Ecole d'ingénieur et centre de recherche en télécommunications
 
- + print
AccueilPublicationsReference monitors for security and interoperability in OAuth 2.0

Reference monitors for security and interoperability in OAuth 2.0

Cherrueau, Ronan-Alexandre; Douence, Rémi; Royer, Jean-Claude; Südholt, Mario; De Oliveira, Anderson Santana; Roudier, Yves; Dell'Amico, Matteo

SETOP 2013, 6th International Workshop on Autonomous and Spontaneous Security, 12-13 September 2013, Rhul, Egham, UK

OAuth 2.0 is a recent IETF standard devoted to providing authorization to clients requiring access to specific resources over HTTP. It was recently adopted by major internet players like Google, Facebook, and Microsoft. It has been pointed out that this framework is potentially subject to security issues, as well as difficulties concerning the interoperability between protocol participants and application evolution. As we show in this paper, there are indeed multiple reasons that make this protocol hard to implement and impede interoperability in the presence of different kinds of client. Our main contribution consists in a framework that harnesses a type-based policy language and aspect-based support for protocol adaptation through flexible reference monitors in order to handle security, interoperability and evolution issues of OAuth 2.0. We apply our framework in the context of three scenarios that make explicit variations in the protocol and show how to handle those issues.

Document Bibtex

Type:Conférence
Langue:English
Ville:Rhul
Pays:ROYAUME-UNI
Date:
Département:Réseaux et Sécurité
Eurecom ref:4076
Copyright: © Springer. Personal use of this material is permitted. The definitive version of this paper was published in SETOP 2013, 6th International Workshop on Autonomous and Spontaneous Security, 12-13 September 2013, Rhul, Egham, UK and is available at :
Bibtex: @inproceedings{EURECOM+4076, year = {2013}, title = {{R}eference monitors for security and interoperability in {OA}uth 2.0}, author = {{C}herrueau, {R}onan-{A}lexandre and {D}ouence, {R}{\'e}mi and {R}oyer, {J}ean-{C}laude and {S}{\"u}dholt, {M}ario and {D}e {O}liveira, {A}nderson {S}antana and {R}oudier, {Y}ves and {D}ell'{A}mico, {M}atteo}, booktitle = {{SETOP} 2013, 6th {I}nternational {W}orkshop on {A}utonomous and {S}pontaneous {S}ecurity, 12-13 {S}eptember 2013, {R}hul, {E}gham, {UK}}, address = {{R}hul, {ROYAUME}-{UNI}}, month = {09}, url = {http://www.eurecom.fr/publication/4076} }
Voir aussi:


Syndiquer le contenu
Crédits indigen
EURECOM
Campus SophiaTech,
450 Route des Chappes, 06410 Biot FRANCE
Tél. : +33 (0)4 93 00 81 00 - Fax : +33 (0)4 93 00 82 00
GPS: 43.614376, 7.070450‎ / +43° 36' 51.75", +7° 4' 13.62"