Many available mobile applications (apps) have poorly implemented Single Sign-On and Access Delegation solutions leading to serious security issues. This could be caused by inexperienced developers who prioritize the implementation of core functionalities and/or misunderstand security critical parts. The situation is even worse in complex API scenarios where the app interacts with several providers. To address these problems, we propose a novel wizard-based approach that guides developers to integrate multiple third-party Identity Management (IdM) providers in their apps, by (i) “enforcing” the usage of best practices for native apps, (ii) avoiding the need to download several SDKs and understanding their online documentations (a list of known IdM providers with their configuration information is embedded within our approach), and (iii) automatically generating the code to enable the communication with the different IdM providers. The effectiveness of the proposed approach has been assessed by implementing an Android Studio plugin and using it to integrate several IdM providers, such as OKTA, Auth0, Microsoft, and Google.

A Wizard-based Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps / Sharif, A.; Carbone, R.; Ranise, S.; Sciarretta, G.. - 2:(2019), pp. 268-275. (Intervento presentato al convegno 16th International Joint Conference on e-Business and Telecommunications, ICETE 2019 tenutosi a cze nel 2019) [10.5220/0007930502680275].

A Wizard-based Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps

Ranise S.;
2019-01-01

Abstract

Many available mobile applications (apps) have poorly implemented Single Sign-On and Access Delegation solutions leading to serious security issues. This could be caused by inexperienced developers who prioritize the implementation of core functionalities and/or misunderstand security critical parts. The situation is even worse in complex API scenarios where the app interacts with several providers. To address these problems, we propose a novel wizard-based approach that guides developers to integrate multiple third-party Identity Management (IdM) providers in their apps, by (i) “enforcing” the usage of best practices for native apps, (ii) avoiding the need to download several SDKs and understanding their online documentations (a list of known IdM providers with their configuration information is embedded within our approach), and (iii) automatically generating the code to enable the communication with the different IdM providers. The effectiveness of the proposed approach has been assessed by implementing an Android Studio plugin and using it to integrate several IdM providers, such as OKTA, Auth0, Microsoft, and Google.
2019
ICETE 2019 - Proceedings of the 16th International Joint Conference on e-Business and Telecommunications
AV D MANUELL, 27A 2 ESQ, SETUBAL, 2910-595, PORTUGAL
SciTePress
978-989-758-378-0
Sharif, A.; Carbone, R.; Ranise, S.; Sciarretta, G.
A Wizard-based Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps / Sharif, A.; Carbone, R.; Ranise, S.; Sciarretta, G.. - 2:(2019), pp. 268-275. (Intervento presentato al convegno 16th International Joint Conference on e-Business and Telecommunications, ICETE 2019 tenutosi a cze nel 2019) [10.5220/0007930502680275].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/333115
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 5
  • ???jsp.display-item.citation.isi??? 3
social impact