{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,10]],"date-time":"2024-09-10T15:08:40Z","timestamp":1725980920003},"publisher-location":"Cham","reference-count":22,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319942674"},{"type":"electronic","value":"9783319942681"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-94268-1_33","type":"book-chapter","created":{"date-parts":[[2018,6,12]],"date-time":"2018-06-12T08:49:21Z","timestamp":1528793361000},"page":"400-411","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["An Empirical Study of OAuth-Based SSO System on Web"],"prefix":"10.1007","author":[{"given":"Kaili","family":"Qiu","sequence":"first","affiliation":[]},{"given":"Qixu","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Jingqiang","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Lei","family":"Yu","sequence":"additional","affiliation":[]},{"given":"Yiwen","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,6,13]]},"reference":[{"key":"33_CR1","doi-asserted-by":"crossref","unstructured":"Pai, S., Sharma, Y., Kumar, S., Pai, R.M., Singh, S.: Formal verification of OAuth 2.0 using alloy framework. In: Communication Systems and Network Technologies, pp. 655\u2013659. IEEE, Jammu (2011)","DOI":"10.1109\/CSNT.2011.141"},{"key":"33_CR2","unstructured":"Chari, S., Jutla, C., Roy, A.: Universally composable security analysis of OAuth v2.0. Report 2011\/526 (2011)"},{"key":"33_CR3","doi-asserted-by":"crossref","unstructured":"Fett, D., K\u00fcsters, R., Schmitz, G.: A comprehensive formal security analysis of OAuth 2.0. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1204\u20131215. ACM, Vienna (2016)","DOI":"10.1145\/2976749.2978385"},{"key":"33_CR4","unstructured":"Li, W., Mitchell, C.J., Chen, T.: Mitigation CSRF Attacks on OAuth 2.0 and OpenID Connect. https:\/\/arxiv.org\/abs\/1801.07983"},{"key":"33_CR5","doi-asserted-by":"crossref","unstructured":"Wang, H., Zhang, Y., Li, J., Gu, D.: The Achilles\u2019 heel of OAuth: a multi-platform study of OAuth-based authentication. In: Proceedings of the 32nd Annual Conference on Computer Security Application, pp. 167\u2013176. ACM, Los Angeles (2016)","DOI":"10.1145\/2991079.2991105"},{"key":"33_CR6","doi-asserted-by":"crossref","unstructured":"Sun, S.T., Beznosov, K.: The devil is the implementation details: an empirical analysis of OAuth SSO system. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 378\u2013390. ACM, Raleigh (2012)","DOI":"10.1145\/2382196.2382238"},{"key":"33_CR7","unstructured":"The OAuth 2.0 Authorization Framework. https:\/\/tools.ietf.org\/html\/rfc6749"},{"key":"33_CR8","unstructured":"OAuth 2.0 Threat Model and Security Considerations. https:\/\/tools.ietf.org\/html\/rfc6819"},{"key":"33_CR9","doi-asserted-by":"crossref","unstructured":"Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: Proceedings 42nd IEEE Symposium on Foundations of Computer Science, pp. 136\u2013145. IEEE, Washington, D.C. (2001)","DOI":"10.1109\/SFCS.2001.959888"},{"key":"33_CR10","doi-asserted-by":"crossref","unstructured":"Wang, R., Chen, S., Wang, X.: Signing me onto your accounts through Facebook and Google: a traffic-guide security study of commercially deployed single-sign-on services. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, pp. 365\u2013379. IEEE, Washington, D.C. (2012)","DOI":"10.1109\/SP.2012.30"},{"key":"33_CR11","doi-asserted-by":"crossref","unstructured":"Wang, H., Zhang, Y., Li, J., Liu, H., Yang, W., Li, B., Gu, D.: Vulnerability assessment of OAuth implementations in android application. In: Proceedings of the 31st Annual Computer Security Applications Conference, pp. 61\u201370. ACM, Los Angeles (2015)","DOI":"10.1145\/2818000.2818024"},{"key":"33_CR12","doi-asserted-by":"crossref","unstructured":"Shehab, M., Mohsen, F.: Securing OAuth implementations in smart phones. In: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, pp. 167\u2013170. ACM, San Antonio (2014)","DOI":"10.1145\/2557547.2557588"},{"key":"33_CR13","doi-asserted-by":"crossref","unstructured":"Chen, E.Y., Pei, Y., Chen, S., Tian, Y., Kotcher, R., Tague, P.: OAuth demystified for mobile application developers. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 892\u2013903. ACM, Arizona (2014)","DOI":"10.1145\/2660267.2660323"},{"key":"33_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"529","DOI":"10.1007\/978-3-319-13257-0_34","volume-title":"Information Security","author":"W Li","year":"2014","unstructured":"Li, W., Mitchell, C.J.: Security issues in OAuth 2.0 SSO implementations. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 529\u2013541. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-13257-0_34"},{"key":"33_CR15","unstructured":"Slack, Q., Frostig, R.: OAuth 2.0 implicit grant flow analysis using Murphi. http:\/\/www.stanford.edu\/class\/cs259\/WWW11\/"},{"key":"33_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"390","DOI":"10.1007\/3-540-61474-5_86","volume-title":"Computer Aided Verification","author":"DL Dill","year":"1996","unstructured":"Dill, D.L.: The Mur $$\\upphi $$\u03d5 verification system. In: Alur, R., Henzinger, T.A. (eds.) CAV 1996. LNCS, vol. 1102, pp. 390\u2013393. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-61474-5_86"},{"key":"33_CR17","first-page":"601","volume":"22","author":"C Bansal","year":"2014","unstructured":"Bansal, C., Bhargavan, K., Delignat-Lavaud, A., Maffeis, S.: Discovering concrete attacks on website authorization by formal analysis. J. Comput. 22, 601\u2013657 (2014)","journal-title":"J. Comput."},{"key":"33_CR18","doi-asserted-by":"crossref","unstructured":"Hu, P., Yang, R., Li, Y., Lau, W.C.: Application impersonation: problems of OAuth and API design in online social networks. In: Proceedings of the Second ACM Conference on Online Social Networks, Dublin, pp. 271\u2013278 (2014)","DOI":"10.1145\/2660460.2660463"},{"key":"33_CR19","unstructured":"CNVD-2018-01622. http:\/\/www.cnvd.org.cn\/webinfo\/show\/4397"},{"key":"33_CR20","doi-asserted-by":"crossref","unstructured":"Trabelsi, Z.: Hands-on lab exercises implementation of DoS and MiM attacks using ARP cache poisoning. In: Proceedings of the 2011 Information Security Curriculum Development Conference, pp. 74\u201383. ACM, Kennesaw (2011)","DOI":"10.1145\/2047456.2047468"},{"key":"33_CR21","unstructured":"Bull, R., Matthews, J.N., Trumbull, K.A.: VLAN hopping, ARP poisoning and man-in-the-middle attacks in virtualized environments. https:\/\/ronnybull.com\/assets\/docs\/bullrl_defcon24_slides.pdf"},{"key":"33_CR22","unstructured":"HTTP$$\\_$$_referer. https:\/\/en.wikipedia.org\/wiki\/HTTP_referer"}],"container-title":["Lecture Notes in Computer Science","Wireless Algorithms, Systems, and Applications"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-94268-1_33","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,19]],"date-time":"2019-10-19T06:16:56Z","timestamp":1571465816000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-94268-1_33"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319942674","9783319942681"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-94268-1_33","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]}}}