{"id":"https://openalex.org/W4285199429","doi":"https://doi.org/10.5220/0011061200003179","title":"Family Matters: Abusing Family Refresh Tokens to Gain Unauthorised Access to Microsoft Cloud Services Exploratory Study of Azure Active Directory Family of Client IDs","display_name":"Family Matters: Abusing Family Refresh Tokens to Gain Unauthorised Access to Microsoft Cloud Services Exploratory Study of Azure Active Directory Family of Client IDs","publication_year":2022,"publication_date":"2022-01-01","ids":{"openalex":"https://openalex.org/W4285199429","doi":"https://doi.org/10.5220/0011061200003179"},"language":"en","primary_location":{"id":"doi:10.5220/0011061200003179","is_oa":true,"landing_page_url":"https://doi.org/10.5220/0011061200003179","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 24th International Conference on Enterprise Information Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.5220/0011061200003179","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5066878405","display_name":"R. W. Cobb","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Ryan Cobb","raw_affiliation_strings":["Secureworks, Counter Threat Unit, U.S.A., --- Select a Country ---"],"affiliations":[{"raw_affiliation_string":"Secureworks, Counter Threat Unit, U.S.A., --- Select a Country ---","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5092305485","display_name":"Anthony Larcher-Gore","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Anthony Larcher-Gore","raw_affiliation_strings":["Secureworks, Counter Threat Unit, U.S.A., --- Select a Country ---"],"affiliations":[{"raw_affiliation_string":"Secureworks, Counter Threat Unit, U.S.A., --- Select a Country ---","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5044238599","display_name":"Nestori Syynimaa","orcid":"https://orcid.org/0000-0002-6848-094X"},"institutions":[{"id":"https://openalex.org/I94722563","display_name":"University of Jyv\u00e4skyl\u00e4","ror":"https://ror.org/05n3dz165","country_code":"FI","type":"education","lineage":["https://openalex.org/I94722563"]}],"countries":["FI"],"is_corresponding":false,"raw_author_name":"Nestori Syynimaa","raw_affiliation_strings":["Faculty of Information Technology, University of Jyv\u00e4skyl\u00e4, Jyv\u00e4skyl\u00e4, Finland, --- Select a Country ---","Secureworks, Counter Threat Unit, U.S.A., --- Select a Country ---"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, University of Jyv\u00e4skyl\u00e4, Jyv\u00e4skyl\u00e4, Finland, --- Select a Country ---","institution_ids":["https://openalex.org/I94722563"]},{"raw_affiliation_string":"Secureworks, Counter Threat Unit, U.S.A., --- Select a Country ---","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5066878405"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.10237914,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"62","last_page":"69"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9840999841690063,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9840999841690063,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12203","display_name":"Mobile Agent-Based Network Management","score":0.9437999725341797,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9379000067710876,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/security-token","display_name":"Security token","score":0.7916702628135681},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6484656929969788},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5707404613494873},{"id":"https://openalex.org/keywords/resource","display_name":"Resource (disambiguation)","score":0.5478763580322266},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.5392732620239258},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.5050995945930481},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.47002530097961426},{"id":"https://openalex.org/keywords/service","display_name":"Service (business)","score":0.4591064453125},{"id":"https://openalex.org/keywords/directory-service","display_name":"Directory service","score":0.4571199119091034},{"id":"https://openalex.org/keywords/directory","display_name":"Directory","score":0.41759246587753296},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3032715916633606},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.28928837180137634},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.11151805520057678}],"concepts":[{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.7916702628135681},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6484656929969788},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5707404613494873},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.5478763580322266},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.5392732620239258},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.5050995945930481},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.47002530097961426},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.4591064453125},{"id":"https://openalex.org/C138338577","wikidata":"https://www.wikidata.org/wiki/Q756230","display_name":"Directory service","level":3,"score":0.4571199119091034},{"id":"https://openalex.org/C2777683733","wikidata":"https://www.wikidata.org/wiki/Q201456","display_name":"Directory","level":2,"score":0.41759246587753296},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3032715916633606},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.28928837180137634},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.11151805520057678},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.5220/0011061200003179","is_oa":true,"landing_page_url":"https://doi.org/10.5220/0011061200003179","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 24th International Conference on Enterprise Information Systems","raw_type":"proceedings-article"},{"id":"pmh:oai:jyx.jyu.fi:123456789/85748","is_oa":false,"landing_page_url":"http://urn.fi/URN:NBN:fi:jyu-202303032007","pdf_url":null,"source":{"id":"https://openalex.org/S4306400563","display_name":"Jyv\u00e4skyl\u00e4 University Digital Archive (University of Jyv\u00e4skyl\u00e4)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I94722563","host_organization_name":"University of Jyv\u00e4skyl\u00e4","host_organization_lineage":["https://openalex.org/I94722563"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":null,"raw_type":"A4"}],"best_oa_location":{"id":"doi:10.5220/0011061200003179","is_oa":true,"landing_page_url":"https://doi.org/10.5220/0011061200003179","pdf_url":null,"source":null,"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 24th International Conference on Enterprise Information Systems","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Gender equality","score":0.6000000238418579,"id":"https://metadata.un.org/sdg/5"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":1,"referenced_works":["https://openalex.org/W4285276666"],"related_works":["https://openalex.org/W181118223","https://openalex.org/W73423766","https://openalex.org/W2106753613","https://openalex.org/W2104608056","https://openalex.org/W2005960013","https://openalex.org/W2143307242","https://openalex.org/W2136877416","https://openalex.org/W2767128237","https://openalex.org/W2160164485","https://openalex.org/W2137529864"],"abstract_inverted_index":{"Azure":[0,17,25,94,173],"Active":[1],"Directory":[2],"(Azure":[3],"AD)":[4],"is":[5,72,112],"an":[6],"identity":[7,83],"and":[8,16,19,29,34,47,89,98,107,125,155,228],"access":[9,54],"management":[10],"service":[11,23],"used":[12,120,143,171,208],"by":[13,172],"Microsoft":[14],"365":[15],"services":[18],"thousands":[20],"of":[21,84,164,177,196],"third-party":[22],"providers.":[24],"AD":[26,95],"uses":[27],"OIDC":[28],"OAuth":[30,37,132],"protocols":[31],"for":[32,104,114,121,148,213,224],"authentication":[33],"authorisation,":[35,93],"respectively.":[36],"authorisation":[38,48,64,71],"involves":[39],"four":[40],"parties:":[41],"client,":[42,88,154],"resource":[43,45,51,56,86,151],"owner,":[44,87],"server,":[46],"server.":[49],"The":[50,70],"owner":[52],"can":[53,206],"the":[55,59,63,68,82,85,92,149,175],"server":[57,65],"using":[58,74],"specific":[60],"client":[61],"after":[62,128],"has":[66],"authorised":[67],"access.":[69],"presented":[73],"a":[75,108,165,193,225],"cryptographically":[76],"signed":[77],"Access":[78,97,124,146,211],"Token,":[79],"which":[80,191],"includes":[81],"resource.":[90,156],"During":[91],"assigns":[96],"Id":[99,126],"Tokens":[100,118,136,147,202,212],"that":[101,111],"are":[102,119],"valid":[103,113],"one":[105],"hour":[106],"Refresh":[109,117,135,197,201],"Token":[110],"90":[115],"days.":[116],"requesting":[122],"new":[123],"token":[127,226],"their":[129],"expiration.":[130],"By":[131],"2.0":[133],"standard,":[134],"should":[137],"only":[138],"be":[139,142,207],"able":[140],"to":[141,144,168,209],"request":[145],"same":[150],"ow":[152],"ner,":[153],"In":[157],"this":[158],"paper,":[159],"we":[160,186],"will":[161],"present":[162],"findings":[163],"study":[166],"related":[167],"undocumented":[169],"feature":[170],"AD,":[174],"Family":[176,200],"Client":[178],"ID":[179],"(FOCI).":[180],"After":[181],"studying":[182],"600":[183],"first-party":[184],"clients,":[185],"found":[187],"16":[188],"FOCI":[189,215],"clients":[190],"supports":[192],"special":[194],"type":[195],"Tokens,":[198],"called":[199],"(FRTs).":[203],"These":[204],"FRTs":[205,221],"obtain":[210],"any":[214],"client.":[216],"This":[217],"non-standard":[218],"behaviour":[219],"makes":[220],"primary":[222],"targets":[223],"theft":[227],"privilege":[229],"escalation":[230],"attacks.":[231]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}