Security Vulnerabilities in SAML based Single Sign-On Authentication in Cloud

被引：0

作者：

Kaur, Kirandeep ^{[1
]}

Bansal, Divya ^{[1
]}

机构：

[1] PEC Univ Technol, Chandigarh, India

来源：

PROCEEDINGS OF THE 1ST INTERNATIONAL WORKSHOP ON CLOUD COMPUTING AND INFORMATION SECURITY (CCIS 2013) | 2013年 / 52卷

关键词：

SSO; SAML; Authentication; Confidentiality; Availability; Integrity; Vulnerability;

D O I：

暂无

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Cloud computing is introducing numerous changes to one's lifestyle and working pattern for its infinite benefits. Companies have increasingly turned to Software as a Service (SaaS) or Application Service Providers (ASPs) vendors to offer specialized web based services that have huge potential to cut costs and provide specific applications to the users in a very convenient way. However, the security of cloud computing is always a serious issue for numerous potential cloud users, and also a big roadblock for its far-flung applications. One of the major challenges remains to be an integrated authentication mechanism over cloud environments through Single Sign-On. In this paper, the authors report their work of implementing Security Assertion Markup Language (SAML) to enable Single Sign-On (SSO) based authentication in a multiple web application cloud environment. The paper also reports serious vulnerabilities prevalent in such an environment and describes a detection method for the same.

引用

页码：294 / 298

页数：5

共 50 条

[1] SAML & single sign-on
Sivan, SS
[J]. DR DOBBS JOURNAL, 2003, 28 (11): : 36 - +
[2] A Model of Unite-Authentication Single Sign-On Based on SAML underlying Web
Wu Kaixing
Yu Xiaolin
[J]. ICIC 2009: SECOND INTERNATIONAL CONFERENCE ON INFORMATION AND COMPUTING SCIENCE, VOL 2, PROCEEDINGS: IMAGE ANALYSIS, INFORMATION AND SIGNAL PROCESSING, 2009, : 211 - 213
[3] Exploring Phone-Based Authentication Vulnerabilities in Single Sign-On Systems
Tolbert, Matthew M.
Hess, Elie M.
Nascimento, Mattheus C.
Lei, Yunsen
Shue, Craig A.
[J]. INFORMATION AND COMMUNICATIONS SECURITY, ICICS 2022, 2022, 13407 : 184 - 200
[4] Security analysis of the SAML Single Sign-on Browser Artifact profile
Gross, T
[J]. 19TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2003, : 298 - 307
[5] SAML-Based Single Sign-On for Legacy System
Nie, Fengming
Xu, Feng
Qi, Rongzhi
[J]. 2012 IEEE INTERNATIONAL CONFERENCE ON AUTOMATION AND LOGISTICS (ICAL), 2012, : 470 - 473
[6] Single Sign-on System Security Authentication Model Research
Liu, Yiqin
[J]. 2016 ISSGBM INTERNATIONAL CONFERENCE ON INFORMATION, COMMUNICATION AND SOCIAL SCIENCES (ISSGBM-ICS 2016), PT 3, 2016, 68 : 494 - 498
[7] Evaluating single sign-on security failure in cloud services
Cusack, Brian
Ghazizadeh, Eghbal
[J]. BUSINESS HORIZONS, 2016, 59 (06) : 605 - 614
[8] Adding SAML to Two-Factor Authentication and Single Sign-On Model for Dynamic Access Control
Fugkeaw, Somchart
Manpanpanich, Piyawit
Juntapremjitt, Sekpon
[J]. 2007 6TH INTERNATIONAL CONFERENCE ON INFORMATION, COMMUNICATIONS & SIGNAL PROCESSING, VOLS 1-4, 2007, : 1539 - +
[9] Design and implementaion of a Single sign-on library supporting SAML (Security assertion markup language) for Grid and Web services security
Shin, D
Jeong, J
Shin, D
[J]. GRID AND COOPERATIVE COMPUTING, PT 2, 2004, 3033 : 557 - 564
[10] A Security Research on Single Sign-On System Based on CAS
Zhang Xiao-yin
Chen Guo-sheng
[J]. 2011 INTERNATIONAL CONFERENCE ON COMPUTER APPLICATION AND EDUCATION TECHNOLOGY (ICCAET 2011), 2011, : 209 - 212

← 1 2 3 4 5 →