Cerberus: Query-driven Scalable Vulnerability Detection in OAuth Service Provider Implementations

Abstract: OAuth protocols have been widely adopted to simplify user authentication and service authorization for thirdparty applications. However, little effort has been devoted to automatically checking the security of libraries that are widely used by service providers. In this paper, we formalize the OAuth specifications and security best practices, and design OAuthShield, an automated static analyzer, to find logical flaws and identify vulnerabilities in the implementation of OAuth authorization server libraries. To… Show more