Reference monitors for security and interoperability in OAuth 2.0

Abstract : The OAuth 2.0 protocol is a recent IETF standard devoted to providing authorization to clients requiring access to specific resources over HTTP. It was recently adopted by major internet players like Google, Facebook, and Microsoft. It has been pointed out that this protocol is potentially subject to security issues, as well as difficulties concerning the interoperability between protocol participants and application evolution. As we show in this paper, there are indeed multiple reasons that make this protocol hard to implement and impede interoperability in the presence of different kinds of clients. Our main contribution consists in a framework that harnesses a type based policy language and aspect-based support for protocol adaptation through flexible reference monitors in order to handle security, interoperability and evolution issues of OAuth 2.0. We apply our framework in the context of three scenarios that make explicit variations in the protocol and show how to handle those issues.
Type de document :
Communication dans un congrès
SETOP - 6th International Workshop on Autonomous and Spontaneous Security - 2013, Sep 2013, Egham, United Kingdom. 2013
Liste complète des métadonnées

https://hal.inria.fr/hal-00846810
Contributeur : Ronan-Alexandre Cherrueau <>
Soumis le : samedi 20 juillet 2013 - 18:21:45
Dernière modification le : vendredi 22 juin 2018 - 09:34:50

Identifiants

  • HAL Id : hal-00846810, version 1

Citation

Ronan-Alexandre Cherrueau, Rémi Douence, Jean-Claude Royer, Mario Südholt, Anderson Santana de Oliveira, et al.. Reference monitors for security and interoperability in OAuth 2.0. SETOP - 6th International Workshop on Autonomous and Spontaneous Security - 2013, Sep 2013, Egham, United Kingdom. 2013. 〈hal-00846810〉

Partager

Métriques

Consultations de la notice

452