, Mobile values, new names, and secure communication, ACM SIGPLAN- SIGACT Symposium on Principles of Programming Languages, pp.104-115, 2001.
URL : https://hal.archives-ouvertes.fr/hal-01423924
, Private authentication, Theoretical Computer Science, vol.322, issue.3, pp.427-476, 2004.
DOI : 10.1016/j.tcs.2003.12.023
, A calculus for cryptographic protocols, Proceedings of the 4th ACM conference on Computer and communications security , CCS '97, pp.1-70, 1999.
DOI : 10.1145/266420.266432
, Towards a declarative language and system for secure networking, USENIX international workshop on Networking meets databases. USENIX Association, 2007.
, Towards a Formal Foundation of Web Security, 2010 23rd IEEE Computer Security Foundations Symposium, pp.290-304, 2010.
DOI : 10.1109/CSF.2010.27
, The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications, International Conference on Computer Aided Verification, pp.281-285, 2005.
DOI : 10.1007/11513988_27
URL : https://hal.archives-ouvertes.fr/inria-00000408
, Formal analysis of SAML 2.0 web browser single sign-on, Proceedings of the 6th ACM workshop on Formal methods in security engineering, FMSE '08, 2008.
DOI : 10.1145/1456396.1456397
, An authentication flaw in browser-based Single Sign-On protocols: Impact and remediations, Computers & Security, vol.33, pp.41-58, 2013.
DOI : 10.1016/j.cose.2012.08.007
, JavaSPI, International Journal of Secure Software Engineering, vol.2, issue.4, pp.34-48, 2011.
DOI : 10.4018/jsse.2011100103
, Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage, Conference on Principles of Security and Trust, 2013.
DOI : 10.1007/978-3-642-36830-1_7
URL : https://hal.archives-ouvertes.fr/hal-00863375
, WebSpi and web application models, 2011.
, Discovering Concrete Attacks on Website Authorization by Formal Analysis, 2012 IEEE 25th Computer Security Foundations Symposium, pp.247-262, 2012.
DOI : 10.1109/CSF.2012.27
URL : https://hal.archives-ouvertes.fr/hal-00815834
, Robust defenses for cross-site request forgery, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, pp.75-88, 2008.
DOI : 10.1145/1455770.1455782
, Robust defenses for cross-site request forgery, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, pp.75-88, 2008.
DOI : 10.1145/1455770.1455782
, Content security policy
, Verified Cryptographic Implementations for TLS, ACM Transactions on Information and System Security, vol.15, issue.1, pp.1-3, 2012.
DOI : 10.1145/2133375.2133378
URL : https://hal.archives-ouvertes.fr/hal-00863381
, Verified interoperable implementations of security protocols, IEEE Computer Security Foundations Workshop, pp.139-152, 2006.
, Verified implementations of the information card federated identity-management protocol, Proceedings of the 2008 ACM symposium on Information, computer and communications security , ASIACCS '08, pp.123-135, 2008.
DOI : 10.1145/1368310.1368330
, An efficient cryptographic protocol verifier based on prolog rules, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001., pp.82-96, 2001.
DOI : 10.1109/CSFW.2001.930138
, Automatic verification of correspondences for security protocols*, Journal of Computer Security, vol.17, issue.4, pp.363-434, 2009.
DOI : 10.3233/JCS-2009-0339
, ProVerif: Automatic Cryptographic Protocol Verier, User Manual and Tutorial
, Universally composable security: a new paradigm for cryptographic protocols, Proceedings 2001 IEEE International Conference on Cluster Computing, pp.136-145, 2001.
DOI : 10.1109/SFCS.2001.959888
, Assertions and protocols for the OASIS Security Assertion Markup Language (SAML) v2, 2005.
, Universally composable security analysis of oauth v2.0. IACR Cryptology ePrint Archive, p.526, 2011.
, Security analysis of double redirection protocols, 2011.
, Timed analysis of security protocols, Journal of Computer Security, vol.15, issue.6, pp.619-645, 2007.
DOI : 10.3233/JCS-2007-15603
, Binder, a logic-based security language, Proceedings 2002 IEEE Symposium on Security and Privacy, pp.105-113, 2002.
DOI : 10.1109/SECPRI.2002.1004365
, On the security of public key protocols, IEEE Transactions on Information Theory, vol.29, issue.2, pp.198-208, 1983.
DOI : 10.1109/TIT.1983.1056650
, The OAuth 1, Protocol. IETF RFC, vol.5849, 2010.
, A Type Discipline for Authorization in Distributed Systems, 20th IEEE Computer Security Foundations Symposium (CSF'07), pp.31-48, 2007.
DOI : 10.1109/CSF.2007.7
, A type discipline for authorization policies, ACM Transactions on Programming Languages and Systems, vol.29, issue.5, 2007.
, AUTHSCAN: Automatic extraction of web authentication protocols from implementations, Networks and Distributed Systems Security Symposium, 2013.
, Browser model for security analysis of browserbased protocols, Eropean Symposium on Research in Computer Security, pp.489-508, 2005.
, OAuth Security Advisory: 2009.1 -Session Fixation Attack, 2009.
, Using static analysis to validate the SAML single sign-on protocol, Proceedings of the 2005 workshop on Issues in the theory of security , WITS '05, pp.27-40, 2005.
DOI : 10.1145/1045405.1045409
, The OAuth 2.0 Authorization Framework, IETF RFC, vol.6749, 2012.
DOI : 10.17487/rfc6749
, Alloy: A Logical Modelling Language, International Conference of B and Z Users, 2003.
DOI : 10.1007/3-540-44880-2_1
, The SPaCIoS Project: Secure Provision and Consumption in the Internet of Services, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation
DOI : 10.1109/ICST.2013.75
, OAuth 2.0 threat model and security considerations, IETF RFC, vol.6819, 2013.
DOI : 10.17487/rfc6819
, Towards Unified Authorization for Android, 5th International Symposium on Engineering Secure Software and Systems, pp.42-57, 2013.
DOI : 10.1007/978-3-642-36563-8_4
URL : https://hal.archives-ouvertes.fr/hal-00863384
, Formal analysis of Facebook Connect Single Sign-On authentication protocol, SofSem Student Research Forum, pp.99-116, 2011.
, Functions as processes, Mathematical Structures in Computer Science, vol.4, issue.02, pp.119-141, 1992.
DOI : 10.1016/0304-3975(87)90045-4
URL : https://hal.archives-ouvertes.fr/inria-00075405
, Analysis of liberty single-sign-on with enabled clients, IEEE Internet Computing, vol.7, issue.6, pp.38-44, 2003.
DOI : 10.1109/MIC.2003.1250582
, Federated identity-management protocols, Security Protocols Workshop, pp.153-174, 2005.
, OpenID 2.0, Proceedings of the second ACM workshop on Digital identity management , DIM '06, pp.11-15, 2006.
DOI : 10.1145/1179529.1179532
, Busting frame busting: a study of clickjacking vulnerabilities at popular sites, 2010.
, On breaking SAML: Be whoever you want to be, Workshop on Offensive Technologies, 2012.
, The devil is in the (implementation) details, Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pp.378-390, 2012.
DOI : 10.1145/2382196.2382238
, Knowledge flow analysis for security protocols, 2006.
, Cross-Origin Resource Sharing, 2013.
, Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services, 2012 IEEE Symposium on Security and Privacy, pp.365-379, 2012.
DOI : 10.1109/SP.2012.30
, A semantic model for authentication protocols, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy, pp.178-194, 1993.
DOI : 10.1109/RISP.1993.287633
, Information-Flow-Based Access Control for Web Browsers, =var p,mem string(val 2)) in out(pageClick(b)))) ))), pp.836-850, 2009.
DOI : 10.1587/transinf.E92.D.836