SVAuth – A single-sign-on integration solution with runtime verification

Shuo Chen, Matt McCutchen, Phuong Cao, Shaz Qadeer, Ravishankar K. Iyer

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

SSO (single-sign-on) services, such as those provided by Facebook, Google and Microsoft Azure, are integrated into tens of millions of websites and cloud services, just like lock manufacturers offering locks for every home. Imagine you are a website developer, typically unfamiliar with SSO protocols. Your manager wants you to integrate a particular SSO service into a website written in a particular language (e.g., PHP, ASP.NET or Python). You are likely overwhelmed by the amount of work for finding a suitable SSO library, understanding its programming guide, and writing your code. Moreover, studies have shown that many SSO integrations on real-world websites are incorrect, and thus vulnerable to security attacks! SVAuth is an open-source project that tries to provide integration solutions for all major SSO services in all major web languages. Its correctness is ensured by a technology called self-verifying execution, which performs program verification at runtime. SVAuth is so easy to adopt that a website developer does not need any knowledge about SSO protocols or implementations. This paper describes the architecture of SVAuth and how to use it on real-world websites.

Original languageEnglish (US)
Title of host publicationRuntime Verification - 17th International Conference, RV 2017, Proceedings
EditorsShuvendu Lahiri, Giles Reger
PublisherSpringer-Verlag
Pages349-358
Number of pages10
ISBN (Print)9783319675305
DOIs
StatePublished - Jan 1 2017
Event17th International Conference on Runtime Verification, RV 2017 - Seattle, United States
Duration: Sep 13 2017Sep 16 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10548 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other17th International Conference on Runtime Verification, RV 2017
CountryUnited States
CitySeattle
Period9/13/179/16/17

    Fingerprint

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Chen, S., McCutchen, M., Cao, P., Qadeer, S., & Iyer, R. K. (2017). SVAuth – A single-sign-on integration solution with runtime verification. In S. Lahiri, & G. Reger (Eds.), Runtime Verification - 17th International Conference, RV 2017, Proceedings (pp. 349-358). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10548 LNCS). Springer-Verlag. https://doi.org/10.1007/978-3-319-67531-2_21