This 13-page paper addresses the problem of securing mashup applications
which mix active content from different trust domains. It is an extended
version of the paper prepared for presentation at the Seventeenth
International World Wide Web Conference (WWW2008), to be held on April
21-25, 2008 in Beijing, China. "Mashup applications mix and merge content
(data and code) from multiple content providers in a user's browser, to
provide high-value web applications that can rival the user experience
provided by desktop applications. Current browser security models were
not designed to support such applications and they are therefore
implemented with insecure workarounds. In our project SMash, we present
a secure component model, where components are provided by different
trust domains, and can interact using a communication abstraction that
allows ease of specification of a security policy. We propose a secure
component model comprising a central event communication hub and governed
communication channels which mediate the communication between isolated
components. We illustrate how such a model can be used to enforce basic
access control policies which define the allowed interactions between
components. We here describe SMash, an implementation of this model on
current browsers, which can be used right away in building secure mashup
applications. Our implementation depends on iframes for isolation while
bootstrapping a publish-subscribe model of communication using URL
fragment identifiers. Our programming model is intentionally general
enough that other communication techniques could be used instead of URL
fragments. SMash is resilient to attacks such as channel spying, message
forging, and frame-phishing. We have evaluated our implementation and
find that it scales well with increasing number of components in the
mashup, and has enough data throughput to be useful in a number of
mashup application scenarios. Our implementation is available as an
open-source JavaScript library."
No comments:
Post a Comment