Published: May 2, 2019 The following papers have been accepted at the 16th International Conference on Security and Cryptography (SECRYPT 2019):
- Title: A Tool-assisted Methodology for the Data Protection Impact Assessment
- Authors: Salimeh Dashti and Silvio Ranise
- Abstract: We propose a pragmatic methodology to the Data Protection Impact Assessment (DPIA) based on a tool capable of assisting users during crucial activities such as data processing specification and risk analysis. Previous work on compliance checking and our experience in developing a DPIA methodology for the Public Administration of the province of Trento in Italy are the basis of this work.
- DOI: 10.5220/0007932202760283
- Title: A Wizard-Based Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps
- Authors: Amir Sharif, Roberto Carbone, Silvio Ranise and Giada Sciarretta
- Abstract: Many available mobile applications (apps) have poorly implemented Single Sign-On and Access Delegation solutions leading to serious security issues. This could be caused by inexperienced developers who prioritize the implementation of core functionalities and/or misunderstand security critical parts. The situation is even worse in complex API scenarios where the app interacts with several providers. To address these problems, we propose a novel wizard-based approach that guides developers to integrate multiple third-party Identity Management (IdM) providers in their apps, by (i) “enforcing” the usage of best practices for native apps, (ii) avoiding the need to download several SDKs and understanding their online documentations (a list of known IdM providers with their configuration information is embedded within our approach), and (iii) automatically generating the code to enable the communication with the different IdM providers. The effectiveness of the proposed approach has been assessed by implementing an Android Studio plugin and using it to integrate several IdM providers, such as OKTA, Auth0, Microsoft, and Google.
- DOI: 10.5220/0007930502680275
- Complementary Material: Link
About the conference
- Name: 16th International Conference on Security and Cryptography (SECRYPT 2019)
- Date: from July 26, 2019 to July 28, 2019
- Location: Prague, Czech Republic
- Website: http://www.secrypt.icete.org/?y=2019