M. Abadi and C. Fournet, Mobile values, new names, and secure communication, ACM SIGPLAN- SIGACT Symposium on Principles of Programming Languages, pp.104-115, 2001.
URL : https://hal.archives-ouvertes.fr/hal-01423924

M. Abadi and C. Fournet, Private authentication, Theoretical Computer Science, vol.322, issue.3, pp.427-476, 2004.
DOI : 10.1016/j.tcs.2003.12.023

M. Abadi and A. D. Gordon, A calculus for cryptographic protocols, Proceedings of the 4th ACM conference on Computer and communications security , CCS '97, pp.1-70, 1999.
DOI : 10.1145/266420.266432

M. Abadi and B. T. Loo, Towards a declarative language and system for secure networking, USENIX international workshop on Networking meets databases. USENIX Association, 2007.

D. Akhawe, A. Barth, P. E. Lam, J. Mitchell, and D. Song, Towards a Formal Foundation of Web Security, 2010 23rd IEEE Computer Security Foundations Symposium, pp.290-304, 2010.
DOI : 10.1109/CSF.2010.27

A. Armando, D. A. Basin, Y. Boichut, Y. Chevalier, L. Compagna et al., The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications, International Conference on Computer Aided Verification, pp.281-285, 2005.
DOI : 10.1007/11513988_27

URL : https://hal.archives-ouvertes.fr/inria-00000408

A. Armando, R. Carbone, L. Compagna, J. Cuellar, and L. T. Abad, Formal analysis of SAML 2.0 web browser single sign-on, Proceedings of the 6th ACM workshop on Formal methods in security engineering, FMSE '08, 2008.
DOI : 10.1145/1456396.1456397

A. Armando, R. Carbone, L. Compagna, J. Cuéllar, G. Pellegrino et al., An authentication flaw in browser-based Single Sign-On protocols: Impact and remediations, Computers & Security, vol.33, pp.41-58, 2013.
DOI : 10.1016/j.cose.2012.08.007

M. Avalle, A. Pironti, D. Pozza, and R. Sisto, JavaSPI, International Journal of Secure Software Engineering, vol.2, issue.4, pp.34-48, 2011.
DOI : 10.4018/jsse.2011100103

C. Bansal, K. Bhargavan, A. Delignat-lavaud, and S. Maffeis, Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage, Conference on Principles of Security and Trust, 2013.
DOI : 10.1007/978-3-642-36830-1_7

URL : https://hal.archives-ouvertes.fr/hal-00863375

C. Bansal, K. Bhargavan, and S. Maffeis, WebSpi and web application models, 2011.

C. Bansal, K. Bhargavan, and S. Maffeis, Discovering Concrete Attacks on Website Authorization by Formal Analysis, 2012 IEEE 25th Computer Security Foundations Symposium, pp.247-262, 2012.
DOI : 10.1109/CSF.2012.27

URL : https://hal.archives-ouvertes.fr/hal-00815834

A. Barth, C. Jackson, and J. C. Mitchell, Robust defenses for cross-site request forgery, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, pp.75-88, 2008.
DOI : 10.1145/1455770.1455782

A. Barth, C. Jackson, and J. C. Mitchell, Robust defenses for cross-site request forgery, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, pp.75-88, 2008.
DOI : 10.1145/1455770.1455782

A. Barth, D. Veditz, and M. West, Content security policy

K. Bhargavan, C. Fournet, R. Corin, and E. , Verified Cryptographic Implementations for TLS, ACM Transactions on Information and System Security, vol.15, issue.1, pp.1-3, 2012.
DOI : 10.1145/2133375.2133378

URL : https://hal.archives-ouvertes.fr/hal-00863381

K. Bhargavan, C. Fournet, A. D. Gordon, and S. Tse, Verified interoperable implementations of security protocols, IEEE Computer Security Foundations Workshop, pp.139-152, 2006.

K. Bhargavan, C. Fournet, A. D. Gordon, and N. Swamy, Verified implementations of the information card federated identity-management protocol, Proceedings of the 2008 ACM symposium on Information, computer and communications security , ASIACCS '08, pp.123-135, 2008.
DOI : 10.1145/1368310.1368330

B. Blanchet, An efficient cryptographic protocol verifier based on prolog rules, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001., pp.82-96, 2001.
DOI : 10.1109/CSFW.2001.930138

B. Blanchet, Automatic verification of correspondences for security protocols*, Journal of Computer Security, vol.17, issue.4, pp.363-434, 2009.
DOI : 10.3233/JCS-2009-0339

B. Blanchet and B. Smyth, ProVerif: Automatic Cryptographic Protocol Verier, User Manual and Tutorial

R. Canetti, Universally composable security: a new paradigm for cryptographic protocols, Proceedings 2001 IEEE International Conference on Cluster Computing, pp.136-145, 2001.
DOI : 10.1109/SFCS.2001.959888

S. Cantor, J. Kemp, R. Philpott, and E. Maler, Assertions and protocols for the OASIS Security Assertion Markup Language (SAML) v2, 2005.

S. Chari, C. S. Jutla, and A. Roy, Universally composable security analysis of oauth v2.0. IACR Cryptology ePrint Archive, p.526, 2011.

F. Corella and K. Lewison, Security analysis of double redirection protocols, 2011.

R. Corin, S. Etalle, P. H. Hartel, and A. Mader, Timed analysis of security protocols, Journal of Computer Security, vol.15, issue.6, pp.619-645, 2007.
DOI : 10.3233/JCS-2007-15603

J. Detreville, Binder, a logic-based security language, Proceedings 2002 IEEE Symposium on Security and Privacy, pp.105-113, 2002.
DOI : 10.1109/SECPRI.2002.1004365

D. Dolev and A. C. Yao, On the security of public key protocols, IEEE Transactions on Information Theory, vol.29, issue.2, pp.198-208, 1983.
DOI : 10.1109/TIT.1983.1056650

E. Hammer-lahav, The OAuth 1, Protocol. IETF RFC, vol.5849, 2010.

C. Fournet, A. D. Gordon, and S. Maffeis, A Type Discipline for Authorization in Distributed Systems, 20th IEEE Computer Security Foundations Symposium (CSF'07), pp.31-48, 2007.
DOI : 10.1109/CSF.2007.7

C. Fournet, A. D. Gordon, and S. Maffeis, A type discipline for authorization policies, ACM Transactions on Programming Languages and Systems, vol.29, issue.5, 2007.

J. Lei, G. Bai, G. Meng, S. Venkatraman, J. Sun et al., AUTHSCAN: Automatic extraction of web authentication protocols from implementations, Networks and Distributed Systems Security Symposium, 2013.

T. Groß, B. Pfitzmann, and A. Sadeghi, Browser model for security analysis of browserbased protocols, Eropean Symposium on Research in Computer Security, pp.489-508, 2005.

E. Hammer-lahav, OAuth Security Advisory: 2009.1 -Session Fixation Attack, 2009.

S. Hansen, J. Skriver, and H. R. Nielson, Using static analysis to validate the SAML single sign-on protocol, Proceedings of the 2005 workshop on Issues in the theory of security , WITS '05, pp.27-40, 2005.
DOI : 10.1145/1045405.1045409

D. Hardt, The OAuth 2.0 Authorization Framework, IETF RFC, vol.6749, 2012.
DOI : 10.17487/rfc6749

D. Jackson, Alloy: A Logical Modelling Language, International Conference of B and Z Users, 2003.
DOI : 10.1007/3-540-44880-2_1

L. Viganó, The SPaCIoS Project: Secure Provision and Consumption in the Internet of Services, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation
DOI : 10.1109/ICST.2013.75

T. Lodderstedt, M. Mcgloin, and P. Hunt, OAuth 2.0 threat model and security considerations, IETF RFC, vol.6819, 2013.
DOI : 10.17487/rfc6819

M. J. May and K. Bhargavan, Towards Unified Authorization for Android, 5th International Symposium on Engineering Secure Software and Systems, pp.42-57, 2013.
DOI : 10.1007/978-3-642-36563-8_4

URL : https://hal.archives-ouvertes.fr/hal-00863384

M. Miculan and C. Urban, Formal analysis of Facebook Connect Single Sign-On authentication protocol, SofSem Student Research Forum, pp.99-116, 2011.

R. Milner, Functions as processes, Mathematical Structures in Computer Science, vol.4, issue.02, pp.119-141, 1992.
DOI : 10.1016/0304-3975(87)90045-4

URL : https://hal.archives-ouvertes.fr/inria-00075405

B. Pfitzmann and M. Waidner, Analysis of liberty single-sign-on with enabled clients, IEEE Internet Computing, vol.7, issue.6, pp.38-44, 2003.
DOI : 10.1109/MIC.2003.1250582

B. Pfitzmann and M. Waidner, Federated identity-management protocols, Security Protocols Workshop, pp.153-174, 2005.

D. Recordon and D. Reed, OpenID 2.0, Proceedings of the second ACM workshop on Digital identity management , DIM '06, pp.11-15, 2006.
DOI : 10.1145/1179529.1179532

G. Rydstedt, E. Bursztein, D. Boneh, and C. Jackson, Busting frame busting: a study of clickjacking vulnerabilities at popular sites, 2010.

J. Somorovsky, A. Mayer, A. Worth, J. Schwenk, M. Kampmann et al., On breaking SAML: Be whoever you want to be, Workshop on Offensive Technologies, 2012.

S. Sun and K. Beznosov, The devil is in the (implementation) details, Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pp.378-390, 2012.
DOI : 10.1145/2382196.2382238

E. Torlak, M. Van-dijk, B. Gassend, D. Jackson, and S. Devadas, Knowledge flow analysis for security protocols, 2006.

A. Van-kesteren, Cross-Origin Resource Sharing, 2013.

R. Wang, S. Chen, and X. Wang, Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services, 2012 IEEE Symposium on Security and Privacy, pp.365-379, 2012.
DOI : 10.1109/SP.2012.30

T. Y. Woo and S. S. Lam, A semantic model for authentication protocols, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy, pp.178-194, 1993.
DOI : 10.1109/RISP.1993.287633

S. Yoshihama, T. Tateishi, N. Tabuchi, and T. Matsumoto, Information-Flow-Based Access Control for Web Browsers, =var p,mem string(val 2)) in out(pageClick(b)))) ))), pp.836-850, 2009.
DOI : 10.1587/transinf.E92.D.836