OAuthHub: Mitigating OAuth Data Overaccess through a Local Data Hub
Qiyu Li, Yuhe Tian, Haojian Jin
TL;DR
OAuthHub is a framework that uses personal devices as intermediaries to limit unnecessary OAuth data access, improving privacy and developer efficiency with minimal performance impact.
Contribution
OAuthHub introduces a novel development framework that manages OAuth data sharing through personal devices, reducing overaccess and simplifying developer tasks.
Findings
OAuthHub reduces data overaccess by managing access through personal devices.
Developers completed tasks faster and with less code using OAuthHub.
OAuthHub incurs insignificant performance overheads in real-world apps.
Abstract
Most OAuth service providers, such as Google and Microsoft, offer only a limited range of coarse-grained data access. As a result, third-party OAuth applications often end up accessing more user data than necessary, even if their developers want to minimize data access. We present OAuthHub, a development framework that leverages users' personal devices as the intermediary controller for OAuth-based data sharing between cloud services. The key innovations of OAuthHub are: (1) the insight that discretionary data access is largely unnecessary for most OAuth apps, which typically only require access at three well-defined moments-during installation, in response to user actions, and at scheduled intervals; (2) a development framework that requires explicit declarations of intended data access and supports the three common access patterns through intermittently available personal devices; and…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsWeb Application Security Vulnerabilities · Advanced Malware Detection Techniques · ICT in Developing Communities