Paper Info
Title
Your Software at my Service: Security Analysis of SaaS Single Sign-On Solutions in the Cloud
Abstract
Software-as-a-Service (SaaS) is typically defined as a rental model for using a complex software product, running on a centralized computing platform, using a thin client (most frequently a web browser). As such, it is one of the major categories of Cloud Computing, besides IaaS and PaaS. While there are many economic benefits in using SaaS, each company must nevertheless enforce control over its own data processed in the Cloud. One of the most important building blocks of such an enforcement scheme is idM, whereat the industry standard for idM is SAML, the Security Assertion Markup Language. In this paper, we study the security of the SAML implementations of 22 CPs and show that 90% of them can be broken, resulting in company data exposure to attackers on the Internet. The detected vulnerabilities are exploited by a wide variety of attack techniques, ranging from classical web attacks to problems specific to XML processing.
Year
DOI
Venue
2014
10.1145/2664168.2664172
CCSW
Keywords
Field
DocType
security and protection,single sign-on,sso,saml,service provider,software-as-a-service,cloud computing,saas,cloud-sp,software as a service
Single sign-on,Computer security,Computer science,Security Assertion Markup Language,Software as a service,Cloud computing security,Centralized computing,Thin client,The Internet,Cloud computing
Conference
Citations 
PageRank 
References 
3
0.40
15
Authors
5
Name
Order
Citations
PageRank
christian mainka16610.80
Vladislav Mladenov2279.22
Florian Feldmann372.90
Julian Krautwald460.81
Jörg Schwenk589988.54