FSMesh - Flexibly Securing Mashups by User Defined DOM Environment

Yi Wang; Tao Guo; Zhiwei Shi; Zhoujun Li

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

FSMesh - Flexibly Securing Mashups by User Defined DOM Environment

Topics: Authentication and Access Control; Web Programming; Web Security and Privacy

In Proceedings of the 8th International Conference on Web Information Systems and Technologies WEBIST - Volume 1, 96-102, 2012 , Porto, Portugal

Authors: Yi Wang ¹ ; Tao Guo ² ; Zhiwei Shi ² and Zhoujun Li ¹

Affiliations: ¹ Beihang University, China ; ² China Information Technology Security Evaluation Center, China

Keyword(s): Mashup, Html5, Sandbox, Web Workers, Web Application.

Related Ontology Subjects/Areas/Topics: Access Control ; Data Engineering ; Databases and Data Security ; Information and Systems Security ; Internet Technology ; Web Information Systems and Technologies ; Web Programming ; Web Security and Privacy

Abstract: A growing trend of nowadays web sites is to combine active content (applications) from untrusted sources, as in so-called mashups, in order to provide more functionality and expressiveness. Due to the potential risk of leaking sensitive information to these third-party sources, it is urgent to provide a secure “sandbox” for playing the untrusted content and allow developers to apply flexible security policy at the same time. In this paper, we propose and implement a new safe framework to prevent untrusted applications from interfering with each other based on HTML5 technology. By creating a separated fake DOM environment in the background, developers can load untrusted content into the “sandbox” and apply their custom security policy in real window or server side when receiving script generated messages from it. The advantage is that it is very flexible as the security policy is also written in JavaScript and requires minimum learning efforts for web developers. The drawback is that it is based on element “web workers” and method “postMessage” introduced in HTML5 and can’t be run in older browsers without these supports. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.188.91.223

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Wang, Y.; Guo, T.; Shi, Z. and Li, Z. (2012). FSMesh - Flexibly Securing Mashups by User Defined DOM Environment. In Proceedings of the 8th International Conference on Web Information Systems and Technologies - WEBIST; ISBN 978-989-8565-08-2; ISSN 2184-3252, SciTePress, pages 96-102. DOI: 10.5220/0003899000960102

@conference{webist12,
author={Yi Wang. and Tao Guo. and Zhiwei Shi. and Zhoujun Li.},
title={FSMesh - Flexibly Securing Mashups by User Defined DOM Environment},
booktitle={Proceedings of the 8th International Conference on Web Information Systems and Technologies - WEBIST},
year={2012},
pages={96-102},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003899000960102},
isbn={978-989-8565-08-2},
issn={2184-3252},
}

TY - CONF

JO - Proceedings of the 8th International Conference on Web Information Systems and Technologies - WEBIST
TI - FSMesh - Flexibly Securing Mashups by User Defined DOM Environment
SN - 978-989-8565-08-2
IS - 2184-3252
AU - Wang, Y.
AU - Guo, T.
AU - Shi, Z.
AU - Li, Z.
PY - 2012
SP - 96
EP - 102
DO - 10.5220/0003899000960102
PB - SciTePress