The Web Infrastructure Model, or just WIM, is a comprehensive, expressive and precise model of the web infrastructure. The WIM is in fact the most comprehensive formal model of the Web infrastructure to date. It allows for accurate security and privacy analyses of current web standards and applications, and can serve as a reference for web security researchers, developers of new technologies and standards, and for teaching web security concepts.
We recently discovered, through formal analysis, two new attacks on OAuth (Technical Report). This publication was coordinated with the OAuth Working Group who released a statement on their mailing list and prepared a draft covering the recommended mitigations. The publication of the attacks was also covered in a press release by our university, and some press articles.
Our group hosted an OAuth Security Workshop to discuss these and other findings, background on OAuth security, and future improvements to OAuth in July 2016.
Autoren: Küsters, Ralf / Wilke, Thomas
2011. XII, 300 S. Mit 16 Abb. Br.