A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
The Design of Rijndael
Subspace: secure cross-domain communication for web mashups
Proceedings of the 16th international conference on World Wide Web
SMash: secure component model for cross-domain mashups on unmodified browsers
Proceedings of the 17th international conference on World Wide Web
WebIBC: Identity Based Cryptography for Client Side Security in Web Applications
ICDCS '08 Proceedings of the 2008 The 28th International Conference on Distributed Computing Systems
OMash: enabling secure web mashups via object abstractions
Proceedings of the 15th ACM conference on Computer and communications security
Please Permit Me: Stateless Delegated Authorization in Mashups
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
OMOS: A Framework for Secure Communication in Mashup Applications
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Market Overview of Enterprise Mashup Tools
ICSOC '08 Proceedings of the 6th International Conference on Service-Oriented Computing
Privacy-aware identity management for client-side mashup applications
Proceedings of the 5th ACM workshop on Digital identity management
Towards privacy-enhancing identity management in mashup-providing platforms
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Hi-index | 0.00 |
Mashups were not designed with security in mind. Their main selling point is the flexible and easy to use development approach. The fact that mashups enable users to compose services to create a piece of software with new functionalities, integrating inputs from various sources, implies a security risk. However, in many scenarios where mashups add business value, e.g. enterprise mashups, security and privacy are important requirements. A secure environment for the handling of potentially sensitive end user information is needed, unless the user fully trusts the mashup-providing-platform (MPP), which is unlikely for hosted enterprise mashups. In this paper we present a proof-of-concept implementation which enables the secure usage of a mashup-providing platform and protects sensitive data against malicious widgets and platform operators.