- Overview
- Symposium Organizers
- Registration Information
- Registration Discounts
- At a Glance
- Calendar
- Technical Sessions
- Birds-of-a-Feather Sessions
- Poster Session
- Sponsorship
- Workshops
- Activities
- Hotel and Travel Information
- Services
- Students
- Questions
- Help Promote!
- Flyer PDF
- For Participants
- Call for Papers
- Past Symposia
sponsors
usenix conference policies
You are here
Explicating SDKs: Uncovering Assumptions Underlying Secure Authentication and Authorization
Rui Wang, Microsoft Research Redmond; Yuchen Zhou, University of Virginia; Shuo Chen and Shaz Qadeer, Microsoft Research Redmond; David Evans, University of Virginia; Yuri Gurevich, Microsoft Research Redmond
Most modern applications are empowered by online services, so application developers frequently implement authentication and authorization. Major online providers, such as Facebook and Microsoft, provide SDKs for incorporating authentication services. This paper considers whether those SDKs enable typical developers to build secure apps. Our work focuses on systematically explicating implicit assumptions that are necessary for secure use of an SDK. Understanding these assumptions depends critically on not just the SDK itself, but on the underlying runtime systems. We present a systematic process for identifying critical implicit assumptions by building semantic models that capture both the logic of the SDK and the essential aspects of underlying systems. These semantic models provide the explicit basis for reasoning about the security of an SDK. We use a formal analysis tool, along with the semantic models, to reason about all applications that can be built using the SDK. In particular, we formally check whether the SDK, along with the explicitly captured assumptions, is sufficient to imply the desired security properties. We applied our approach to three widely used authentication/authorization SDKs. Our approach led to the discovery of several implicit assumptions in each SDK, including issues deemed serious enough to receive Facebook bug bounties and change the OAuth 2.0 specification. We verified that many apps constructed with these SDKs (indeed, the majority of apps in our study) are vulnerable to serious exploits because of these implicit assumptions, and we built a prototype testing tool that can detect several of the vulnerability patterns we identified.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Rui Wang and Yuchen Zhou and Shuo Chen and Shaz Qadeer and David Evans and Yuri Gurevich},
title = {Explicating {SDKs}: Uncovering Assumptions Underlying Secure Authentication and Authorization},
booktitle = {22nd USENIX Security Symposium (USENIX Security 13)},
year = {2013},
isbn = {978-1-931971-03-4},
address = {Washington, D.C.},
pages = {399--314},
url = {https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/wang_rui},
publisher = {USENIX Association},
month = aug
}
connect with us