Subspace: secure cross-domain communication for web mashups
Proceedings of the 16th international conference on World Wide Web
BrowserShield: vulnerability-driven filtering of dynamic HTML
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
MashupOS: operating system abstractions for client mashups
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
OMash: enabling secure web mashups via object abstractions
Proceedings of the 15th ACM conference on Computer and communications security
OMOS: A Framework for Secure Communication in Mashup Applications
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Securing frame communication in browsers
Communications of the ACM - One Laptop Per Child: Vision vs. Reality
On the Incoherencies in Web Browser Access Control Policies
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
AdJail: practical enforcement of confidentiality and integrity policies on web advertisements
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Hi-index | 0.00 |
A web mashup is a web application that integrates content from heterogeneous sources to provide users with an integrated and seamless browsing experience. Client-side mashups differ from server-side mashups in that the content is integrated in the browser using the client-side scripts. However, the legacy same origin policy implemented by the current browsers cannot provide a flexible client-side communication mechanism to exchange information between resources from different sources. To address this problem, we propose a secure client-side cross-domain communication mechanism facilitated by a trusted proxy and the HTML 5 postMessage method. The proxy-based model supports fine-grained access control for elements that belong to different sources in web mashups; and the design guarantees the confidentiality, integrity, and authenticity during cross-domain communications. The proxy-based design also allows users to browse mashups without installing browser plug-ins. For mashups developers, the provided API minimizes the amount of code modification. The results of experiments demonstrate that the overhead incurred by our proxy model is low and reasonable. We anticipate the proxy-based design can help the mashup platform providers to provide a better solution to the mashup developers and users.