O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web

@inproceedings{Ghasemisharif2018OSS,
  title={O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web},
  author={Mohammad Ghasemisharif and Amrutha Ramesh and Stephen Checkoway and Chris Kanich and Jason Polakis},
  booktitle={USENIX Security Symposium},
  year={2018}
}
The advent of Single Sign-On (SSO) has ushered in the era of a tightly interconnected Web. Users can now effortlessly navigate the Web and obtain a personalized experience without the hassle of creating and managing accounts across different services. Due to the proliferation of SSO, user accounts in identity providers are now keys to the kingdom and pose a massive security risk. If such an account is compromised, attackers can gain control of the user’s accounts in numerous other web services… CONTINUE READING
0 Citations
46 References
Similar Papers

References

Publications referenced by this paper.
Showing 1-10 of 46 references

OpenID Connect Core 1.0 incorporating errata set

  • N. Sakimura, J. Bradley, M. B. Jones, B. de Medeiros, C. Mortimore
  • 2014
Highly Influential
4 Excerpts

How cybercrooks put the beatdown on my beats

  • B. Krebs
  • https://krebsonsecurity.com/tag/ amazon-hacked…
  • 2017
1 Excerpt

OpenID Connect Back-Channel Logout 1.0 - draft

  • M. B. Jones, J. Bradley
  • 2017
1 Excerpt

Similar Papers

Loading similar papers…