An Expressive Model for the Web Infrastructure: Definition and Application to the Browser ID SSO System

2014 IEEE Symposium on Security and Privacy Pub Date : 2014-03-07 DOI:10.1109/SP.2014.49

Daniel Fett, Ralf Küsters, G. Schmitz

{"title":"An Expressive Model for the Web Infrastructure: Definition and Application to the Browser ID SSO System","authors":"Daniel Fett, Ralf Küsters, G. Schmitz","doi":"10.1109/SP.2014.49","DOIUrl":null,"url":null,"abstract":"The web constitutes a complex infrastructure and, as demonstrated by numerous attacks, rigorous analysis of standards and web applications is indispensable. Inspired by successful prior work, in particular the work by Akhawe et al. as well as Bansal et al., in this work we propose a formal model for the web infrastructure. While unlike prior works, which aim at automatic analysis, our model so far is not directly amenable to automation, it is much more comprehensive and accurate with respect to the standards and specifications. As such, it can serve as a solid basis for the analysis of a broad range of standards and applications. As a case study and another important contribution of our work, we use our model to carry out the first rigorous analysis of the Browser ID system (a.k.a. Mozilla Persona), a recently developed complex real-world single sign-on system that employs technologies such as AJAX, cross-document messaging, and HTML5 web storage. Our analysis revealed a number of very critical flaws that could not have been captured in prior models. We propose fixes for the flaws, formally state relevant security properties, and prove that the fixed system in a setting with a so-called secondary identity provider satisfies these security properties in our model. The fixes for the most critical flaws have already been adopted by Mozilla and our findings have been rewarded by the Mozilla Security Bug Bounty Program.","PeriodicalId":196038,"journal":{"name":"2014 IEEE Symposium on Security and Privacy","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"68","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE Symposium on Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP.2014.49","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 68

Abstract

The web constitutes a complex infrastructure and, as demonstrated by numerous attacks, rigorous analysis of standards and web applications is indispensable. Inspired by successful prior work, in particular the work by Akhawe et al. as well as Bansal et al., in this work we propose a formal model for the web infrastructure. While unlike prior works, which aim at automatic analysis, our model so far is not directly amenable to automation, it is much more comprehensive and accurate with respect to the standards and specifications. As such, it can serve as a solid basis for the analysis of a broad range of standards and applications. As a case study and another important contribution of our work, we use our model to carry out the first rigorous analysis of the Browser ID system (a.k.a. Mozilla Persona), a recently developed complex real-world single sign-on system that employs technologies such as AJAX, cross-document messaging, and HTML5 web storage. Our analysis revealed a number of very critical flaws that could not have been captured in prior models. We propose fixes for the flaws, formally state relevant security properties, and prove that the fixed system in a setting with a so-called secondary identity provider satisfies these security properties in our model. The fixes for the most critical flaws have already been adopted by Mozilla and our findings have been rewarded by the Mozilla Security Bug Bounty Program.

查看原文本刊更多论文

Web基础架构的表达模型:浏览器ID单点登录系统的定义与应用

网络构成了一个复杂的基础设施，正如众多攻击所证明的那样，对标准和网络应用程序的严格分析是必不可少的。受之前成功工作的启发，特别是Akhawe等人以及Bansal等人的工作，在这项工作中，我们提出了一个web基础设施的正式模型。虽然不像以前的工作，其目标是自动分析，我们的模型到目前为止还不能直接适应自动化，但它在标准和规范方面更加全面和准确。因此，它可以作为分析广泛的标准和应用程序的坚实基础。作为一个案例研究和我们工作的另一个重要贡献，我们使用我们的模型对浏览器ID系统(又名Mozilla Persona)进行了第一次严格的分析，这是一个最近开发的复杂的现实世界单点登录系统，它采用了AJAX、跨文档消息传递和HTML5 web存储等技术。我们的分析揭示了一些在以前的模型中无法捕捉到的非常严重的缺陷。我们提出了对缺陷的修复，正式地声明了相关的安全属性，并证明了具有所谓的次要身份提供者的设置中的固定系统满足我们模型中的这些安全属性。Mozilla已经采用了针对最严重漏洞的修复程序，我们的发现已经获得了Mozilla安全漏洞赏金计划的奖励。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2014 IEEE Symposium on Security and Privacy

自引率

0.00%

发文量