We organize a conference for collecting IMSc points in the context of the IT Security BSc course in the spring semester of the 2023/24 academic year at BME. Beyond IMSc point collection, the goal of the conference is to encourage students to deep-dive into some hot topics of IT security, to get familiar with the challenges and recent research results, and to share knowledge with other students in the form of short presentations. We do hope that the conference will shed light on the beauty of the field of IT security and some of its exciting research areas, and it will stimulate both the active participants of the conference and all other students enrolled in the IT security course to engage in further studies in the domain of IT security.
The Call for Papers (CfP) for the conference is available here.
all, uav, cyber-physical-system, vehicle, network-security, power grid, machine-learning, data-evaluation, privacy, economics, malware, binary-similarity, cryptography, machine-learning-security, LLM-security, LLM, copilot, federated-learning, poisoning, password-manager, AAA, OAuth, web-security, Kerberos
OAuth is one of the most widely used authorization frameworks. Despite all the recommendations of not merely using it as a means of authentication, it is also commonly leveraged as such. Over the years, we have seen a multitude of security breaches related to OAuth, and while OAuth itself includes some questionable design choices (such as the now deprecated Impicit Grant flow), most security issues stem from improper use of the framework, incorrect knowledge of its workings, or simply implementation errors. Explore the history of OAuth and some of the most baffling blunders leading to hacks and breaches!
Tags: OAuth, web-security, AAA
References: