Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC 2008); pages 355--364; Anaheim, California; December 8-12, 2008.
Mashups are new Web 2.0 applications that seamlessly combine contents from multiple heterogeneous data sources into one integrated browser environment. The hallmark of these applications is to facilitate dynamic information sharing and analysis, thereby creating a more integrated and convenient experience for end-users. As mashups evolve into portals designed to offer convenient access to information on critical domains, such as banking, shopping, investment, enterprise mashups, and web desktops, concern to protect clients’ personal information and trade secrets becomes important, thereby motivating the need for strong security guarantees. We develop a security architecture for mashup development that provides high assurance on mutual authentication, data confidentiality, and message integrity of mashup applications as they communicate within a Web browser. In this paper, we describe design and implementation of OMOS (OpenMashupOS), an open source browser-independent framework for secure inter-domain communication and mashup development.
Slides: [ PDF ]
DOI: [ 10.1109/ACSAC.2008.25 ]