loading
Documents

Research.Publish.Connect.

Paper

Authors: Amir Sharif 1 ; Roberto Carbone 2 ; Silvio Ranise 2 and Giada Sciarretta 2

Affiliations: 1 Fondazione Bruno Kessler, Trento, Italy, DIBRIS- University of Genoa, Genoa and Italy ; 2 Fondazione Bruno Kessler, Trento and Italy

ISBN: 978-989-758-378-0

Keyword(s): Single Sign-On, OAuth 2.0, Android Security, Identity Management, Android Native Applications.

Abstract: Many available mobile applications (apps) have poorly implemented Single Sign-On and Access Delegation solutions leading to serious security issues. This could be caused by inexperienced developers who prioritize the implementation of core functionalities and/or misunderstand security critical parts. The situation is even worse in complex API scenarios where the app interacts with several providers. To address these problems, we propose a novel wizard-based approach that guides developers to integrate multiple third-party Identity Management (IdM) providers in their apps, by (i) “enforcing” the usage of best practices for native apps, (ii) avoiding the need to download several SDKs and understanding their online documentations (a list of known IdM providers with their configuration information is embedded within our approach), and (iii) automatically generating the code to enable the communication with the different IdM providers. The effectiveness of the proposed approach has been as sessed by implementing an Android Studio plugin and using it to integrate several IdM providers, such as OKTA, Auth0, Microsoft, and Google. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 35.172.100.232

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Sharif, A.; Carbone, R.; Ranise, S. and Sciarretta, G. (2019). A Wizard-based Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps.In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT, ISBN 978-989-758-378-0, pages 268-275. DOI: 10.5220/0007930502680275

@conference{secrypt19,
author={Amir Sharif. and Roberto Carbone. and Silvio Ranise. and Giada Sciarretta.},
title={A Wizard-based Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps},
booktitle={Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT,},
year={2019},
pages={268-275},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007930502680275},
isbn={978-989-758-378-0},
}

TY - CONF

JO - Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT,
TI - A Wizard-based Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps
SN - 978-989-758-378-0
AU - Sharif, A.
AU - Carbone, R.
AU - Ranise, S.
AU - Sciarretta, G.
PY - 2019
SP - 268
EP - 275
DO - 10.5220/0007930502680275

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.