Mobile values, new names, and secure communication, ACM SIGPLAN- SIGACT Symposium on Principles of Programming Languages, pp.104-115, 2001. ,
URL : https://hal.archives-ouvertes.fr/hal-01423924
Private authentication, Theoretical Computer Science, vol.322, issue.3, pp.427-476, 2004. ,
DOI : 10.1016/j.tcs.2003.12.023
A calculus for cryptographic protocols, Proceedings of the 4th ACM conference on Computer and communications security , CCS '97, pp.1-70, 1999. ,
DOI : 10.1145/266420.266432
Towards a declarative language and system for secure networking, USENIX international workshop on Networking meets databases. USENIX Association, 2007. ,
Towards a Formal Foundation of Web Security, 2010 23rd IEEE Computer Security Foundations Symposium, pp.290-304, 2010. ,
DOI : 10.1109/CSF.2010.27
The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications, International Conference on Computer Aided Verification, pp.281-285, 2005. ,
DOI : 10.1007/11513988_27
URL : https://hal.archives-ouvertes.fr/inria-00000408
Formal analysis of SAML 2.0 web browser single sign-on, Proceedings of the 6th ACM workshop on Formal methods in security engineering, FMSE '08, 2008. ,
DOI : 10.1145/1456396.1456397
An authentication flaw in browser-based Single Sign-On protocols: Impact and remediations, Computers & Security, vol.33, pp.41-58, 2013. ,
DOI : 10.1016/j.cose.2012.08.007
JavaSPI, International Journal of Secure Software Engineering, vol.2, issue.4, pp.34-48, 2011. ,
DOI : 10.4018/jsse.2011100103
Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage, Conference on Principles of Security and Trust, 2013. ,
DOI : 10.1007/978-3-642-36830-1_7
URL : https://hal.archives-ouvertes.fr/hal-00863375
WebSpi and web application models, 2011. ,
Discovering Concrete Attacks on Website Authorization by Formal Analysis, 2012 IEEE 25th Computer Security Foundations Symposium, pp.247-262, 2012. ,
DOI : 10.1109/CSF.2012.27
URL : https://hal.archives-ouvertes.fr/hal-00815834
Robust defenses for cross-site request forgery, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, pp.75-88, 2008. ,
DOI : 10.1145/1455770.1455782
Robust defenses for cross-site request forgery, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, pp.75-88, 2008. ,
DOI : 10.1145/1455770.1455782
Content security policy ,
Verified Cryptographic Implementations for TLS, ACM Transactions on Information and System Security, vol.15, issue.1, pp.1-3, 2012. ,
DOI : 10.1145/2133375.2133378
URL : https://hal.archives-ouvertes.fr/hal-00863381
Verified interoperable implementations of security protocols, IEEE Computer Security Foundations Workshop, pp.139-152, 2006. ,
Verified implementations of the information card federated identity-management protocol, Proceedings of the 2008 ACM symposium on Information, computer and communications security , ASIACCS '08, pp.123-135, 2008. ,
DOI : 10.1145/1368310.1368330
An efficient cryptographic protocol verifier based on prolog rules, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001., pp.82-96, 2001. ,
DOI : 10.1109/CSFW.2001.930138
Automatic verification of correspondences for security protocols*, Journal of Computer Security, vol.17, issue.4, pp.363-434, 2009. ,
DOI : 10.3233/JCS-2009-0339
ProVerif: Automatic Cryptographic Protocol Verier, User Manual and Tutorial ,
Universally composable security: a new paradigm for cryptographic protocols, Proceedings 2001 IEEE International Conference on Cluster Computing, pp.136-145, 2001. ,
DOI : 10.1109/SFCS.2001.959888
Assertions and protocols for the OASIS Security Assertion Markup Language (SAML) v2, 2005. ,
Universally composable security analysis of oauth v2.0. IACR Cryptology ePrint Archive, p.526, 2011. ,
Security analysis of double redirection protocols, 2011. ,
Timed analysis of security protocols, Journal of Computer Security, vol.15, issue.6, pp.619-645, 2007. ,
DOI : 10.3233/JCS-2007-15603
Binder, a logic-based security language, Proceedings 2002 IEEE Symposium on Security and Privacy, pp.105-113, 2002. ,
DOI : 10.1109/SECPRI.2002.1004365
On the security of public key protocols, IEEE Transactions on Information Theory, vol.29, issue.2, pp.198-208, 1983. ,
DOI : 10.1109/TIT.1983.1056650
The OAuth 1, Protocol. IETF RFC, vol.5849, 2010. ,
A Type Discipline for Authorization in Distributed Systems, 20th IEEE Computer Security Foundations Symposium (CSF'07), pp.31-48, 2007. ,
DOI : 10.1109/CSF.2007.7
A type discipline for authorization policies, ACM Transactions on Programming Languages and Systems, vol.29, issue.5, 2007. ,
AUTHSCAN: Automatic extraction of web authentication protocols from implementations, Networks and Distributed Systems Security Symposium, 2013. ,
Browser model for security analysis of browserbased protocols, Eropean Symposium on Research in Computer Security, pp.489-508, 2005. ,
OAuth Security Advisory: 2009.1 -Session Fixation Attack, 2009. ,
Using static analysis to validate the SAML single sign-on protocol, Proceedings of the 2005 workshop on Issues in the theory of security , WITS '05, pp.27-40, 2005. ,
DOI : 10.1145/1045405.1045409
The OAuth 2.0 Authorization Framework, IETF RFC, vol.6749, 2012. ,
DOI : 10.17487/rfc6749
Alloy: A Logical Modelling Language, International Conference of B and Z Users, 2003. ,
DOI : 10.1007/3-540-44880-2_1
The SPaCIoS Project: Secure Provision and Consumption in the Internet of Services, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation ,
DOI : 10.1109/ICST.2013.75
OAuth 2.0 threat model and security considerations, IETF RFC, vol.6819, 2013. ,
DOI : 10.17487/rfc6819
Towards Unified Authorization for Android, 5th International Symposium on Engineering Secure Software and Systems, pp.42-57, 2013. ,
DOI : 10.1007/978-3-642-36563-8_4
URL : https://hal.archives-ouvertes.fr/hal-00863384
Formal analysis of Facebook Connect Single Sign-On authentication protocol, SofSem Student Research Forum, pp.99-116, 2011. ,
Functions as processes, Mathematical Structures in Computer Science, vol.4, issue.02, pp.119-141, 1992. ,
DOI : 10.1016/0304-3975(87)90045-4
URL : https://hal.archives-ouvertes.fr/inria-00075405
Analysis of liberty single-sign-on with enabled clients, IEEE Internet Computing, vol.7, issue.6, pp.38-44, 2003. ,
DOI : 10.1109/MIC.2003.1250582
Federated identity-management protocols, Security Protocols Workshop, pp.153-174, 2005. ,
OpenID 2.0, Proceedings of the second ACM workshop on Digital identity management , DIM '06, pp.11-15, 2006. ,
DOI : 10.1145/1179529.1179532
Busting frame busting: a study of clickjacking vulnerabilities at popular sites, 2010. ,
On breaking SAML: Be whoever you want to be, Workshop on Offensive Technologies, 2012. ,
The devil is in the (implementation) details, Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pp.378-390, 2012. ,
DOI : 10.1145/2382196.2382238
Knowledge flow analysis for security protocols, 2006. ,
Cross-Origin Resource Sharing, 2013. ,
Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services, 2012 IEEE Symposium on Security and Privacy, pp.365-379, 2012. ,
DOI : 10.1109/SP.2012.30
A semantic model for authentication protocols, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy, pp.178-194, 1993. ,
DOI : 10.1109/RISP.1993.287633
Information-Flow-Based Access Control for Web Browsers, =var p,mem string(val 2)) in out(pageClick(b)))) ))), pp.836-850, 2009. ,
DOI : 10.1587/transinf.E92.D.836