IIIT Hyderabad Publications |
|||||||||
|
Modelling and Mitigation of Cross-Origin Request Attacks on Federated Identity Management Using Cross Origin Request PolicyAuthors: Akash Agrawall,Maheshwari Shubh Jagmohan,Projit Bandyopadhyay,Venkatesh Choppella Conference: 13th International Conference on Information System Security Date: 2017-12-16 Report no: IIIT/TR/2017/44 AbstractCross origin request attacks (CORA) such as Cross site re- quest forgery (CSRF), cross site timing, etc. continue to pose a threat on the modern day web. Current browser security policies inadequately mit- igate these attacks. Additionally, third party authentication services are now the preferred way to carry out identity management between mul- tiple enterprises and web applications. This scenario, called Federated Identity Management (FIM) separates the problem of identity manage- ment from the core functionality of an application. In this paper, we construct formally checkable models and design labora- tory simulations to show that FIM is susceptible to cross origin attacks. Further, we employ the Cross Origin Request Policy (CORP) to mitigate such attacks. Full paper: pdf Centre for Software Engineering Research Lab |
||||||||
Copyright © 2009 - IIIT Hyderabad. All Rights Reserved. |