Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
Proceedings of the 11th USENIX Security Symposium
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Synthesis of interface specifications for Java classes
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
WWW '05 Proceedings of the 14th international conference on World Wide Web
Thorough static analysis of device drivers
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
A framework for the static verification of api calls
Journal of Systems and Software
How to Shop for Free Online -- Security Analysis of Cashier-as-a-Service Based Web Stores
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Formal Verification of OAuth 2.0 Using Alloy Framework
CSNT '11 Proceedings of the 2011 International Conference on Communication Systems and Network Technologies
MACE: model-inference-assisted concolic exploration for protocol and vulnerability discovery
SEC'11 Proceedings of the 20th USENIX conference on Security
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Discovering Concrete Attacks on Website Authorization by Formal Analysis
CSF '12 Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium
A solver for reachability modulo theories
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Enemy of the state: a state-aware black-box web vulnerability scanner
Security'12 Proceedings of the 21st USENIX conference on Security symposium
The most dangerous code in the world: validating SSL certificates in non-browser software
Proceedings of the 2012 ACM conference on Computer and communications security
The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems
Proceedings of the 2012 ACM conference on Computer and communications security
Hi-index | 0.00 |
Most modern applications are empowered by online services, so application developers frequently implement authentication and authorization. Major online providers, such as Facebook and Microsoft, provide SDKs for incorporating authentication services. This paper considers whether those SDKs enable typical developers to build secure apps. Our work focuses on systematically explicating implicit assumptions that are necessary for secure use of an SDK. Understanding these assumptions depends critically on not just the SDK itself, but on the underlying runtime systems. We present a systematic process for identifying critical implicit assumptions by building semantic models that capture both the logic of the SDK and the essential aspects of underlying systems. These semantic models provide the explicit basis for reasoning about the security of an SDK. We use a formal analysis tool, along with the semantic models, to reason about all applications that can be built using the SDK. In particular, we formally check whether the SDK, along with the explicitly captured assumptions, is sufficient to imply the desired security properties. We applied our approach to three widely used authentication/authorization SDKs. Our approach led to the discovery of several implicit assumptions in each SDK, including issues deemed serious enough to receive Facebook bug bounties and change the OAuth 2.0 specification. We verified that many apps constructed with these SDKs (indeed, the majority of apps in our study) are vulnerable to serious exploits because of these implicit assumptions, and we built a prototype testing tool that can detect several of the vulnerability patterns we identified.