On the criteria to be used in decomposing systems into modules
Communications of the ACM
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Passpet: convenient password management and phishing protection
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
JavaScript instrumentation for browser security
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Subspace: secure cross-domain communication for web mashups
Proceedings of the 16th international conference on World Wide Web
BrowserShield: vulnerability-driven filtering of dynamic HTML
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
MashupOS: operating system abstractions for client mashups
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
OMash: enabling secure web mashups via object abstractions
Proceedings of the 15th ACM conference on Computer and communications security
Proceedings of the 10th ACM workshop on Web information and data management
Securing frame communication in browsers
SS'08 Proceedings of the 17th conference on Security symposium
Securing frame communication in browsers
Communications of the ACM - One Laptop Per Child: Vision vs. Reality
HTML templates that fly: a template engine approach to automated offloading from server to client
Proceedings of the 18th international conference on World wide web
Creating a mobile web application platform: the lively kernel experiences
Proceedings of the 2009 ACM symposium on Applied Computing
Privacy-aware identity management for client-side mashup applications
Proceedings of the 5th ACM workshop on Digital identity management
A design of usable and secure access-control APIs for mashup applications
Proceedings of the 5th ACM workshop on Digital identity management
Towards a uniform web application platform for desktop computers and mobile devices
Towards a uniform web application platform for desktop computers and mobile devices
Mashware: the future of web applications
Mashware: the future of web applications
Platform for flexible integration of multimodal technologies into web application domain
E-ACTIVITIES'09/ISP'09 Proceedings of the 8th WSEAS International Conference on E-Activities and information security and privacy
A lattice-based approach to mashup security
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
No Code Required: Giving Users Tools to Transform the Web
No Code Required: Giving Users Tools to Transform the Web
Towards health 2.0: mashups to the rescue
NGITS'09 Proceedings of the 7th international conference on Next generation information technologies and systems
Towards privacy-enhancing identity management in mashup-providing platforms
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Mooshabaya: mashup generator for XBaya
Proceedings of the 8th International Workshop on Middleware for Grids, Clouds and e-Science
A middleware for securing mobile mashups
Proceedings of the 20th international conference companion on World wide web
Secure mashup-providing platforms - implementing encrypted wiring
ICWE'11 Proceedings of the 11th international conference on Current Trends in Web Engineering
Security of web mashups: a survey
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
TreeHouse: JavaScript sandboxes to helpWeb developers help themselves
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
The MACE Approach for Caching Mashups
International Journal of Web Services Research
Flexible access control for javascript
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
| Hi-index | 0.00 |
Mashup applications mix and merge content (data and code) from multiple content providers in a user's browser, to provide high-value web applications that can rival the user experience provided by desktop applications. Current browser security models were not designed to support such applications and they are therefore implemented with insecure workarounds. In this paper, we present a secure component model, where components are provided by different trust domains, and can interact using a communication abstraction that allows ease of specification of a security policy. We have developed an implementation of this model that works currently in all major browsers, and addresses challenges of communication integrity and frame-phishing. An evaluation of the performance of our implementation shows that this approach is not just feasible but also practical.