meiko Jensen, Norbert Luttenberger.

  A Stateful Web Service Firewall for BPEL.

  In Proceedings of 2007 IEEE International Conference on Web Services (ICWS), Salt Lake City, Utah, U.S.A., 2007.

  
  

Journals

• Nils Gruschka, Meiko Jensen, Luigi Lo Iacono, and Norbert Luttenberger.

  Server-Side Streaming Processing of WS-Security.

  In IEEE Transactions on Services Computing (TSC, to appear).

  
  
• Florian Kohlar, Jörg Schwenk, Meiko Jensen, and Sebastian Gajek.

  On Cryptographically Strong Bindings of SAML Assertions to Transport Layer Security.

  In International Journal of Mobile Computing and Multimedia Communications (IJMCMC, to appear).

  
  
• Meiko Jensen, Nils Gruschka, and Ralph Herkenhöner.

  A survey of attacks on web services.

  In Computer Science - Research and Development (CSRD): Volume 24, Issue 4 (2009), Pages 185-197, Special Issue on "Web Services - Architecture and Infrastructure". Springer Berlin/Heidelberg. ISSN: 1865-2034.

  
  

Book Chapters

• Nils Gruschka, Meiko Jensen, Florian Kohlar, Lijun Liao.

  On Interoperability Failures in WS-Security: The XML Signature Wrapping Attack.

  In E. Kajan: Electronic Business Interoperability: Concepts, Opportunities and Challenges, Business Science Reference, Hershey, NY, USA. ISBN 978-1-60960-485-1, 2011.

  
  
• Meiko Jensen and Nils Gruschka.

  A Survey of Attacks in the Web Services World

  In C. Gutierrez, E. Fernandez-Medina, M. Piattini: Web Services Security Development and Architecture, Information Science Reference, ISBN: 978-1-60566-950-2, 2010.

  
  
• Meiko Jensen and Sven Feja.

  Modellierung von Sicherheitsaspekten in orchestrierten integrierten Anwendungssystemen.

  In K.-P. Fähnrich, S. Kühne, M. Thränert: Model-Driven Integration Engineering, Leipziger Beiträge zur Informatik, Band XI, ISBN: 978-3-941152-02-1, 2008.

  
  
• Norbert Luttenberger and Meiko Jensen (editors).

  Proceedings of the Workshop on Security for Web Services and Service-Oriented Architectures (SWSOA).

  In Proceedings of the INFORMATIK 2008, Beherrschbare Systeme - dank Informatik, Band 1, Beitr{"a}ge der 38. Jahrestagung der Gesellschaft für Informatik e.V. (GI), ISBN: 978-3-88579-227-7, Munich, Germany, 2008.

  
  

Books

• Meiko Jensen.

  BPEL Firewall - Abwehr von Angriffen auf zustandsbehaftete Web Services.

  ISBN 978-3836485517, VDM Verlag Dr. Müller, 2008.

  
  

Other

• Pratik Datta, Frederick Hirsch, Meiko Jensen.

  XML Signature Streaming Profile of XPath 1.0 (W3C Editor's Draft)

  
  

Talks

• All Your Cloud Are Belong To Us – Attacking Clouds and Web Services

  Invited Talk, held at Vodafone D2, Düsseldorf, Germany, 08/2011.

  
  
• Towards Privacy-Preserving XML Transformation

  Invited Talk, held at the IEEE Services Security & Privacy Workshop, Washington, D.C., USA, 2011.

  
  
• Security Prospects through Cloud Computing by Adopting Multiple Clouds

  Held at the 4th International Conference on Cloud Computing (IEEE CLOUD), Washington, D.C., USA, 2011.

  
  
• Towards Privacy-Preserving XML Transformation

  Held at the 9th IEEE International Conference on Web Services (ICWS), Washington, D.C., USA, 2011.

  
  
• Secure Sharing of Item-level Data in the Cloud

  Held at the 4th International Conference on Cloud Computing (IEEE CLOUD), Washington, D.C., USA, 2011.

  
  
• All Your Cloud Are Belong To Us - Angriffe auf die Cloud

  Invited talk, held at the CAST-Workshop on SOA- and Cloud Security, Darmstadt, Germany, 06/2011.

  
  
• All Your Cloud Are Belong To Us - Angriffe auf Clouds und Web Services

  Invited talk, held at the Informatik-Kolloquium of Georg-Simon-Ohm-Hochschule, Nürnberg, Germany, 06/2011.

  
  
• “All your cloud are belong to us” – Angriffe auf die Cloud

  Held at the A-I3/BSI Symposium, Bochum, Germany, 04/2011.

  
  
• Vertrau’ mir, ich bin deine Cloud!

  Held at the GI KuVS Fachgespräch "Sicherheit im Cloud Computing", Darmstadt, Germany, 04/2011.

  
  
• Cloud Computing Standards: A Security Point of View.

  Held as Invited Panelist at the IEEE Cloud Computing Standards Symposium, Miami, Florida, U.S.A., 2010.

  
  
• Towards Automated Processing of the Right of Access in Inter-Organizational Web Service Compositions.

  Held at the IEEE International Workshop on Web Service and Business Process Security (WSBPS), Miami, Florida, U.S.A., 2010.

  
  
• An Anonymous Access Control and Accountability Scheme for Cloud Computing.

  Held at the Third International Conference on Cloud Computing (IEEE CLOUD), Miami, Florida, U.S.A., 2010.

  
  
• Attack Surfaces: A Taxonomy for Attacks on Cloud Services.

  Held at the Third International Conference on Cloud Computing (IEEE CLOUD), Miami, Florida, U.S.A., 2010.

  
  
• A Design Pattern for Event-Based Processing of Security-enriched SOAP Messages.

  Held at the Second International Workshop on Security Aspects in Grid and Cloud Computing (SAGC), Krakow, Poland, 2010.

  
  
• On Technical Security Issues in Cloud Computing.

  Held at the HGI Kolloquium of the Horst Görtz Institute for IT-Security, Bochum, Germany, 01/2010.

  
  
• A Security Modeling Approach for Web-Service-based Business Processes.

  Held at the colloquium of the Department of Informatics and Mathematics of the University of Passau, Germany, 01/2010.

  
  
• Extending the Similarity-Based XML Multicast Approach with Digital Signatures.

  Held at the ACM Workshop on Secure Web Services (SWS), Chicago, Illinois, U.S.A., 2009.

  
  
• The Curse of Namespaces in the Domain of XML Signature.

  Held at the ACM Workshop on Secure Web Services (SWS), Chicago, Illinois, U.S.A., 2009.

  
  
• On Technical Security Issues in Cloud Computing.

  Held at the IEEE International Conference on Cloud Computing (CLOUD-II), Bangalore, India, 2009.

  
  
• Privacy Against the Business Partner: Issues for Realizing End-to-End Confidentiality in Web Service Compositions.

  Held at the International Workshop on Business Processes Security (BPS), part of DEXA 2009, Linz, Austria.

  
  
• Analysis of Signature Wrapping Attacks and Countermeasures.

  Held at the MyPhD Workshop, Passau, Germany, 2009.

  
  
• Analysis of Signature Wrapping Attacks and Countermeasures.

  Held at the 7th IEEE International Conference on Web Services (ICWS), Los Angeles, USA, 2009.

  
  
• Sicherheitsmodellierung für Web-Service basierte Geschäftsprozesse.

  Invited Talk, held at the CAST-Workshop on SOA Security, Darmstadt, Germany, 06/2009.

  
  
• A Security Modeling Approach for Web-Service-based Business Processes.

  Held at the HGI Seminar of the Horst Görtz Institute for IT-Security, Bochum, Germany, 04/2009.

  
  
• A Security Modeling Approach for Web-Service-based Business Processes.

  Held at the 7th IEEE Workshop on Model-Based Development for Computer-Based Systems (MBD), San Francisco, USA, 2009.

  
  
• A Security Modeling Approach for Web-Service-based Business Processes.

  Invited Talk, held at the HP Laboratories, Palo Alto, USA, 04/2009.

  
  
• Generating WS-SecurityPolicy Documents via Security Model Transformation.

  Held at the Young Researchers Workshop on Modeling and Management of Business Processes (YRW-MBP), part of SABRE 2009, Leipzig, Germany, 2009.

  
  
• The Accountability Problem of Flooding Attacks in Service-Oriented Architectures.

  Held at the IEEE International Conference on Availability, Reliability and Security (ARES), Fukuoka, Japan, 2009.

  
  
• Flooding Attack Issues of Web Services and Service-Oriented Architectures.

  Held at the HGI Seminar of the Horst Görtz Institute for IT-Security, Bochum, Germany, 11/2008.

  
  
• Stronger TLS Bindings for SAML Assertions and SAML Artifacts.

  Held at the ACM Workshop on Secure Web Services (SWS), Alexandria, Virginia, U.S.A., 2008.

  
  
• Flooding Attack Issues of Web Services and Service-Oriented Architectures.

  Held at the Workshop on Security for Web Services and Service-Oriented Architectures (SWSOA), Munich, Germany, 2008.

  
  
• A Fault Propagation Approach for Highly Distributed Service Compositions.

  Held at the IEEE International Conference on Services Computing (SCC), Honolulu, Hawaii, USA, 2008.

  
  
• The Impact of Flooding Attacks on Network-based Services.

  Held at the IEEE International Conference on Availability, Reliability and Security (ARES), Barcelona, Spain, 2008.

  
  
• Exkurs: Semaphore und Monitore in Betriebssystemen.

  Held at the operating systems lecture, winter term 2007/08, University of Kiel.

  
  
• SOA and Web Services: New Technologies, New Standards - New Attacks.

  Held at the 5th IEEE European Conference on Web Services (ECOWS), Halle(Saale), Germany, 2007.

  
  
• Eine zustandsbehaftete Web Service Firewall für BPEL.

  Held at the Second GI SIG SIDAR Graduate Workshop on Reactive Security (SPRING2), Dortmund, July 2007.

  
  
• Business Process Execution Language for Web Services.

  Held at the internet communications lecture, winter term 2006/07, University of Kiel.

  
  
• Scientific Computing: the N-Body-Problem.

  Held at the multi-threaded, parallel and distributed systems seminar, summer term 2006, University of Kiel.

  
  
• XML-Kompressionsalgorithmen

  Held at the XML technologies and applications seminar, summer term 2005, University of Kiel.

  
  

Scientific Community Activities

Organizing Committee

• IEEE International Workshop on Web Services Performance (WSP), Los Angeles, USA, 2009
• Young Researchers Workshop on Modeling and Management of Business Processes (YRW-MBP), Leipzig, Germany, 2009.
• Workshop on Security for Web Services and Service-Oriented Architectures (SWSOA), Munich, Germany, 2008.

Program Committee/Reviewer

• International Conference on Cloud Computing and Services Science (CLOSER 2012)
• IEEE International Conference on Digital Ecosystem Technologies - Complex Environment Engineering (DEST-CEE 2012)
• IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2011)
• Central-European Workshop on Services and their Composition (ZEUS 2012)
• Elsevier Journal on Systems and Software (JSS)
• ACM Workshop on Privacy in the Electronic Society (WPES 2011)
• International Workshop on Securing Services on the Cloud (IWSSC 2011)
• International Symposium on Data-Driven Process Discovery and Analysis (SIMPDA 2011)
• Springer World Wide Web Journal (WWWJ)
• IEEE International Conference on Web Services (ICWS 2010, 2011)
• IEEE Transactions on Services Computing (TSC)
• Elsevier Journal on Systems Architecture (JSA)
• IEEE Network
• IEEE Congress on Services (SERVICES I+II 2009)
• ACM Workshop on Secure Web Services (SWS 2009)

Other Activities

• Invited Expert of the W3C Working Group on XML Security (since March 2010)
• Member of the executive board of the Horst Görtz Institute for IT-Security (since November 2009)
• Member of the executive committee of the Ecom section (E-Commerce and E-Government Security) of the German Informatics Society (GI)
• Fellow of the Ruhr University Research School (since February 2009)
• Member of IEEE Society
• Member of IEEE Computer Society
• Member of IEEE TC Services Computing
• Member of ACM
• Member of Cloud Security Alliance
• Member of German Informatics Society (GI)