Secure mashup-providing platforms - implementing encrypted wiring

Authors:
Matthias Herbert;Tobias Thieme;Jan Zibuschka;Heiko Roßnagel
Affiliations:
Fraunhofer IAO, Stuttgart, Germany;Fraunhofer IAO, Stuttgart, Germany;Fraunhofer IAO, Stuttgart, Germany;Fraunhofer IAO, Stuttgart, Germany
Venue:
ICWE'11 Proceedings of the 11th international conference on Current Trends in Web Engineering
Year:
2011

Citing 11
Cited 0

A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
The Design of Rijndael

The Design of Rijndael
Subspace: secure cross-domain communication for web mashups

Proceedings of the 16th international conference on World Wide Web
SMash: secure component model for cross-domain mashups on unmodified browsers

Proceedings of the 17th international conference on World Wide Web
WebIBC: Identity Based Cryptography for Client Side Security in Web Applications

ICDCS '08 Proceedings of the 2008 The 28th International Conference on Distributed Computing Systems
OMash: enabling secure web mashups via object abstractions

Proceedings of the 15th ACM conference on Computer and communications security
Please Permit Me: Stateless Delegated Authorization in Mashups

ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
OMOS: A Framework for Secure Communication in Mashup Applications

ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Market Overview of Enterprise Mashup Tools

ICSOC '08 Proceedings of the 6th International Conference on Service-Oriented Computing
Privacy-aware identity management for client-side mashup applications

Proceedings of the 5th ACM workshop on Digital identity management
Towards privacy-enhancing identity management in mashup-providing platforms

DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

Mashups were not designed with security in mind. Their main selling point is the flexible and easy to use development approach. The fact that mashups enable users to compose services to create a piece of software with new functionalities, integrating inputs from various sources, implies a security risk. However, in many scenarios where mashups add business value, e.g. enterprise mashups, security and privacy are important requirements. A secure environment for the handling of potentially sensitive end user information is needed, unless the user fully trusts the mashup-providing-platform (MPP), which is unlikely for hosted enterprise mashups. In this paper we present a proof-of-concept implementation which enables the secure usage of a mashup-providing platform and protects sensitive data against malicious widgets and platform operators.