Title | Verifying OAuth Implementations Through Encrypted Network Analysis |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Talkington, J, Dantu, R, Morozov, K |
Conference Name | Proceedings of the 24th ACM Symposium on Access Control Models and Technologies |
Publisher | Association for Computing Machinery |
Conference Location | New York, NY, USA |
ISBN Number | 9781450367530 |
Keywords | Android, authorization, formal models, network analysis, oauth |
Abstract |
Verifying protocol implementations via application analysis can be cumbersome. Rapid development cycles of both the protocol and applications that use it can hinder up-to-date analysis. A better approach is to use formal models to characterize the applications platform and then verify the protocol through analysis of the network traffic tied to the models. To test this method, the popular protocol OAuth is considered. Currently, formal models of OAuth do not take into consideration the mobile environment, and implementation verification is largely based on code analysis. Our preliminary results are two fold; we sketch an extension to a formal model that incorporates the specifics of the Android platform and classify OAuth device types using machine learning on encrypted VPN traffic. |
URL | https://doi.org/10.1145/3322431.3326449 |
DOI | 10.1145/3322431.3326449 |