Cerberus: Query-driven Scalable Vulnerability Detection in OAuth Service Provider Implementations
This addresses security risks for users and developers relying on OAuth implementations, representing a novel automated approach to a previously under-explored area.
The paper tackles the problem of automatically detecting security vulnerabilities in OAuth service provider libraries by developing Cerberus, a static analyzer that formalizes OAuth specifications and best practices, resulting in the identification of 47 vulnerabilities, including 24 previously unknown ones, across popular libraries with millions of downloads.
OAuth protocols have been widely adopted to simplify user authentication and service authorization for third-party applications. However, little effort has been devoted to automatically checking the security of the libraries that service providers widely use. In this paper, we formalize the OAuth specifications and security best practices, and design Cerberus, an automated static analyzer, to find logical flaws and identify vulnerabilities in the implementation of OAuth service provider libraries. To efficiently detect security violations in a large codebase of service provider implementation, Cerberus employs a query-driven algorithm for answering queries about OAuth specifications. We demonstrate the effectiveness of Cerberus by evaluating it on datasets of popular OAuth libraries with millions of downloads. Among these high-profile libraries, Cerberus has identified 47 vulnerabilities from ten classes of logical flaws, 24 of which were previously unknown. We got acknowledged by the developers of eight libraries and had three accepted CVEs.