Evaluation of an OAuth 2.0 Protocol Implementation for Web Server Applications

被引:0
|
作者
Darwish, Marwan [1 ]
Ouda, Abdelkader [1 ]
机构
[1] Univ Western Ontario, Dept Elect & Comp Engn, London, ON, Canada
来源
2015 INTERNATIONAL CONFERENCE AND WORKSHOP ON COMPUTING AND COMMUNICATION (IEMCON) | 2015年
关键词
OAuth; 2.0; protocol; web; server; applications;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
OAuth 2.0 is one of the protocols that are most commonly implemented as an authorization framework currently. This is because it has many advantages, one of which is its ability to be flexibly implemented on different systems and for different purposes. This work evaluates the implementation of Google's OAuth 2.0 for web server applications. This evaluation indicates that the implementation of Google's OAuth 2.0 protocol may lead to a security flaw that exploits low to medium size web servers. This threat might occur by exhausting the storage resources of the web server and making its applications unavailable. In addition, a number of recommendations are made to help protect against this type of threat when an OAuth 2.0 authorization protocol is implemented on web application servers.
引用
收藏
页数:4
相关论文
共 50 条
  • [1] OAuth Web Authorization Protocol
    Leiba, Barry
    IEEE INTERNET COMPUTING, 2012, 16 (01) : 74 - 77
  • [2] An Implementation of the OAuth 2.0 for an Enterprise Service Bus
    Ribeiro, Alysson de Sousa
    Canedo, Edna Dias
    de Andrade Freitas, Sergio Antonio
    COMPUTATIONAL SCIENCE AND ITS APPLICATIONS - ICCSA 2018, PT I, 2018, 10960 : 469 - 484
  • [3] Security evaluation of the OAuth 2.0 framework
    Ferry, Eugene
    Raw, John O.
    Curran, Kevin
    INFORMATION AND COMPUTER SECURITY, 2015, 23 (01) : 73 - 101
  • [4] A privacy-enhanced OAuth 2.0 based protocol for Smart City mobile applications
    Sucasas, Victor
    Mantas, Georgios
    Althunibat, Saud
    Oliveira, Leonardo
    Antonopoulos, Angelos
    Otung, Ifiok
    Rodriguez, Jonathan
    COMPUTERS & SECURITY, 2018, 74 : 258 - 274
  • [5] Design and evaluation of a parallel edge server invocation protocol for transactional applications over the web
    Romano, P
    Quaglia, F
    Ciciani, B
    INTERNATIONAL SYMPOSIUM ON APPLICATIONS AND THE INTERNET , PROCEEDINGS, 2006, : 206 - +
  • [6] Implementation Vulnerability Associated with OAuth 2.0 A Case Study on Dropbox
    Wu, Bruce
    Tung Nguyen
    Husain, Mohammad
    2015 12TH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY - NEW GENERATIONS, 2015, : 135 - 138
  • [7] Solutions for non-web OAuth 2.0 authorisation at CERN
    Aguado Corman, Asier
    Henschel, Jack
    Short, Hannah
    Lopienski, Sebastian
    26TH INTERNATIONAL CONFERENCE ON COMPUTING IN HIGH ENERGY AND NUCLEAR PHYSICS, CHEP 2023, 2024, 295
  • [8] PRACTICES IN WEB 2.0-DESIGN, IMPLEMENTATION AND EVALUATION
    Oliveira, Lino
    Jesus, Angelo
    Silva, Armando
    Peres, Paula
    INTED2017: 11TH INTERNATIONAL TECHNOLOGY, EDUCATION AND DEVELOPMENT CONFERENCE, 2017, : 1129 - 1134
  • [9] Implementation of a micro web server for peer-to-peer applications
    Callegati, F
    Gori, R
    Presepi, P
    Sacchetti, M
    AGENTS AND PEER-TO-PEER COMPUTING, 2003, 2530 : 164 - 169
  • [10] Formal Analysis and Verification of OAuth 2.0 Protocol Improved by Key Cryptosystems
    XIAO Meihua
    CHENG Daolei
    LI Wei
    LI Ya'nan
    LIU Xinqian
    MEI Yingtian
    ChineseJournalofElectronics, 2017, 26 (03) : 477 - 484
12345