OAuth protocols have been widely adopted to simplify user authentication and service authorization for third-party applications. However, little effort has been devoted to automatically checking the security of the libraries that service providers widely use. In this paper, we formalize the OAuth specifications and security best practices, and design Cerberus, an automated static analyzer, to find logical flaws and identify vulnerabilities in the implementation of OAuth service provider libraries. To efficiently detect security violations in a large codebase of service provider implementation, Cerberus employs a query-driven algorithm for answering queries about OAuth specifications. We demonstrate the effectiveness of Cerberus by evaluating it on datasets of popular OAuth libraries with millions of downloads. Among these high-profile libraries, Cerberus has identified 47 vulnerabilities from ten classes of logical flaws, 24 of which were previously unknown. We got acknowledged by the developers of eight libraries and had three accepted CVEs.
翻译:为简化第三方应用程序的用户认证和服务授权,已广泛采用Outh协议,但很少努力自动检查服务提供者广泛使用的图书馆的安全性。在本文件中,我们正式确定了OAuth规格和安全最佳做法,并设计了一个自动静态分析器Cerberus,以发现逻辑缺陷,并查明OAuth服务提供图书馆实施过程中的弱点。为了在服务供应商实施过程中的大型代码库中有效发现违反安全的情况,Cerberus采用了一种查询驱动算法来回答关于OAuth规格的查询。我们通过用数百万次下载对大众OAuth图书馆的数据集进行评估来证明Cerberus的有效性。在这些高知名度的图书馆中,Cerberus发现了10类逻辑缺陷中的47个弱点,其中24个是以前未知的。我们得到了8个图书馆的开发者的承认,并有3个被接受的CVES。