{"id":"https://openalex.org/W2087226776","doi":"https://doi.org/10.1145/2660460.2660463","title":"Application impersonation","display_name":"Application impersonation","publication_year":2014,"publication_date":"2014-10-01","ids":{"openalex":"https://openalex.org/W2087226776","doi":"https://doi.org/10.1145/2660460.2660463","mag":"2087226776"},"language":"en","primary_location":{"id":"doi:10.1145/2660460.2660463","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2660460.2660463","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the second ACM conference on Online social networks","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5055452226","display_name":"Pili Hu","orcid":null},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"HK","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Pili Hu","raw_affiliation_strings":["The Chinese University of Hong Kong, Hong Kong, Hong Kong"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069572941","display_name":"Ronghai Yang","orcid":null},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"HK","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Ronghai Yang","raw_affiliation_strings":["The Chinese University of Hong Kong, Hong Kong, Hong Kong"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100387738","display_name":"Yue Li","orcid":"https://orcid.org/0000-0001-7682-811X"},"institutions":[{"id":"https://openalex.org/I16285277","display_name":"William & Mary","ror":"https://ror.org/03hsf0573","country_code":"US","type":"education","lineage":["https://openalex.org/I16285277"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yue Li","raw_affiliation_strings":["College of William and Mary, Virginia, USA","[College of William and Mary, Virginia, USA]"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of William and Mary, Virginia, USA","institution_ids":["https://openalex.org/I16285277"]},{"raw_affiliation_string":"[College of William and Mary, Virginia, USA]","institution_ids":["https://openalex.org/I16285277"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5020413351","display_name":"Wing Cheong Lau","orcid":"https://orcid.org/0000-0003-1179-7855"},"institutions":[{"id":"https://openalex.org/I177725633","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48","country_code":"HK","type":"education","lineage":["https://openalex.org/I177725633"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Wing Cheong Lau","raw_affiliation_strings":["The Chinese University of Hong Kong, Hong Kong, Hong Kong"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The Chinese University of Hong Kong, Hong Kong, Hong Kong","institution_ids":["https://openalex.org/I177725633"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.5375,"has_fulltext":false,"cited_by_count":24,"citation_normalized_percentile":{"value":0.91214379,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"271","last_page":"278"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7647002935409546},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7193095088005066},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.696615993976593},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.6071059703826904},{"id":"https://openalex.org/keywords/authorization","display_name":"Authorization","score":0.558892011642456},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4678282141685486}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7647002935409546},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7193095088005066},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.696615993976593},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.6071059703826904},{"id":"https://openalex.org/C108759981","wikidata":"https://www.wikidata.org/wiki/Q788590","display_name":"Authorization","level":2,"score":0.558892011642456},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4678282141685486},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2660460.2660463","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2660460.2660463","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the second ACM conference on Online social networks","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7200000286102295,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G7442027941","display_name":null,"funder_award_id":"project number 4055031","funder_id":"https://openalex.org/F4320322942","funder_display_name":"Chinese University of Hong Kong"}],"funders":[{"id":"https://openalex.org/F4320322942","display_name":"Chinese University of Hong Kong","ror":"https://ror.org/00t33hh48"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W1600742525","https://openalex.org/W1785797725","https://openalex.org/W1991741230","https://openalex.org/W1993722065","https://openalex.org/W2016563917","https://openalex.org/W2023040061","https://openalex.org/W2047443612","https://openalex.org/W2089775132","https://openalex.org/W2103475742","https://openalex.org/W2110903679","https://openalex.org/W2112995928","https://openalex.org/W2118994807","https://openalex.org/W2126123233","https://openalex.org/W2133723082","https://openalex.org/W2159675343","https://openalex.org/W2162118634","https://openalex.org/W2187227682","https://openalex.org/W2247000483","https://openalex.org/W2283736639","https://openalex.org/W2288204762","https://openalex.org/W2398053170","https://openalex.org/W2399231848","https://openalex.org/W2521020733","https://openalex.org/W4205480687","https://openalex.org/W4205546762"],"related_works":["https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W1590307681","https://openalex.org/W3048799479","https://openalex.org/W2779961139","https://openalex.org/W3006507989","https://openalex.org/W4240241597","https://openalex.org/W2763500028","https://openalex.org/W4240288358"],"abstract_inverted_index":{"OAuth":[0,21,39,60,79,89,99,126,163],"2.0":[1,22,40,90,100,127],"protocol":[2,128],"has":[3],"enjoyed":[4],"wide":[5],"adoption":[6],"by":[7,121,211],"Online":[8],"Social":[9],"Network":[10],"(OSN)":[11],"providers":[12],"since":[13],"its":[14,110,150,212],"inception.":[15],"Although":[16],"the":[17,35,57,75,78,125,144,202,231],"security":[18],"guideline":[19],"of":[20,38,59,63,77,88,112],"is":[23,91,101],"well":[24],"discussed":[25],"in":[26,41,136],"RFC6749":[27],"and":[28,61,116,123,129,148,176,197,205],"RFC6819,":[29],"many":[30,62,137],"real-world":[31],"attacks":[32],"due":[33,108],"to":[34,104,109,187,214,229],"implementation":[36],"specifics":[37],"various":[42],"OSNs":[43],"have":[44],"been":[45],"discovered.":[46],"To":[47],"our":[48],"knowledge,":[49],"previously":[50],"discovered":[51],"loopholes":[52],"are":[53,209],"all":[54],"based":[55],"on":[56,66,152],"misuse":[58],"them":[64],"rely":[65],"provider":[67],"side":[68,71],"or":[69],"application":[70],"vulnerabilities/":[72],"faults":[73],"beyond":[74],"scope":[76],"protocol.":[80],"It":[81],"was":[82],"generally":[83],"believed":[84],"that":[85,98,224],"correct":[86],"use":[87],"secure.":[92],"In":[93],"this":[94],"paper,":[95],"we":[96],"show":[97],"intrinsically":[102],"vulnerable":[103],"App":[105,145,160,233],"impersonation":[106,146,161,234],"attack":[107,147],"provision":[111],"multiple":[113],"authorization":[114],"flows":[115],"token":[117],"types.":[118],"We":[119,141,157,220],"start":[120],"reviewing":[122],"analyzing":[124],"some":[130],"common":[131],"API":[132,169],"design":[133,170],"problems":[134],"found":[135],"1st":[138],"tiered":[139],"OSNs.":[140],"then":[142],"propose":[143,222],"investigate":[149],"impact":[151],"12":[153],"major":[154],"OSN":[155,192],"providers.":[156],"demonstrate":[158],"that,":[159],"via":[162],"2.0,":[164],"when":[165],"combined":[166],"with":[167],"additional":[168],"features/":[171],"deficiencies,":[172],"make":[173],"large-scale":[174],"exploit":[175],"privacy-leak":[177],"possible.":[178],"For":[179],"example,":[180],"it":[181],"becomes":[182],"possible":[183],"for":[184],"an":[185],"attacker":[186],"completely":[188],"crawl":[189],"a":[190],"200-million-user":[191],"within":[193],"just":[194],"one":[195],"week":[196],"harvest":[198],"data":[199],"objects":[200],"like":[201],"status":[203],"list":[204,207],"friend":[206],"which":[208],"expected,":[210],"users,":[213],"be":[215,226],"private":[216],"among":[217],"only":[218],"friends.":[219],"also":[221],"fixes":[223],"can":[225],"readily":[227],"deployed":[228],"tackle":[230],"OAuth2.0-based":[232],"problem.":[235]},"counts_by_year":[{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":3},{"year":2017,"cited_by_count":4},{"year":2016,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}