SMash: Secure Component Model for Cross-Domain Mashups on Unmodified Browsers
Mashup applications mix and merge content (data and code) from multiple content providers in a user’s browser, to pro-vide high-value web applications that can rival the user ex-perience provided by desktop applications. Current browser security models were not designed to support such appli-cations and they are therefore implemented with insecure workarounds. In this paper, we present a secure component model, where components are provided by di
erent trust domains, and can interact using a communication abstrac-tion that allows ease of specification of a security policy. We have developed an implementation of this model that works currently in all major browsers, and addresses chal-lenges of communication integrity and frame-phishing. An evaluation of the performance of our implementation shows that this approach is not just feasible but also practical.
Web 2.0 browser mashup component model phishing
Frederik De Keukelaere Sumeer Bhola Michael Steiner Suresh Chari Sachiko Yoshihama
IBM Tokyo Research Laboratory, Kanagawa, Japan; IBM T.J. Watson Research Center, New York, USA
国际会议
第十七届国际万维网大会(the 17th International World Wide Web Conference)(WWW08)
北京
英文
2008-04-21(万方平台首次上网日期,不代表论文的发表时间)