Title Verifying OAuth Implementations Through Encrypted Network Analysis
Publication Type Conference Paper
Year of Publication 2019
Authors Talkington, J, Dantu, R, Morozov, K
Conference Name Proceedings of the 24th ACM Symposium on Access Control Models and Technologies
Publisher Association for Computing Machinery
Conference Location New York, NY, USA
ISBN Number 9781450367530
Keywords Android, authorization, formal models, network analysis, oauth
Abstract

Verifying protocol implementations via application analysis can be cumbersome. Rapid development cycles of both the protocol and applications that use it can hinder up-to-date analysis. A better approach is to use formal models to characterize the applications platform and then verify the protocol through analysis of the network traffic tied to the models. To test this method, the popular protocol OAuth is considered. Currently, formal models of OAuth do not take into consideration the mobile environment, and implementation verification is largely based on code analysis. Our preliminary results are two fold; we sketch an extension to a formal model that incorporates the specifics of the Android platform and classify OAuth device types using machine learning on encrypted VPN traffic.

URL https://doi.org/10.1145/3322431.3326449
DOI 10.1145/3322431.3326449

Publication Status:

UNT Department:

UNT Center:

UNT Lab: