TY - GEN
T1 - SVAuth – A single-sign-on integration solution with runtime verification
AU - Chen, Shuo
AU - McCutchen, Matt
AU - Cao, Phuong
AU - Qadeer, Shaz
AU - Iyer, Ravishankar K.
N1 - Publisher Copyright:
© Springer International Publishing AG 2017.
PY - 2017
Y1 - 2017
N2 - SSO (single-sign-on) services, such as those provided by Facebook, Google and Microsoft Azure, are integrated into tens of millions of websites and cloud services, just like lock manufacturers offering locks for every home. Imagine you are a website developer, typically unfamiliar with SSO protocols. Your manager wants you to integrate a particular SSO service into a website written in a particular language (e.g., PHP, ASP.NET or Python). You are likely overwhelmed by the amount of work for finding a suitable SSO library, understanding its programming guide, and writing your code. Moreover, studies have shown that many SSO integrations on real-world websites are incorrect, and thus vulnerable to security attacks! SVAuth is an open-source project that tries to provide integration solutions for all major SSO services in all major web languages. Its correctness is ensured by a technology called self-verifying execution, which performs program verification at runtime. SVAuth is so easy to adopt that a website developer does not need any knowledge about SSO protocols or implementations. This paper describes the architecture of SVAuth and how to use it on real-world websites.
AB - SSO (single-sign-on) services, such as those provided by Facebook, Google and Microsoft Azure, are integrated into tens of millions of websites and cloud services, just like lock manufacturers offering locks for every home. Imagine you are a website developer, typically unfamiliar with SSO protocols. Your manager wants you to integrate a particular SSO service into a website written in a particular language (e.g., PHP, ASP.NET or Python). You are likely overwhelmed by the amount of work for finding a suitable SSO library, understanding its programming guide, and writing your code. Moreover, studies have shown that many SSO integrations on real-world websites are incorrect, and thus vulnerable to security attacks! SVAuth is an open-source project that tries to provide integration solutions for all major SSO services in all major web languages. Its correctness is ensured by a technology called self-verifying execution, which performs program verification at runtime. SVAuth is so easy to adopt that a website developer does not need any knowledge about SSO protocols or implementations. This paper describes the architecture of SVAuth and how to use it on real-world websites.
UR - http://www.scopus.com/inward/record.url?scp=85029574142&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85029574142&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-67531-2_21
DO - 10.1007/978-3-319-67531-2_21
M3 - Conference contribution
AN - SCOPUS:85029574142
SN - 9783319675305
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 349
EP - 358
BT - Runtime Verification - 17th International Conference, RV 2017, Proceedings
A2 - Lahiri, Shuvendu
A2 - Reger, Giles
PB - Springer
T2 - 17th International Conference on Runtime Verification, RV 2017
Y2 - 13 September 2017 through 16 September 2017
ER -