{"id":"https://openalex.org/W2989417880","doi":"https://doi.org/10.1145/3338500.3360331","title":"OAuthGuard","display_name":"OAuthGuard","publication_year":2019,"publication_date":"2019-11-07","ids":{"openalex":"https://openalex.org/W2989417880","doi":"https://doi.org/10.1145/3338500.3360331","mag":"2989417880"},"language":"en","primary_location":{"id":"doi:10.1145/3338500.3360331","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3338500.3360331","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 5th ACM Workshop on Security Standardisation Research Workshop","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://aura.abdn.ac.uk/bitstream/2164/18957/1/ogpusa.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015676987","display_name":"Wanpeng Li","orcid":"https://orcid.org/0000-0002-6396-9578"},"institutions":[{"id":"https://openalex.org/I11983389","display_name":"Manchester Metropolitan University","ror":"https://ror.org/02hstj355","country_code":"GB","type":"education","lineage":["https://openalex.org/I11983389"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Wanpeng Li","raw_affiliation_strings":["Manchester Metropolitan University, Manchester, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Manchester Metropolitan University, Manchester, United Kingdom","institution_ids":["https://openalex.org/I11983389"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063477888","display_name":"Chris J. Mitchell","orcid":"https://orcid.org/0000-0002-6118-0055"},"institutions":[{"id":"https://openalex.org/I184558857","display_name":"Royal Holloway University of London","ror":"https://ror.org/04g2vpn86","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I184558857"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Chris J. Mitchell","raw_affiliation_strings":["Royal Holloway, University of London, Surrey, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Royal Holloway, University of London, Surrey, United Kingdom","institution_ids":["https://openalex.org/I184558857"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5090198866","display_name":"Tom Chen","orcid":"https://orcid.org/0000-0001-8037-1685"},"institutions":[{"id":"https://openalex.org/I180825142","display_name":"City, University of London","ror":"https://ror.org/04489at23","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I180825142"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Thomas Chen","raw_affiliation_strings":["City, University of London, London, United Kingdom"],"affiliations":[{"raw_affiliation_string":"City, University of London, London, United Kingdom","institution_ids":["https://openalex.org/I180825142"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5015676987"],"corresponding_institution_ids":["https://openalex.org/I11983389"],"apc_list":null,"apc_paid":null,"fwci":3.7306,"has_fulltext":true,"cited_by_count":25,"citation_normalized_percentile":{"value":0.94240885,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"35","last_page":"44"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9922999739646912,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9882000088691711,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7119613885879517},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6737348437309265},{"id":"https://openalex.org/keywords/single-sign-on","display_name":"Single sign-on","score":0.659040093421936},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.627909779548645},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6169403195381165},{"id":"https://openalex.org/keywords/login","display_name":"Login","score":0.5378913283348083},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.4286745488643646},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.25308364629745483}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7119613885879517},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6737348437309265},{"id":"https://openalex.org/C2776362682","wikidata":"https://www.wikidata.org/wiki/Q568494","display_name":"Single sign-on","level":3,"score":0.659040093421936},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.627909779548645},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6169403195381165},{"id":"https://openalex.org/C113324615","wikidata":"https://www.wikidata.org/wiki/Q472302","display_name":"Login","level":2,"score":0.5378913283348083},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.4286745488643646},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.25308364629745483}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3338500.3360331","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3338500.3360331","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 5th ACM Workshop on Security Standardisation Research Workshop","raw_type":"proceedings-article"},{"id":"pmh:oai:aura.abdn.ac.uk:2164/18957","is_oa":true,"landing_page_url":"https://hdl.handle.net/2164/18957","pdf_url":"https://aura.abdn.ac.uk/bitstream/2164/18957/1/ogpusa.pdf","source":{"id":"https://openalex.org/S4306400966","display_name":"Aberdeen University Research Archive (Aberdeen University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I195460627","host_organization_name":"University of Aberdeen","host_organization_lineage":["https://openalex.org/I195460627"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Conference item"}],"best_oa_location":{"id":"pmh:oai:aura.abdn.ac.uk:2164/18957","is_oa":true,"landing_page_url":"https://hdl.handle.net/2164/18957","pdf_url":"https://aura.abdn.ac.uk/bitstream/2164/18957/1/ogpusa.pdf","source":{"id":"https://openalex.org/S4306400966","display_name":"Aberdeen University Research Archive (Aberdeen University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I195460627","host_organization_name":"University of Aberdeen","host_organization_lineage":["https://openalex.org/I195460627"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Conference item"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.8100000023841858}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2989417880.pdf","grobid_xml":"https://content.openalex.org/works/W2989417880.grobid-xml"},"referenced_works_count":26,"referenced_works":["https://openalex.org/W88388190","https://openalex.org/W1548312885","https://openalex.org/W1785797725","https://openalex.org/W1801505325","https://openalex.org/W2012921353","https://openalex.org/W2072978486","https://openalex.org/W2073828651","https://openalex.org/W2089775132","https://openalex.org/W2103475742","https://openalex.org/W2112995928","https://openalex.org/W2133723082","https://openalex.org/W2150387335","https://openalex.org/W2208621975","https://openalex.org/W2217843339","https://openalex.org/W2229250518","https://openalex.org/W2283736639","https://openalex.org/W2398053170","https://openalex.org/W2400427673","https://openalex.org/W2672781069","https://openalex.org/W2899106578","https://openalex.org/W2900825888","https://openalex.org/W2952634974","https://openalex.org/W2955183833","https://openalex.org/W2962768977","https://openalex.org/W3049379989","https://openalex.org/W6906355099"],"related_works":["https://openalex.org/W2392755385","https://openalex.org/W2364108391","https://openalex.org/W4319777932","https://openalex.org/W4292509751","https://openalex.org/W2086663091","https://openalex.org/W2378423392","https://openalex.org/W4389990302","https://openalex.org/W2998413230","https://openalex.org/W2357607877","https://openalex.org/W2968483187"],"abstract_inverted_index":{"Millions":[0],"of":[1,22,30,62,69,77,159,170,214],"users":[2,61,227],"routinely":[3],"use":[4],"Google":[5,118,153,190],"to":[6,9,58,85,95,146,195,206,225],"log":[7],"in":[8,35,38,82,178,185],"websites":[10,151],"supporting":[11,152],"the":[12,20,86,148,156,179,182,220],"standardised":[13],"protocols":[14],"OAuth":[15,23,43,50,104,119,137,161],"2.0":[16,24,44,51,105,120,138,162],"or":[17,139,163],"OpenID":[18,26,53,107,122,140,164],"Connect;":[19],"security":[21,128,166,209],"and":[25,46,52,72,106,111,121,129,167,210,218],"Connect":[27,54,108,123,141,165],"is":[28],"therefore":[29],"critical":[31],"importance.":[32],"As":[33],"revealed":[34],"previous":[36],"studies,":[37],"practice":[39],"RPs":[40,116,133],"often":[41],"implement":[42,136],"incorrectly,":[45],"so":[47,73],"many":[48],"real-world":[49],"systems":[55,65],"are":[56,66,74],"vulnerable":[57],"attack.":[59],"However,":[60],"such":[63],"flawed":[64],"typically":[67],"unaware":[68],"these":[70,215],"issues,":[71],"at":[75,90,198],"risk":[76],"attacks":[78],"which":[79,171],"could":[80],"result":[81],"unauthorised":[83],"access":[84],"victim":[87],"user's":[88],"account":[89],"an":[91,103,232],"RP.":[92],"In":[93],"order":[94],"address":[96],"this":[97],"threat,":[98],"we":[99],"have":[100],"developed":[101],"OAuthGuard,":[102],"vulnerability":[109],"scanner":[110],"protector,":[112],"that":[113,188,228],"works":[114],"with":[115],"using":[117,231],"services.":[124],"It":[125],"protects":[126],"user":[127,208],"privacy":[130,168,211],"even":[131],"when":[132],"do":[134],"not":[135,174],"correctly.":[142],"We":[143],"used":[144],"OAuthGuard":[145,203],"survey":[147],"1000":[149],"top-ranked":[150],"sign-in":[154],"for":[155,212,219],"possible":[157],"presence":[158],"five":[160],"vulnerabilities,":[169],"one":[172,200],"has":[173],"previously":[175],"been":[176],"described":[177],"literature.":[180],"Of":[181],"137":[183],"sites":[184],"our":[186],"study":[187],"employ":[189],"Sign-in,":[191],"69":[192,216],"were":[193,230],"found":[194],"suffer":[196],"from":[197],"least":[199],"serious":[201],"vulnerability.":[202],"was":[204,223],"able":[205,224],"protect":[207],"56":[213],"RPs,":[217],"other":[221],"13":[222],"warn":[226],"they":[229],"insecure":[233],"implementation.":[234]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2019-11-22T00:00:00"}