Verifying OAuth implementations through encrypted network analysis

2Citations
Citations of this article
5Readers
Mendeley users who have this article in their library.

Abstract

Verifying protocol implementations via application analysis can be cumbersome. Rapid development cycles of both the protocol and applications that use it can hinder up-to-date analysis. A better approach is to use formal models to characterize the applications platform and then verify the protocol through analysis of the network traffic tied to the models. To test this method, the popular protocol OAuth is considered. Currently, formal models of OAuth do not take into consideration the mobile environment, and implementation verification is largely based on code analysis. Our preliminary results are two fold; we sketch an extension to a formal model that incorporates the specifics of the Android platform and classify OAuth device types using machine learning on encrypted VPN traffic.

Cite

CITATION STYLE

APA

Talkington, J., Dantu, R., & Morozov, K. (2019). Verifying OAuth implementations through encrypted network analysis. In Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT (pp. 227–229). Association for Computing Machinery. https://doi.org/10.1145/3322431.3326449

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free