| 基于CPN的OAuth协议建模与分析 |
| |
| 引用本文: | 张婷,张鑫,张新刚.基于CPN的OAuth协议建模与分析[J].计算机系统应用,2018,27(2):212-215. |
| |
| 作者姓名: | 张婷 张鑫 张新刚 |
| |
| 作者单位: | 南阳师范学院 计算机与信息技术学院, 南阳 473061,南阳理工学院 软件学院, 南阳 473000,南阳师范学院 计算机与信息技术学院, 南阳 473061 |
| |
| 基金项目: | 河南省教育厅2016年度教师教育课程改革研究项目(2016-JSJYYB-080);河南省科技攻关项目(172102310702);河南省教育厅科技研究重点项目(17A520049,17A630046);南阳师范学院校级项目(QN2017064) |
| |
| 摘 要: | 在云计算环境下,网络安全协议的执行环境变得更为复杂,应用Web安全问题开放授权协议,可以提高信息共享的安全性. 本文采用CPN(Colored Petri Net)对OAuth协议进行建模,使用仿真工具CPNTools分析OAuth协议授权码模式的相关性质,并通过仿真实验表明授权码模式可以基于令牌进行验证与授权,防止针对授权码的CSRF注入攻击.
|
| 关 键 词: | Web安全开放授权协议 Petri网 OAuth协议 协议分析 |
| 收稿时间: | 2017/4/15 0:00:00 |
| 修稿时间: | 2017/5/11 0:00:00 |
Modeling and Analysis of OAuth Protocol Based on CPN |
| |
| ZHANG Ting,ZHANG Xin and ZHANG Xin-Gang.Modeling and Analysis of OAuth Protocol Based on CPN[J].Computer Systems& Applications,2018,27(2):212-215. |
| |
| Authors: | ZHANG Ting ZHANG Xin and ZHANG Xin-Gang |
| |
| Affiliation: | School of Computer and Information Technology, Nanyang Normal University, Nanyang 473061, China,School of Software, Nanyang Institute of Technology, Nanyang 473000, China and School of Computer and Information Technology, Nanyang Normal University, Nanyang 473061, China |
| |
| Abstract: | In the cloud computing environment, the execution environment of network security protocols becomes more complex than ever before. The use of Web security issues open license agreement can improve the security of information sharing. CPN (Colored Petri Net) is employed to model OAuth protocol. The analysis of authorization code pattern in OAuth protocol adopts simulation tool named CPNTools. The experimental results show that the authorization code pattern can be verified and authorized based on token. Authorization token injection attack can be prevented in this way. |
| |
| Keywords: | Web secure open authorization protocol Petri network OAuth protocol protocol analysis |
|
| 点击此处可从《计算机系统应用》浏览原始摘要信息 |
|
点击此处可从《计算机系统应用》下载全文 |
