Breaking and Fixing Mobile App Authentication with OAuth2.0-based Protocols
作者: Ronghai Yang , Wing Cheong Lau , Shangcheng Shi
DOI: 10.1007/978-3-319-61204-1_16
关键词: Mobile apps 、 Identity provider 、 Internet privacy 、 Computer security 、 Authorization 、 Android (operating system) 、 Static program analysis 、 OpenID Connect 、 Computer science
摘要: Although the OAuth2.0 protocol was originally designed to serve the authorization need for websites, mainstream identity providers like Google and Facebook have made significant …
springer.com
sci-hub.se 参考文章(26)
Ethan Shernan, Henry Carter, Dave Tian, Patrick Traynor, Kevin Butler, More Guidelines Than Rules: CSRF Vulnerabilities from Noncompliant OAuth 2.0 Implementations Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 239- 260 ,(2015) , 10.1007/978-3-319-20550-2_13
Eric Y. Chen, Shuo Chen, Shaz Qadeer, Rui Wang, Securing Multiparty Online Services Via Certification of Symbolic Transactions 2015 IEEE Symposium on Security and Privacy. pp. 833- 849 ,(2015) , 10.1109/SP.2015.56
Eric Y. Chen, Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher, Patrick Tague, OAuth Demystified for Mobile Application Developers computer and communications security. pp. 892- 903 ,(2014) , 10.1145/2660267.2660323
Chetan Bansal, Karthikeyan Bhargavan, Sergio Maffeis, Discovering Concrete Attacks on Website Authorization by Formal Analysis ieee computer security foundations symposium. pp. 247- 262 ,(2012) , 10.1109/CSF.2012.27
Pili Hu, Ronghai Yang, Yue Li, Wing Cheong Lau, Application impersonation: problems of OAuth and API design in online social networks conference on online social networks. pp. 271- 278 ,(2014) , 10.1145/2660460.2660463
Rui Wang, Shuo Chen, XiaoFeng Wang, Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services ieee symposium on security and privacy. pp. 365- 379 ,(2012) , 10.1109/SP.2012.30
Suhas Pai, Yash Sharma, Sunil Kumar, Radhika M Pai, Sanjay Singh, None, Formal Verification of OAuth 2.0 Using Alloy Framework 2011 International Conference on Communication Systems and Network Technologies. pp. 655- 659 ,(2011) , 10.1109/CSNT.2011.141
Dick Hardt, The OAuth 2.0 Authorization Framework RFC. ,vol. 6749, pp. 1- 76 ,(2012)
Rui Wang, Luyi Xing, XiaoFeng Wang, Shuo Chen, Unauthorized origin crossing on mobile platforms: threats and mitigation computer and communications security. pp. 635- 646 ,(2013) , 10.1145/2508859.2516727
San-Tsai Sun, Konstantin Beznosov, The devil is in the (implementation) details Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 378- 390 ,(2012) , 10.1145/2382196.2382238