The Grant Negotiation and Authorization Protocol: Attacking, Fixing, and Verifying an Emerging Standard-Reference-Cited by-同舟云学术

The Grant Negotiation and Authorization Protocol: Attacking, Fixing, and Verifying an Emerging Standard

Published:2024 Issue: Volume: Page:222-242
ISSN:0302-9743
Container-title:Computer Security – ESORICS 2023
language:
Short-container-title:

Author:

Helmschmidt Florian,Hosseyni Pedram^ORCID,Küsters Ralf^ORCID,Pruiksma Klaas^ORCID,Waldmann Clara^ORCID,Würtele Tim^ORCID

Publisher

Springer Nature Switzerland

Link

https://link.springer.com/content/pdf/10.1007/978-3-031-51479-1_12

Reference56 articles.

1. Arnaboldi, L., Tschofenig, H.: A formal model for delegated authorization of IoT devices using ace-oauth. In: 4th OAuth Security Workshop (2019). https://homepages.inf.ed.ac.uk/larnibol/img/publications/Paper-03.pdf

2. Axeland, A., Oueidat, O.: Security analysis of attack surfaces on the grant negotiation and authorization protocol, Master’s thesis, Chalmers University of Technology, University of Gothenburg (2021). https://odr.chalmers.se/items/7d36a5d4-c295-4270-886b-d5ed1154a8e8

3. Backman, A., Richer, J., Sporny, M.: HTTP message signatures. Internet-Draft draft-ietf-httpbis-message-signatures-15, Internet Engineering Task Force (2022). https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/15/, work in Progress

4. Bansal, C., Bhargavan, K., Delignat-Lavaud, A., Maffeis, S.: Discovering concrete attacks on website authorization by formal analysis. J. Comput. Secur. 22(4), 601–657 (2014)

5. Bansal, C., Bhargavan, K., Maffeis, S.: Discovering concrete attacks on website authorization by formal analysis. In: Chong, S. (ed.) 25th IEEE Computer Security Foundations Symposium, CSF 2012, pp. 247–262. IEEE Computer Society (2012)