Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CSFW
2012
IEEE
2012
IEEE
Discovering Concrete Attacks on Website Authorization by Formal Analysis
—Social sign-on and social sharing are becoming an ever more popular feature of web applications. This success is largely due to the APIs and support offered by prominent social networks, such as Facebook, Twitter, and Google, on the basis of new open standards such as the OAuth 2.0 authorization protocol. A formal analysis of these protocols must account for malicious websites and common web application vulnerabilities, such as cross-site request forgery and open redirectors. We model several configurations of the OAuth 2.0 protocol in the applied pi-calculus and verify them using ProVerif. Our models rely on WebSpi, a new library for modeling web applications and web-based attackers that is designed to help discover concrete website attacks. Our approach is validated by finding dozens of previously unknown vulnerabilities in popular websites such as Yahoo and WordPress, when they connect to social networks such as Twitter and Facebook.
Real-time TrafficCSFW 2012 | Pi Calculus | Redirectors | Security Privacy | Twitter |
| Added | 28 Sep 2012 |
| Updated | 28 Sep 2012 |
| Type | Journal |
| Year | 2012 |
| Where | CSFW |
| Authors | Chetan Bansal, Karthikeyan Bhargavan, Sergio Maffeis |
Comments (0)
Researcher Info
|
