Back close

Verification of OAuth 2.0 Using UPPAAL

Publication Type : Conference Paper

Publisher : Social Transformation – Digital Way, Springer Singapore, Volume 836, Singapore

Source : Social Transformation – Digital Way, Springer Singapore, Volume 836, Singapore, p.58-67 (2018)

Url :

ISBN : 9789811313431

Campus : Coimbatore

School : School of Engineering

Department : Computer Science

Year : 2018

Abstract : Web services are software services that are accessible over the internet through a set of application program interfaces (APIs). The security of these APIs is a major concern because of their loose coupling, and protection mechanisms are needed to safeguard them from attacks. The simplest of these mechanisms are authentication and authorization. A client that requests access to a web API should be authorized by an end-user who has been authenticated by an authorization server. OAuth 2.0 can be used to achieve this protection. The security properties of a widely used protocol such as OAuth 2.0 should be verified, since many systems depend on this protocol for protection. This paper focuses on verifying three important classes of properties of OAuth 2.0, namely safety, liveness, and absence of deadlock. A model of the OAuth protocol was developed using UPPAAL, a tool used for modeling and verification. This model consists of four finite state machines, one representing each of the roles in OAuth 2.0, and the properties of interest were verified using this model.

Cite this Research Publication : K. S. Jayasri, Jevitha, K. P., and Jayaraman, B., “Verification of OAuth 2.0 Using UPPAAL”, in Social Transformation – Digital Way, Singapore, 2018, vol. 836, pp. 58-67.

Admissions Apply Now