A Comprehensive Formal Security Analysis of OAuth 2.0
Association for Computing Machinery (ACM) via YouTube
Overview
Syllabus
Intro
Our Contributions
Formal Analysis of Web Applications and Standards
Sources
Web Model
Web Browser Model
Limitations
Previous Work
OAuth Modes
Multiple IdPs
Authorization Property
Authentication Property
Session Integrity Property
Attacks: Overview
307 Redirect Attack
IdP Mix-Up Attack in implicit Mode
IdP Mix-Up Attack: Mitigation
Impact
Proof: Assumptions
Session Integrity: Network Attacker
OAuth 2.0: Security Proof
Some Related Work
Taught by
ACM CCS