Formal Verification of OAuth 2.0 using Alloy Framework

Pai, Suhas and Sharma, Yash and Kumar, Sunil and Pai, Radhika M and Singh, Sanjay (2011) Formal Verification of OAuth 2.0 using Alloy Framework. In: 2011 International Conference on Communication Systems and Network Technologies, June 2011, Jammu, India. (Submitted)

[img] PDF
4437a655.pdf - Submitted Version
Restricted to Registered users only

Download (277kB) | Request a copy


Over the past few years, the paradigm of social networking has grown to such a degree that social networking websites have evolved into full-fledged platforms, catering to a wide range of consumer interests. The near-ubiquity of Internet access has facilitated the proliferation of users that indulge in social networking. However, this wide spread usage of the Internet and social networking in particular brings with it the need to design and implement a plethora of security enhancing and privacy preserving protocols and standards. Several protocols and security mechanisms have been proposed to ensure primary security features such as confidentiality, integrity, authenticity and non repudiation. However, ensuring the correctness of these protocols is crucial in ensuring user confidence in system security. Therefore, these protocols need to be verified in some formal sense that involves an exhaustive examination of the protocol flow and its state transitions. In this paper, we formalize OAuth, an authentication standard which has found wide acceptance in the Internet community. We formalize the protocol using a method called knowledge flow analysis, using the Alloy modeling language for specification and the Alloy Analyzer for verification. We show how the Alloy Analyzer successfully discovers the known security vulnerability in OAuth.

Item Type: Conference or Workshop Item (Paper)
Uncontrolled Keywords: OAuth, Alloy Analyzer, Social Networking
Subjects: Engineering > MIT Manipal > Information and Communication Technology
Depositing User: MIT Library
Date Deposited: 22 Jul 2011 11:08
Last Modified: 22 Jul 2011 11:08

Actions (login required)

View Item View Item