.jpg)
Refereed Papers
Track: Security II: Web Client Security
Paper Title:
SMash: Secure Component Model for Cross-Domain Mashups on Unmodified Browsers
Authors:
- Frederik De Keukelaere(IBM Tokyo Research Laboratory)
- Sumeer Bhola(IBM T.J. Watson Research Center)
- Michael Steiner(IBM T.J. Watson Research Center)
- Suresh Chari(IBM T.J. Watson Research Center)
- Sachiko Yoshihama(IBM Tokyo Research Laboratory)
Abstract:
Mashup applications mix and merge content (data and code) from multiple content providers in a user's browser, to provide high-value web applications that can rival the user experience provided by desktop applications. Current browser security models were not designed to support such applications and they are therefore implemented with insecure workarounds. In this paper, we present a secure component model, where components are provided by different trust domains, and can interact using a communication abstraction that allows ease of specification of a security policy. We have developed an implementation of this model that works currently in all major browsers, and addresses challenges of communication integrity and frame-phishing. An evaluation of the performance of our implementation shows that this approach is not just feasible but also practical.
Inquiries can be sent to:
