Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

A Comprehensive Formal Security Analysis of OAuth 2.0

Association for Computing Machinery (ACM) via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a comprehensive formal security analysis of OAuth 2.0 in this 25-minute conference talk presented at CCS 2016, the 23rd ACM Conference on Computer and Communications Security. Delve into the contributions, formal analysis methods, and web application standards discussed by authors Daniel Fett, Ralf Küsters, and Guido Schmitz from the University of Trier. Examine the web model, browser model, and limitations of OAuth 2.0. Investigate various OAuth modes, multiple IdPs, and key security properties including authorization, authentication, and session integrity. Uncover potential attacks, such as the 307 Redirect Attack and IdP Mix-Up Attack, along with their mitigation strategies. Gain insights into the security proof assumptions, network attacker scenarios, and related work in the field of OAuth 2.0 security analysis.

Syllabus

Intro
Our Contributions
Formal Analysis of Web Applications and Standards
Sources
Web Model
Web Browser Model
Limitations
Previous Work
OAuth Modes
Multiple IdPs
Authorization Property
Authentication Property
Session Integrity Property
Attacks: Overview
307 Redirect Attack
IdP Mix-Up Attack in implicit Mode
IdP Mix-Up Attack: Mitigation
Impact
Proof: Assumptions
Session Integrity: Network Attacker
OAuth 2.0: Security Proof
Some Related Work

Taught by

ACM CCS

Reviews

Start your review of A Comprehensive Formal Security Analysis of OAuth 2.0

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.