Efficient Security Checking for OAuth Service Provider Implementations
OAuth is a widely used protocol for implementing resource access authorization and user authentication for third-party applications. While logical flaws in the implementation have led to severe attacks in recent years, little effort has been given to automatically check the security of the OAuth service providers. In this work, we formalize the OAuth specifications and its security best practices and design an automated and scalable static analyzer, called Cerberus, to find logical flaws and critical vulnerabilities in OAuth server implementation. To efficiently detect security violations in a large codebase of authorization server implementation, Cerberus employs a query-driven algorithm for answering queries according to the standard specifications. We evaluate Cerberus on ten popular OAuth libraries that have millions of downloads and are widely used by the developers. Among these high-profile libraries, Cerberus has identified 47 vulnerabilities from ten classes of logical flaws, 24 of which were previously unknown. We got acknowledged by the developers of six libraries, and our findings lead to three accepted CVE entries.
Sebastian Elbaum, Committee Chair, (CS/SEAS/UVA)
Yuan Tian, Advisor, (CS/SEAS/UVA)
Yonghwi Kwon (CS/SEAS/UVA)
Yixin Sun (CS, ECE/SEAS/UVA)