IJISC
  • Indexed in

  • Latest News

    June 28, 2019
    Volume 8, Issue 1 of the International Journal of Information Security and Cybercrime was published
    December 29, 2018
    Volume 7, Issue 2 of the International Journal of Information Security and Cybercrime was published
    June 29, 2018
    Volume 7, Issue 1 of the International Journal of Information Security and Cybercrime was published
    December 29, 2017
    Volume 6, Issue 2 of IJISC – International Journal of Information Security and Cybercrime was published
  • --- More News ---
  • Popular Articles

  • Micro-Id-Gym: Identity Management Workouts with Container-Based Microservices


    Author(s): BISEGNA, Andrea; CARBONE, Roberto; MARTINI, Ivan; ODORIZZI, Valentina; PELLIZZARI, Giulio; RANISE, Silvio

    Quick view | Full article | Citations | Views: 88


    Author(s) keywords: ,


    Reference keywords: ,


    Abstract:

    Identity Management (IdM) solutions are increasingly important for building trust in current and future digital ecosystems. Unfortunately, not only their secure deployment but even their usage are non-trivial activities that require a good level of security awareness. For this, we introduce Micro-Id-Gym, an easy to configure training environment in which users can develop hands-on experiences on how IdM solutions work and better understand the underlying security issues.



    References:

    [1]. Armando, A., Carbone, R., Compagna, L., Cuellar, J., Tobarra, L.: Formal Analysis of SAML 2.0 Web Browser Single Sign-on: Breaking the SAML-based Single Sign-on for Google Apps. In: FMSE ’08. ACM, New York, NY, USA (2008).

    [2]. Armando, A., Carbone, R., Compagna, L., Cu´ellar, J., Pellegrino, G., Sorniotti, A.: An Authentication Flaw in Browser-based Single Sign-On Protocols: Impact and Remediations. Computers & Security 33, 41 – 58 (2013).

    [3]. Engelbertz, N., Erinola, N., Herring, D., Somorovsky, J., Mladenov, V., Schwenk, J.: Security Analysis of eIDAS–The Cross-Country Authentication Scheme in Europe. In: 12th USENIX Workshop on Offensive Technologies (WOOT 18) (2018).

    [4]. Hardt, D.: The OAuth 2.0 Authorization Framework (2012), IETF.

    [5]. Mladenov, V.: On the Security of Single Sign-On. Ph.D. thesis, Ruhr-Universit¨at Bochum (2017).

    [6]. OASIS: SAML V2.0 Tech. Overview. http://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf (March 2008).

    [7]. OASIS: SAML V2.0 Approved Errata. http://docs.oasis-open.org/security/saml/v2.0/sstc-saml-approved-errata-2.0.pdf (May 2012).

    [8]. Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., Mortimore, C.: OpenID Con- nect Core 1.0 Incorporating Errata Set 1 (2014), OIDF.



    Additional Information

    Article Title: Micro-Id-Gym: Identity Management Workouts with Container-Based Microservices
    Author(s): BISEGNA, Andrea; CARBONE, Roberto; MARTINI, Ivan; ODORIZZI, Valentina; PELLIZZARI, Giulio; RANISE, Silvio
    Date of Publication: 2019-06-28
    Publication: International Journal of Information Security and Cybercrime
    ISSN: 2285-9225 e-ISSN: 2286-0096
    Digital Object Identifier: 10.19107/IJISC.2019.01.06
    Issue: Volume 8, Issue 1, Year 2019
    Section: Studies and Analysis of Cybercrime Phenomenon
    Page Range: 45-50 (6 pages)



    Copyright

    Copyright ©2012-2020 IJISC - International Journal of Information Security and Cybercrime

    All rights reserved: International Journal of Information Security and Cybercrime is a trademark of RAISA - Romanian Association for Information Security Assurance.
    No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from RAISA. When authors submit their papers for publication, they agree that the copyright for their article be transferred to Romanian Association for Information Security Assurance, if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.