Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps

A Armando, R Carbone, L Compagna… - Proceedings of the 6th …, 2008 - dl.acm.org
Proceedings of the 6th ACM workshop on Formal methods in security engineering, 2008dl.acm.org
Single-Sign-On (SSO) protocols enable companies to establish a federated environment in
which clients sign in the system once and yet are able to access to services offered by
different companies. The OASIS Security Assertion Markup Language (SAML) 2.0 Web
Browser SSO Profile is the emerging standard in this context. In this paper we provide formal
models of the protocol corresponding to one of the most applied use case scenario (the SP-
Initiated SSO with Redirect/POST Bindings) and of a variant of the protocol implemented by …
Single-Sign-On (SSO) protocols enable companies to establish a federated environment in which clients sign in the system once and yet are able to access to services offered by different companies. The OASIS Security Assertion Markup Language (SAML) 2.0 Web Browser SSO Profile is the emerging standard in this context. In this paper we provide formal models of the protocol corresponding to one of the most applied use case scenario (the SP-Initiated SSO with Redirect/POST Bindings) and of a variant of the protocol implemented by Google and currently in use by Google's customers (the SAML-based SSO for Google Applications). We have mechanically analysed these formal models with SATMC, a state-of-the-art model checker for security protocols. SATMC has revealed a severe security flaw in the protocol used by Google that allows a dishonest service provider to impersonate a user at another service provider. We have also reproduced this attack in an actual deployment of the SAML-based SSO for Google Applications. This security flaw of the SAML-based SSO for Google Applications was previously unknown.
ACM Digital Library
以上显示的是最相近的搜索结果。 查看全部搜索结果