Online citations, reference lists, and bibliographies.

Formal Verification Of OAuth 2.0 Using Alloy Framework

S. Pai, Yash Sharma, S. Kumar, Radhika M. Pai, S. Singh
Published 2011 · Computer Science

Cite This
Download PDF
Analyze on Scholarcy
Over the past few years, the paradigm of social networking has grown to such a degree that social networking websites have evolved into full-fledged platforms, catering to a wide range of consumer interests. The near-ubiquity of Internet access has facilitated the proliferation of users that indulge in social networking. However, this wide spread usage of the Internet and social networking in particular brings with it the need to design and implement a plethora of security enhancing and privacy preserving protocols and standards. Several protocols and security mechanisms have been proposed to ensure primary security features such as confidentiality, integrity, authenticity and non repudiation. However, ensuring the correctness of these protocols is crucial in ensuring user confidence in system security. Therefore, these protocols need to be verified in some formal sense that involves an exhaustive examination of the protocol flow and its state transitions. In this paper, we formalize OAuth, an authentication standard which has found wide acceptance in the Internet community. We formalize the protocol using a method called knowledge flow analysis, using the Alloy modeling language for specification and the Alloy Analyzer for verification. We show how the Alloy Analyzer successfully discovers the known security vulnerability in OAuth.
This paper references

This paper is referenced by
Deriving event data sharing in IoT systems using formal modelling and analysis
Paul Fremantle (2019)
Synthesis of Property-Preserving Platform Mappings
Eunsuk Kang (2017)
Security Flows in OAuth 2.0 Framework: A Case Study
M. Argyriou (2017)
Reference Monitors for Security and Interoperability in OAuth 2.0
Ronan-Alexandre Cherrueau (2013)
Synthesis of Property-Preserving Mappings
Eunsuk Kang (2017)
Longitudinal Analysis of the Third-party Authentication Landscape
Anna Vapen (2016)
Network-based Origin Confusion Attacks against HTTPS Virtual Hosting
Akamai PoP (2015)
Breaking and Fixing Mobile App Authentication with OAuth2.0-based Protocols
Ronghai Yang (2017)
Verification for OAuth Using ASLan++
Haixing Yan (2015)
Future Networks Project 257448 “ SAIL – Scalable and Adaptable Internet Solutions ” D-5 . 3 ( D . D . 2 ) Description of Implemented Prototype
Victor Souza (2012)
OAUTHLINT: An Empirical Study on OAuth Bugs in Android Applications
Tamjid Al Rahat (2019)
A Survey of Mobile Cloud Computing Applications: Perspectives and Challenges
Yating Wang (2015)
Discovering concrete attacks on website authorization by formal analysis
Chetan Bansal (2014)
Computer Aided Verification
Isil Dillig (2019)
Improving the security of real world identity management systems
Wanpeng Li (2017)
A Survey of Security Analysis in Federated Identity Management
Sean Simpson (2016)
Design Space Exploration for Security
E. Kang (2016)
Third-Party Identity Management Usage on the Web
Anna Vapen (2014)
VOAuth: A solution to protect OAuth against phishing
Min Xie (2016)
Integrating OAuth with Information card systems
Haitham S. Al-Sinani (2011)
Enterprise adoption oriented cloud computing performance optimization
Moustafa Noureddine (2014)
User Access Privacy in OAuth 2.0 and OpenID Connect
Wanpeng Li (2020)
A Study of OAuth 2.0 Risk Notification and Token Revocation from Resource Server
Jungsoo Park (2015)
Model-based Security Testing: An Empirical Study on OAuth 2.0 Implementations
R. Yang (2016)
Federated Identity and Access Management for the Internet of Things
Paul Fremantle (2014)
An authentication model towards cloud federation in the enterprise
Moustafa Noureddine (2013)
Fog Computing Over IoT: A Secure Deployment and Formal Verification
S. Zahra (2017)
Analysing the Security of Google's Implementation of OpenID Connect
W. Li (2016)
Web Authentication using Third-Parties in Untrusted Environments
Anna Vapen (2016)
OAuth-SSO: A Framework to Secure the OAuth-Based SSO Service for Packaged Web Applications
Nazmul Hossain (2018)
Mitigating CSRF attacks on OAuth 2.0 and OpenID Connect
Wanpeng Li (2018)
C2M: Open and Decentralized Cloud Contact Management
Sebastian Göndör (2013)
See more
Semantic Scholar Logo Some data provided by SemanticScholar