Security Analysis of FedCM
| Thesis type | Master Thesis |
| Supervisor | Erwin Kupris |
| Starting date | As soon as possible |
| Skills | LaTeX, Git, Any programming language |
| Language | English (preferred), German |
| Industry cooperation | not possible |
| Publish date | 2024-08-13 |
Problem and context
FedCM [1,2] is an emerging API for enhancing the UX and security of SSO on the web. The proposed standard is still in active development, and a testing environment can be found at [3]. Our research group published a poster [4] addressing the compatibility of FedCM and research and education environments.
Goals
The goal of this thesis is to analyze FedCM’s security model and to develop attacks against this new API.
The thesis can focus on a number of sub-topics, including, but not limited to:
- Formal verification
- Attack modeling
- Testing automation
- Possibility to publish a resulting research paper
Thesis proposals for adjacent topics are welcome. Get in touch if you have further questions.
Literature
- https://drive.google.com/file/d/10Rh42VhJxZui527FTjN9zpsTpG1ZakqF/view
- https://fedidcg.github.io/
- tbd
- https://seclab.cs.hm.edu/assets/pdf/ek-fedcm4rne-poster.pdf