Online citations, reference lists, and bibliographies.

Formal Verification Of OAuth 2.0 Using Alloy Framework

S. Pai, Yash Sharma, S. Kumar, Radhika M. Pai, S. Singh
Published 2011 · Computer Science

Cite This
Download PDF
Analyze on Scholarcy
Share
Over the past few years, the paradigm of social networking has grown to such a degree that social networking websites have evolved into full-fledged platforms, catering to a wide range of consumer interests. The near-ubiquity of Internet access has facilitated the proliferation of users that indulge in social networking. However, this wide spread usage of the Internet and social networking in particular brings with it the need to design and implement a plethora of security enhancing and privacy preserving protocols and standards. Several protocols and security mechanisms have been proposed to ensure primary security features such as confidentiality, integrity, authenticity and non repudiation. However, ensuring the correctness of these protocols is crucial in ensuring user confidence in system security. Therefore, these protocols need to be verified in some formal sense that involves an exhaustive examination of the protocol flow and its state transitions. In this paper, we formalize OAuth, an authentication standard which has found wide acceptance in the Internet community. We formalize the protocol using a method called knowledge flow analysis, using the Alloy modeling language for specification and the Alloy Analyzer for verification. We show how the Alloy Analyzer successfully discovers the known security vulnerability in OAuth.
This paper references



This paper is referenced by
10.1016/J.IOT.2019.100092
Deriving event data sharing in IoT systems using formal modelling and analysis
Paul Fremantle (2019)
Synthesis of Property-Preserving Platform Mappings
Eunsuk Kang (2017)
10.1007/978-3-319-66284-8_33
Security Flows in OAuth 2.0 Framework: A Case Study
M. Argyriou (2017)
10.1007/978-3-642-54568-9_15
Reference Monitors for Security and Interoperability in OAuth 2.0
Ronan-Alexandre Cherrueau (2013)
Synthesis of Property-Preserving Mappings
Eunsuk Kang (2017)
10.14722/UEOP.2016.23008
Longitudinal Analysis of the Third-party Authentication Landscape
Anna Vapen (2016)
Network-based Origin Confusion Attacks against HTTPS Virtual Hosting
Akamai PoP (2015)
10.1007/978-3-319-61204-1_16
Breaking and Fixing Mobile App Authentication with OAuth2.0-based Protocols
Ronghai Yang (2017)
10.1109/HASE.2015.20
Verification for OAuth Using ASLan++
Haixing Yan (2015)
Future Networks Project 257448 “ SAIL – Scalable and Adaptable Internet Solutions ” D-5 . 3 ( D . D . 2 ) Description of Implemented Prototype
Victor Souza (2012)
10.1109/ASE.2019.00036
OAUTHLINT: An Empirical Study on OAuth Bugs in Android Applications
Tamjid Al Rahat (2019)
10.1007/s11277-014-2102-7
A Survey of Mobile Cloud Computing Applications: Perspectives and Challenges
Yating Wang (2015)
10.3233/JCS-140503
Discovering concrete attacks on website authorization by formal analysis
Chetan Bansal (2014)
10.1007/978-3-030-25540-4
Computer Aided Verification
Isil Dillig (2019)
Improving the security of real world identity management systems
Wanpeng Li (2017)
10.1007/978-3-319-55783-0_16
A Survey of Security Analysis in Federated Identity Management
Sean Simpson (2016)
10.1109/SecDev.2016.017
Design Space Exploration for Security
E. Kang (2016)
10.1007/978-3-319-04918-2_15
Third-Party Identity Management Usage on the Web
Anna Vapen (2014)
10.1016/j.compind.2016.06.001
VOAuth: A solution to protect OAuth against phishing
Min Xie (2016)
10.1109/ISIAS.2011.6122819
Integrating OAuth with Information card systems
Haitham S. Al-Sinani (2011)
10.15123/PUB.4026
Enterprise adoption oriented cloud computing performance optimization
Moustafa Noureddine (2014)
User Access Privacy in OAuth 2.0 and OpenID Connect
Wanpeng Li (2020)
10.1007/978-3-319-31875-2_23
A Study of OAuth 2.0 Risk Notification and Token Revocation from Resource Server
Jungsoo Park (2015)
10.1145/2897845.2897874
Model-based Security Testing: An Empirical Study on OAuth 2.0 Implementations
R. Yang (2016)
10.1109/SIoT.2014.8
Federated Identity and Access Management for the Internet of Things
Paul Fremantle (2014)
10.1016/j.jss.2012.12.031
An authentication model towards cloud federation in the enterprise
Moustafa Noureddine (2013)
10.1109/ACCESS.2017.2766180
Fog Computing Over IoT: A Secure Deployment and Formal Verification
S. Zahra (2017)
10.1007/978-3-319-40667-1_18
Analysing the Security of Google's Implementation of OpenID Connect
W. Li (2016)
10.3384/diss.diva-127304
Web Authentication using Third-Parties in Untrusted Environments
Anna Vapen (2016)
10.1109/TrustCom/BigDataSE.2018.00227
OAuth-SSO: A Framework to Secure the OAuth-Based SSO Service for Packaged Web Applications
Nazmul Hossain (2018)
Mitigating CSRF attacks on OAuth 2.0 and OpenID Connect
Wanpeng Li (2018)
10.1016/j.procs.2013.05.377
C2M: Open and Decentralized Cloud Contact Management
Sebastian Göndör (2013)
See more
Semantic Scholar Logo Some data provided by SemanticScholar