{"updated":"2025-01-19T15:01:57.841687+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00218792","sets":["1164:4088:10830:10916"]},"path":["10916"],"owner":"44499","recid":"218792","title":["ブラウザの拡張機能を用いた脆弱なOAuth2.0実装の検知"],"pubdate":{"attribute_name":"公開日","attribute_value":"2022-07-05"},"_buckets":{"deposit":"166c4926-6a8c-4187-b063-61865e0c3096"},"_deposit":{"id":"218792","pid":{"type":"depid","value":"218792","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"ブラウザの拡張機能を用いた脆弱なOAuth2.0実装の検知","author_link":["569720","569716","569719","569717","569723","569718","569722","569721"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"ブラウザの拡張機能を用いた脆弱なOAuth2.0実装の検知"},{"subitem_title":"Detection of vulnerable OAuth2.0 implementations by browser extensions","subitem_title_language":"en"}]},"item_type_id":"4","publish_date":"2022-07-05","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"立命館大学大学院情報理工学研究科"},{"subitem_text_value":"立命館大学情報理工学部"},{"subitem_text_value":"立命館大学総合科学技術研究機構／大阪大学"},{"subitem_text_value":"立命館大学情報理工学部"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/218792/files/IPSJ-IOT22058005.pdf","label":"IPSJ-IOT22058005.pdf"},"date":[{"dateType":"Available","dateValue":"2024-07-05"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-IOT22058005.pdf","filesize":[{"value":"2.9 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"2e12e7e2-cd55-4094-b15b-70b061fec7ea","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2022 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"国広, 真吾"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"鄭, 俊俊"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"猪俣, 敦夫"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"上原, 哲太郎"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Shingo, Kunihiro","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Junjun, Zheng","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Atsuo, Inomata","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tetsutarou, Uehara","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12326962","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8787","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"OAuth2.0 を用いてユーザ認証の統合を行う Web アプリケーションが広く普及している．OAuth2.0 にはクロスサイトリクエストフォージェリ (以下 CSRF) 攻撃等に対する脆弱性が存在しており，開発者が Web アプリケーションに OAuth2.0 を実装する際に，URL に state パラメータを付与する等の対策をすることが必要とされている．しかし，CSRF 攻撃等に脆弱であるまま OAuth2.0 を実装している Web アプリケーションが複数確認されている．本研究では，CSRF 攻撃等に脆弱な OAuth2.0 の実装をしている Webアプリケーションを検知し，ユーザへ知らせる事で CSRF 攻撃等の被害を未然に防ぐ事を目的とし，ブラウザの拡張機能を用いて検知する手法を提案した．結果，ブラウザの拡張機能を用いることで，CSRF 攻撃への対策が不十分なまま OAuth2.0 実装をしている Web アプリケーションを検知することが可能であった．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"OAuth2.0 is widely used in Web applications that realize integrated user authentication. But OAuth 2.0 is vulnerable to cross-site request forgery (CSRF) attacks and developers are asked to take adequate countermeasures such as adding a state parameter to the redirect URL in their web applications. It has been confirmed that some OAuth 2.0 implementations are vulnerable to CSRF attacks. In this study, we proposed a detection method using the browser extension with the aim of preventing damage from CSRF attacks by detecting web applications of which OAuth 2.0 implementation is vulnerable to the CSRF attack and notify users of the vulnerability. As a result, it was possible to detect web applications that implement OAuth2.0 without sufficient countermeasures against CSRF attacks by using the browser extension.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告インターネットと運用技術（IOT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2022-07-05","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"5","bibliographicVolumeNumber":"2022-IOT-58"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"created":"2025-01-19T01:19:08.359373+00:00","id":218792,"links":{}}