Stack inspection: theory and variants
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Javascript: The Complete Reference
Javascript: The Complete Reference
Protecting browser state from web privacy attacks
Proceedings of the 15th international conference on World Wide Web
BrowserShield: vulnerability-driven filtering of dynamic HTML
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Using web application construction frameworks to protect against code injection attacks
Proceedings of the 2007 workshop on Programming languages and analysis for security
Protection and communication abstractions for web browsers in MashupOS
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Beamauth: two-factor web authentication with a bookmark
Proceedings of the 14th ACM conference on Computer and communications security
MashupOS: operating system abstractions for client mashups
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
Sessionlock: securing web sessions against eavesdropping
Proceedings of the 17th international conference on World Wide Web
SMash: secure component model for cross-domain mashups on unmodified browsers
Proceedings of the 17th international conference on World Wide Web
Compoweb: a component-oriented web architecture
Proceedings of the 17th international conference on World Wide Web
Organizing and sharing distributed personal web-service data
Proceedings of the 17th international conference on World Wide Web
SOMA: mutual approval for included content in web pages
Proceedings of the 15th ACM conference on Computer and communications security
OMash: enabling secure web mashups via object abstractions
Proceedings of the 15th ACM conference on Computer and communications security
Proceedings of the 10th ACM workshop on Web information and data management
A comprehensive human computation framework: with application to image labeling
MM '08 Proceedings of the 16th ACM international conference on Multimedia
Personalized E-Learning through Environment Design and Collaborative Activities
USAB '08 Proceedings of the 4th Symposium of the Workgroup Human-Computer Interaction and Usability Engineering of the Austrian Computer Society on HCI and Usability for Education and Work
Securing frame communication in browsers
SS'08 Proceedings of the 17th conference on Security symposium
Towards a software component ontology
Proceedings of the 10th International Conference on Information Integration and Web-based Applications & Services
Securing frame communication in browsers
Communications of the ACM - One Laptop Per Child: Vision vs. Reality
Innovation in the Programmable Web: Characterizing the Mashup Ecosystem
Service-Oriented Computing --- ICSOC 2008 Workshops
ESWC 2009 Heraklion Proceedings of the 6th European Semantic Web Conference on The Semantic Web: Research and Applications
Automated security testing of web widget interactions
Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Proceedings of the 16th ACM conference on Computer and communications security
Privacy-aware identity management for client-side mashup applications
Proceedings of the 5th ACM workshop on Digital identity management
A design of usable and secure access-control APIs for mashup applications
Proceedings of the 5th ACM workshop on Digital identity management
End-to-End Security for Enterprise Mashups
ICSOC-ServiceWave '09 Proceedings of the 7th International Joint Conference on Service-Oriented Computing
Mashware: the future of web applications
Mashware: the future of web applications
Platform for flexible integration of multimodal technologies into web application domain
E-ACTIVITIES'09/ISP'09 Proceedings of the 8th WSEAS International Conference on E-Activities and information security and privacy
A lattice-based approach to mashup security
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
An architecture for enforcing end-to-end access control over web applications
Proceedings of the 15th ACM symposium on Access control models and technologies
Towards health 2.0: mashups to the rescue
NGITS'09 Proceedings of the 7th international conference on Next generation information technologies and systems
Cross-origin javascript capability leaks: detection, exploitation, and defense
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Utilizing cross-domain SOAP Web services using clientside languages in an enterprise mashup platform
WebMedia '09 Proceedings of the XV Brazilian Symposium on Multimedia and the Web
Featherweight Firefox: formalizing the core of a web browser
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
Towards privacy-enhancing identity management in mashup-providing platforms
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
AdJail: practical enforcement of confidentiality and integrity policies on web advertisements
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
WebAppArmor: a framework for robust prevention of attacks on web applications
ICISS'10 Proceedings of the 6th international conference on Information systems security
Proceedings of the 3rd and 4th International Workshop on Web APIs and Services Mashups
Designing and Implementing the OP and OP2 Web Browsers
ACM Transactions on the Web (TWEB)
A middleware for securing mobile mashups
Proceedings of the 20th international conference companion on World wide web
Proceedings of the 2011 ACM Symposium on Applied Computing
ADsafety: type-based verification of JavaScript Sandboxing
SEC'11 Proceedings of the 20th USENIX conference on Security
Secure mashup-providing platforms - implementing encrypted wiring
ICWE'11 Proceedings of the 11th international conference on Current Trends in Web Engineering
Security of web mashups: a survey
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
TreeHouse: JavaScript sandboxes to helpWeb developers help themselves
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
The MACE Approach for Caching Mashups
International Journal of Web Services Research
A measurement study of insecure javascript practices on the web
ACM Transactions on the Web (TWEB)
Analyzing and defending against web-based malware
ACM Computing Surveys (CSUR)
A secure proxy-based cross-domain communication for web mashups
Journal of Web Engineering
| Hi-index | 0.00 |
Combining data and code from third-party sources has enabled a new wave of web mashups that add creativity and functionality to web applications. However, browsers are poorly designed to pass data between domains, often forcing web developers to abandon security in the name of functionality. To address this deficiency, we developed Subspace, a cross-domain communication mechanism that allows efficient communication across domains without sacrificing security. Our prototype requires only a small JavaScript library, and works across all major browsers. We believe Subspace can serve as a new secure communication primitive for web mashups.