@inproceedings{6a3f4cee2bf644eaa40de61362710c1f,
title = "Verification of OAuth 2.0 Using UPPAAL",
abstract = "Web services are software services that are accessible over the internet through a set of application program interfaces (APIs). The security of these APIs is a major concern because of their loose coupling, and protection mechanisms are needed to safeguard them from attacks. The simplest of these mechanisms are authentication and authorization. A client that requests access to a web API should be authorized by an end-user who has been authenticated by an authorization server. OAuth 2.0 can be used to achieve this protection. The security properties of a widely used protocol such as OAuth 2.0 should be verified, since many systems depend on this protocol for protection. This paper focuses on verifying three important classes of properties of OAuth 2.0, namely safety, liveness, and absence of deadlock. A model of the OAuth protocol was developed using UPPAAL, a tool used for modeling and verification. This model consists of four finite state machines, one representing each of the roles in OAuth 2.0, and the properties of interest were verified using this model.",
keywords = "Formal methods, Liveness, OAuth 2.0, Safety, UPPAAL",
author = "Jayasri, \{K. S.\} and Jevitha, \{K. P.\} and B. Jayaraman",
note = "Publisher Copyright: {\textcopyright} 2018, Springer Nature Singapore Pte Ltd.; 52nd Annual Convention of the Computer Society of India: Social Transformation - Digital Way, CSI 2017 ; Conference date: 19-01-2018 Through 21-01-2018",
year = "2018",
doi = "10.1007/978-981-13-1343-1\_7",
language = "English",
isbn = "9789811313424",
series = "Communications in Computer and Information Science",
publisher = "Springer Verlag",
pages = "58--67",
editor = "Mandal, \{Jyotsna Kumar\} and Devadatta Sinha",
booktitle = "Social Transformation – Digital Way - 52nd Annual Convention of the Computer Society of India, CSI 2017, Revised Selected Papers",
address = "Germany",
}