Cerberus: Query-driven Scalable Vulnerability Detection in OAuth Service Provider Implementations
Abstract
OAuth protocols have been widely adopted to simplify user authentication and service authorization for third-party applications. However, little effort has been devoted to automatically checking the security of the libraries that service providers widely use. In this paper, we formalize the OAuth specifications and security best practices, and design Cerberus, an automated static analyzer, to find logical flaws and identify vulnerabilities in the implementation of OAuth service provider libraries. To efficiently detect security violations in a large codebase of service provider implementation, Cerberus employs a query-driven algorithm for answering queries about OAuth specifications. We demonstrate the effectiveness of Cerberus by evaluating it on datasets of popular OAuth libraries with millions of downloads. Among these high-profile libraries, Cerberus has identified 47 vulnerabilities from ten classes of logical flaws, 24 of which were previously unknown. We got acknowledged by the developers of eight libraries and had three accepted CVEs.
Cite
@article{arxiv.2110.01005,
title = {Cerberus: Query-driven Scalable Vulnerability Detection in OAuth Service Provider Implementations},
author = {Tamjid Al Rahat and Yu Feng and Yuan Tian},
journal= {arXiv preprint arXiv:2110.01005},
year = {2023}
}
Comments
Appeared in ACM Conference on Computer and Communications Security (CCS 2022). Please cite the conference version