Reference Monitors for Security and Interoperability in OAuth 2.0

  • Ronan-Alexandre Cherrueau
  • Rémi Douence
  • Jean-Claude RoyerEmail author
  • Mario Südholt
  • Anderson Santana de Oliveira
  • Yves Roudier
  • Matteo Dell’Amico
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8247)


OAuth 2.0 is a recent IETF standard devoted to providing authorization to clients requiring access to specific resources over HTTP. It has been pointed out that this framework is potentially subject to security issues, as well as difficulties concerning the interoperability between protocol participants and application evolution. As we show in this paper, there are indeed multiple reasons that make this protocol hard to implement and impede interoperability in the presence of different kinds of client. Our main contribution consists in a framework that harnesses a type-based policy language and aspect-based support for protocol adaptation through flexible reference monitors in order to handle security, interoperability and evolution issues of OAuth 2.0. We apply our framework in the context of three scenarios that make explicit variations in the protocol and show how to handle those issues.


Aspect oriented programming Interoperability OAuth protocol Reference monitor Security Type system 

Supplementary material


  1. 1.
    Aktug, I., Naliuka, K.: Conspec - a formal language for policy specification. ENTCS 197(1), 45–58 (2008). (Proceedings of REM 2007)MathSciNetGoogle Scholar
  2. 2.
    Allam, D., Douence, R., Grall, H., Royer, J.-C., Südholt, M.: Well-typed services cannot go wrong. Rapport de recherche RR-7899, INRIA, May 2012Google Scholar
  3. 3.
    Ascola team. An aspect framework for CXF., January 2013
  4. 4.
    Bansal, C., Bhargavan, K., Maffeis, S.: Discovering concrete attacks on website authorization by formal analysis. In: CSF 2012, Cambridge, MA, USA, pp. 247–262. IEEE (2012)Google Scholar
  5. 5.
    Castagna, G., Frisch, A.: A gentle introduction to semantic subtyping. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 30–34. Springer, Heidelberg (2005)Google Scholar
  6. 6.
    Castagna, G., De Nicola, R., Varacca, D.: Semantic subtyping for the pi-calculus. Theor. Comput. Sci. 398(1–3), 217–242 (2008)CrossRefzbMATHGoogle Scholar
  7. 7.
    Charfi, A., Mezini, M.: Aspect-oriented web service composition with AO4BPEL. In: (LJ) Zhang, L.-J., Jeckle, M. (eds.) ECOWS 2004. LNCS, vol. 3250, pp. 168–182. Springer, Heidelberg (2004)Google Scholar
  8. 8.
    Chebaro, O., Allam, D., Grall, H., et al.: Mechanisms for property preservation. Technical Report Deliverable D2.4, CESSA Project, July 2012Google Scholar
  9. 9.
    Cherrueau, R.-A., Chebaro, O., Südholt, M.: Flexible and expressive aspect-based control over service compositions in the cloud. In: 4th International Workshop on Variability & Composition (VariComp). ACM DL, March 2013Google Scholar
  10. 10.
    Dell’Amico, M., Serme, G., Idrees, M.S., de Oliveira, A.S., Roudier, Y.: Hipolds: a hierarchical security policy language for distributed systems. Information Security Technical Report (2012)Google Scholar
  11. 11.
    OASIS. eXtensible Access Control Markup Language (XACML) Version 3.0. Technical report, OASIS, January 2013Google Scholar
  12. 12.
    Pai, S., Sharma, Y., Kumar, S., Pai, R.M., Singh, S.: Formal verification of oauth 2.0 using alloy framework. In: CSNT ’11, pp. 655–659. IEEE Computer Society, Washington DC (2011)Google Scholar
  13. 13.
    Pu, K.Q.: Service description and analysis from a type theoretic approach. In: ICDE Workshops, pp. 379–386 (2007)Google Scholar
  14. 14.
    Ribeiro, C., Ferreira, P.: A policy-oriented language for expressing security specifications. Int. J. Netw. Secur. 5(3), 299–316 (2007)Google Scholar
  15. 15.
    Riely, J., Hennessy, M.: Trust and partial typing in open systems of mobile agents. J. Autom. Reasoning 31(3–4), 335–370 (2003)CrossRefzbMATHMathSciNetGoogle Scholar
  16. 16.
    Paul, R.: Compromising twitter’s oauth security system. Technical report, Ars Technica (2010)Google Scholar
  17. 17.
    Sans, T., Cervesato, I.: QWeSST for type-safe web programming. In: 3rd International Workshop on Logics, Agents, and Mobility (2010)Google Scholar
  18. 18.
    Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)CrossRefGoogle Scholar
  19. 19.
    Costa Seco, J., Caires, L.: A basic model of typed components. In: Bertino, E. (ed.) ECOOP 2000. LNCS, vol. 1850, pp. 108–128. Springer, Heidelberg (2000)Google Scholar
  20. 20.
    Serban, C., Zhang, W., Minsky, N.: A decentralized mechanism for application level monitoring of distributed systems. In: Proceedings of CollaborateCom 2009, pp. 1–10. IEEE (2009)Google Scholar
  21. 21.
    IETF Web Authorization (OAuth) Working Group. SAML 2.0 profile for OAuth 2.0 client authentication and authorization grants. Technical Report V 17, Internet Engineering Task Force (IETF)Google Scholar
  22. 22.
    IETF Web Authorization (OAuth) Working Group. The OAuth 2.0 authorization framework. Technical Report RFC 6749, Internet Engineering Task Force (IETF), October 2012Google Scholar
  23. 23.
    IETF Web Authorization (OAuth) Working Group. The OAuth 2.0 authorization framework: bearer token usage. Technical Report RFC 6750, Internet Engineering Task Force (IETF), October 2012Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Ronan-Alexandre Cherrueau
    • 1
  • Rémi Douence
    • 1
  • Jean-Claude Royer
    • 1
    Email author
  • Mario Südholt
    • 1
  • Anderson Santana de Oliveira
    • 2
  • Yves Roudier
    • 3
  • Matteo Dell’Amico
    • 3
  1. 1.École des Mines de NantesNantesFrance
  2. 2.SAP Applied ResearchMouginsFrance
  3. 3.EURECOMSophia AntipolisFrance

Personalised recommendations