FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2964194080> ?p ?o ?g. }

• W2964194080 endingPage "65" @default.
• W2964194080 startingPage "43" @default.
• W2964194080 abstract "BrowserID is a complex, real-world Single Sign-On (SSO) System for web applications recently developed by Mozilla. It employs new HTML5 features (such as web messaging and web storage) and cryptographic assertions to provide decentralized login, with the intent to respect users’ privacy. It can operate in a primary and a secondary identity provider mode. While in the primary mode BrowserID runs with arbitrary identity providers, in the secondary mode there is one identity provider only, namely Mozilla’s default identity provider. We recently proposed an expressive general model for the web infrastructure and, based on this web model, analyzed the security of the secondary identity provider mode of BrowserID. The analysis revealed several severe vulnerabilities, which have been fixed by Mozilla. In this paper, we complement our prior work by analyzing the even more complex primary identity provider mode of BrowserID. We do not only study authentication properties as before, but also privacy properties. During our analysis we discovered new and practical attacks that do not apply to the secondary mode: an identity injection attack, which violates a central authentication property of SSO systems, and attacks that break the privacy promise of BrowserID and which do not seem to be fixable without a major redesign of the system. Interestingly, some of our attacks on privacy make use of a browser side channel that, to the best of our knowledge, has not gained a lot of attention so far. For the authentication bug, we propose a fix and formally prove in a slight extension of our general web model that the fixed system satisfies all the authentication requirements we consider. This constitutes the most complex formal analysis of a web application based on an expressive model of the web infrastructure so far. As another contribution, we identify and prove important security properties of generic web features in the extended web model to facilitate future analysis efforts of web standards and web applications." @default.
• W2964194080 created "2019-07-30" @default.
• W2964194080 creator A5019297588 @default.
• W2964194080 creator A5032615835 @default.
• W2964194080 creator A5088011494 @default.
• W2964194080 date "2015-01-01" @default.
• W2964194080 modified "2023-09-28" @default.
• W2964194080 title "Analyzing the BrowserID SSO System with Primary Identity Providers Using an Expressive Model of the Web" @default.
• W2964194080 cites W1581816844 @default.
• W2964194080 cites W1976371754 @default.
• W2964194080 cites W2000518954 @default.
• W2964194080 cites W2023040061 @default.
• W2964194080 cites W2089775132 @default.
• W2964194080 cites W2090184259 @default.
• W2964194080 cites W2092919558 @default.
• W2964194080 cites W2121845793 @default.
• W2964194080 cites W2133723082 @default.
• W2964194080 cites W2143504694 @default.
• W2964194080 cites W2150387335 @default.
• W2964194080 cites W3003983481 @default.
• W2964194080 cites W6139613 @default.
• W2964194080 doi "https://doi.org/10.1007/978-3-319-24174-6_3" @default.
• W2964194080 hasPublicationYear "2015" @default.
• W2964194080 type Work @default.
• W2964194080 sameAs 2964194080 @default.
• W2964194080 citedByCount "15" @default.
• W2964194080 countsByYear W29641940802015 @default.
• W2964194080 countsByYear W29641940802016 @default.
• W2964194080 countsByYear W29641940802017 @default.
• W2964194080 countsByYear W29641940802018 @default.
• W2964194080 countsByYear W29641940802019 @default.
• W2964194080 countsByYear W29641940802021 @default.
• W2964194080 countsByYear W29641940802022 @default.
• W2964194080 countsByYear W29641940802023 @default.
• W2964194080 crossrefType "book-chapter" @default.
• W2964194080 hasAuthorship W2964194080A5019297588 @default.
• W2964194080 hasAuthorship W2964194080A5032615835 @default.
• W2964194080 hasAuthorship W2964194080A5088011494 @default.
• W2964194080 hasBestOaLocation W29641940801 @default.
• W2964194080 hasConcept C107457646 @default.
• W2964194080 hasConcept C108827166 @default.
• W2964194080 hasConcept C113324615 @default.
• W2964194080 hasConcept C118643609 @default.
• W2964194080 hasConcept C121332964 @default.
• W2964194080 hasConcept C136764020 @default.
• W2964194080 hasConcept C148417208 @default.
• W2964194080 hasConcept C24890656 @default.
• W2964194080 hasConcept C2778355321 @default.
• W2964194080 hasConcept C35578498 @default.
• W2964194080 hasConcept C38652104 @default.
• W2964194080 hasConcept C41008148 @default.
• W2964194080 hasConcept C48677424 @default.
• W2964194080 hasConcept C555379026 @default.
• W2964194080 hasConceptScore W2964194080C107457646 @default.
• W2964194080 hasConceptScore W2964194080C108827166 @default.
• W2964194080 hasConceptScore W2964194080C113324615 @default.
• W2964194080 hasConceptScore W2964194080C118643609 @default.
• W2964194080 hasConceptScore W2964194080C121332964 @default.
• W2964194080 hasConceptScore W2964194080C136764020 @default.
• W2964194080 hasConceptScore W2964194080C148417208 @default.
• W2964194080 hasConceptScore W2964194080C24890656 @default.
• W2964194080 hasConceptScore W2964194080C2778355321 @default.
• W2964194080 hasConceptScore W2964194080C35578498 @default.
• W2964194080 hasConceptScore W2964194080C38652104 @default.
• W2964194080 hasConceptScore W2964194080C41008148 @default.
• W2964194080 hasConceptScore W2964194080C48677424 @default.
• W2964194080 hasConceptScore W2964194080C555379026 @default.
• W2964194080 hasLocation W29641940801 @default.
• W2964194080 hasLocation W29641940802 @default.
• W2964194080 hasLocation W29641940803 @default.
• W2964194080 hasOpenAccess W2964194080 @default.
• W2964194080 hasPrimaryLocation W29641940801 @default.
• W2964194080 hasRelatedWork W1510376806 @default.
• W2964194080 hasRelatedWork W1683878900 @default.
• W2964194080 hasRelatedWork W1968554315 @default.
• W2964194080 hasRelatedWork W2077251857 @default.
• W2964194080 hasRelatedWork W2086663091 @default.
• W2964194080 hasRelatedWork W2783999343 @default.
• W2964194080 hasRelatedWork W3033451189 @default.
• W2964194080 hasRelatedWork W3062861 @default.
• W2964194080 hasRelatedWork W4238930562 @default.
• W2964194080 hasRelatedWork W858716160 @default.
• W2964194080 isParatext "false" @default.
• W2964194080 isRetracted "false" @default.
• W2964194080 magId "2964194080" @default.
• W2964194080 workType "book-chapter" @default.