A middleware for securing mobile mashups

Authors:
Florent Batard;Karima Boudaoud;Michel Riveill
Affiliations:
I3S Laboratory- CNRS/University of Nice Sophia Antipolis, Sophia Antipolis, France;I3S Laboratory- CNRS/University of Nice Sophia Antipolis, Sophia Antipolis, France;I3S Laboratory- CNRS/University of Nice Sophia Antipolis, Sophia Antipolis, France
Venue:
Proceedings of the 20th international conference companion on World wide web
Year:
2011

Citing 3
Cited 0

Subspace: secure cross-domain communication for web mashups

Proceedings of the 16th international conference on World Wide Web
SMash: secure component model for cross-domain mashups on unmodified browsers

Proceedings of the 17th international conference on World Wide Web
OMash: enabling secure web mashups via object abstractions

Proceedings of the 15th ACM conference on Computer and communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Mashups on traditional desktop devices are a well-known source of security risks. In this paper, we examine how these risks translate to mobile mashups and identify new risks caused by mobile-specific characteristics such as access to device features or offline operation. We describe the design of SCCM, a platform independent approach to handle the various mobile mashup security risks in a consistent and systematic manner. Evaluating an SCCM implementation for Android, we find that SCCM successfully protects against common attacks such as inserting a malicious widget from the outside.