[1] |
ZUO C , ZHAO Q , LIN Z . Authscope:towards automatic discovery of vulnerable authorizations in online services[C]// The 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017: 53-68.
|
[2] |
HARDT D . The OAuth 2.0 authorization framework[Z]. RFC6749, 2012.
|
[3] |
BANSAL C , BHARGAVAN K , DELIGNAT-LAVAUD A ,et al. Discovering concrete attacks on website authorization by formal analysis[J]. Journal of Computer Security, 2014,22(4): 601-657.
|
[4] |
FETT D , KUSTERS R , SCHMITZ G.A . comprehensive formal security analysis of OAuth 2.0[C]// The 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016: 1204-1215.
|
[5] |
FERRY E , O RAW J , CURRAN K . Security evaluation of the OAuth 2.0 framework[J]. Information & Computer Security, 2015,23(1): 73-101.
|
[6] |
魏成坤, 刘向东, 石兆军 . 基于 OAuth2.0 的认证授权技术研究[J]. 信息网络安全, 2016(9): 6-11.
|
|
WEI C K , LIU X D , SHI Z J . Optimization method for OAuth2.0 protocol[J]. Netinfo Security, 2016(9): 6-11.
|
[7] |
魏成坤, 刘向东, 石兆军 . 基于OAuth2.0协议的安全性形式化分析[J]. 计算机工程与设计, 2016,37(7): 1746-1751.
|
|
WEI C K , LIU X D , SHI Z J . Security formal verification of OAuth2.0 protocol[J]. Computer Engineering and Design, 2016,37(7): 1746-1751.
|
[8] |
王焕孝, 顾纯祥, 郑永辉 . 开放授权协议OAuth2.0的安全性形式化分析[J]. 信息工程大学学报, 2014,15(2): 141-147.
|
|
WANG H X , GU C X , ZHENG Y H . Formal security analysis of OAuth2.0 authorization protocol[J]. Journal of Information Engineering University, 2014,15(2): 141-147.
|
[9] |
郭丞乾, 蔡权伟, 林璟锵 ,等. 单点登录协议实现的安全分析[J]. 信息安全研究, 2019,5(1): 59-67.
|
|
GUO C Q , CAI Q W , LIN J J ,et al. Security analysis on the implementations of single-sign-on protocols[J]. Journal of Information Security Research, 2019,5(1): 59-67.
|
[10] |
CHARI S , JUTLA C S , ROY A . Universally composable security analysis of OAuth v2.0[J].,2011:526. IACR Cryptology ePrint Archive, 2011,:526.
|
[11] |
WANG R , ZHOU Y , CHEN S ,et al. Explicating SDKs:uncovering assumptions underlying secure authentication and authorization[C]// The 22nd USENIX Conference on Security. USENIX Association, 2013: 399-314.
|
[12] |
YANG R , LAU W C , CHEN J ,et al. Vetting single sign-on implementations via symbolic reasoning[C]// The 27th USENIX Security Symposium (USENIX Security 18). USENIX, 2018: 1459-1474.
|
[13] |
SHERNAN E , CARTER H , TIAN D ,et al. International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment0 implementations[C]// International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment. 2015: 239-260.
|
[14] |
LI W , MITCHELL C J . Security issues in OAuth 2.0 SSO implementations[C]// International Conference on Information Security. 2014: 529-541.
|
[15] |
王丹磊, 李长军, 赵磊 ,等. OAuth2.0协议在Web部署中的安全性分析与威胁防范[J]. 武汉大学学报(理学版), 2016,62(5): 411-417.
|
|
WANG D L , LI C J , ZHAO L ,et al. Security analysis and vulnerability management of OAuth 2.0 on Web deployment[J]. Journal of Whhan University (Natural Science Edition), 2016,62(5): 411-417.
|
[16] |
QIU K , LIU Q , LIU J ,et al. An empirical study of OAuth-based SSO system on Web[C]// International Conference on Wireless Algorithms,Systems,and Applications. 2018: 400-411.
|
[17] |
MAINKA C , MLADENOV V , SCHWENK J . Do not trust me:using malicious IdPs for analyzing and attacking single sign-on[C]// 2016 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 2016: 321-336.
|
[18] |
GHASEMISHARIF M , RAMESH A , CHECKOWAY S ,et al. O single sign-off,where art thou? An empirical analysis of single sign-on account hijacking and session management on the web[C]// The 27th USENIX Security Symposium (USENIX Security 18). USENIX, 2018: 1475-1492.
|
[19] |
HU P , YANG R , LI Y ,et al. Application impersonation:problems of OAuth and API design in online social networks[C]// The Second ACM Conference on Online Social Networks. ACM, 2014: 271-278.
|
[20] |
WU B , NGUYEN T , HUSAIN M . Implementation vulnerability associated with OAuth 2.0—a case study on Dropbox[C]// The 12th International Conference on Information Technology-New Generations. 2015: 135-138.
|
[21] |
ZHOU Y , EVANS D . SSOScan:automated testing of web applications for single sign-on vulnerabilities[C]// The 23rd USENIX Security Symposium (USENIX Security 14). USE NIX, 2014: 495-510.
|
[22] |
BAI G , LEI J , MENG G ,et al. AUTHSCAN:automatic extraction of web authentication protocols from implementations[C]// NDSS. 2013.
|
[23] |
YANG R , LI G , LAU W C ,et al. Model-based security testing:an empirical study on OAuth 2.0 implementations[C]//The 11th ACM on Asia Conference on Computer and Communications Security. ACM, 2016: 651-662.
|
[24] |
LODDERSTEDT T , MCGLOIN M , HUNT P . OAuth 2.0 threat model and security considerations[J]. RFC 6819, 2013.
|
[25] |
杜雷, 辛阳 . 基于规则库和网络爬虫的漏洞检测技术研究与实现[J]. 信息网络安全, 2014(10): 38-43.
|
|
DU L , XIN Y . Research and implementation of web vulnerability detection technology based on rule base and web crawler[J]. Netinfo Security, 2014(10): 38-43.
|
[26] |
陈君, 张生 . 基于OAuth单点登录系统的安全性分析与评估[J]. 电子科技, 2017,30(9): 165-168.
|
|
CHEN J , ZHANG S . Security evaluations and countermeasures of single sign-on systems based on OAuth protocol[J]. Electronic Science and Technology, 2017,30(9): 165-168.
|
[27] |
张天琪 . OAuth协议安全性研究[J]. 信息网络安全, 2013(3): 68-70.
|
|
ZHANG T Q . Study on OAuth protocol security[J]. Netinfo Security, 2013(3): 68-70.
|