A practical guide to trusted computing
A practical guide to trusted computing
Please Permit Me: Stateless Delegated Authorization in Mashups
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Hot today, gone tomorrow: on the migration of MySpace users
Proceedings of the 2nd ACM workshop on Online social networks
What is Twitter, a social network or a news media?
Proceedings of the 19th international conference on World wide web
SAuthMash: mobile agent based self authorization in mashups
Proceedings of the 7th International Conference on Frontiers of Information Technology
Social-Networks Connect Services
Computer
Developer's Guide to Social Programming: Building Social Context Using Facebook, Google Friend Connect, and the Twitter API, The
Beyond kernel-level integrity measurement: enabling remote attestation for the android platform
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
µTSS: a simplified trusted software stack
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Mobile application development: web vs. native
Communications of the ACM
xDAuth: a scalable and lightweight framework for cross domain access control and delegation
Proceedings of the 16th ACM symposium on Access control models and technologies
Protecting location privacy using location semantics
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
Introduction to the Special Issue: Mining Social Media
International Journal of Electronic Commerce
Specification and Standardization of a Java Trusted Computing API
Software—Practice & Experience
Hi-index | 0.00 |
Smartphones are increasing in popularity and it is widely believed that their market share will continue to rise in the future. Due to the limited capabilities of smartphones compared to the PC, web-based services accessed through native applications are quickly becoming the de-facto standard on these devices. Allowing secure access to data residing on web-based services is a hot security issue targeted by many protocols. OAuth is the most popular of these and is in use by a vast majority of industry leaders. However, it suffers from some limitations the primary of which is that once a resource consumer is authorized access to a web service, it can access the data residing on that service from anywhere and at any time. This leads to severe privacy concerns. In this paper, we propose extensions to the core OAuth protocol that cater to this problem by introducing the concept of device-specific authorization using the constructs of Trusted Computing. We provide the details of our proposed protocol and describe the proof-of-concept developed to demonstrate the feasibility of our approach. The end results is a light-weight, user-friendly protocol that provides device-specific authorization for smartphones thus enhancing privacy without sacrificing the simplicity of the core OAuth protocol.