Sciweavers

Share
WWW
2008
ACM

SMash: secure component model for cross-domain mashups on unmodified browsers

9 years 9 months ago
SMash: secure component model for cross-domain mashups on unmodified browsers
Mashup applications mix and merge content (data and code) from multiple content providers in a user's browser, to provide high-value web applications that can rival the user experience provided by desktop applications. Current browser security models were not designed to support such applications and they are therefore implemented with insecure workarounds. In this paper, we present a secure component model, where components are provided by different trust domains, and can interact using a communication abstraction that allows ease of specification of a security policy. We have developed an implementation of this model that works currently in all major browsers, and addresses challenges of communication integrity and frame-phishing. An evaluation of the performance of our implementation shows that this approach is not just feasible but also practical. Categories and Subject Descriptors: D.2.0 [General]: Protection mechanisms, D.2.11 [Software Architectures]: Information hiding, d...
Frederik De Keukelaere, Sumeer Bhola, Michael Stei
Added 21 Nov 2009
Updated 21 Nov 2009
Type Conference
Year 2008
Where WWW
Authors Frederik De Keukelaere, Sumeer Bhola, Michael Steiner, Suresh Chari, Sachiko Yoshihama
Comments (0)
books