loading
Papers

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Yi Wang 1 ; Tao Guo 2 ; Zhiwei Shi 2 and Zhoujun Li 1

Affiliations: 1 Beihang University, China ; 2 China Information Technology Security Evaluation Center, China

ISBN: 978-989-8565-08-2

Keyword(s): Mashup, Html5, Sandbox, Web Workers, Web Application.

Related Ontology Subjects/Areas/Topics: Access Control ; Data Engineering ; Databases and Data Security ; Information and Systems Security ; Internet Technology ; Web Information Systems and Technologies ; Web Programming ; Web Security and Privacy

Abstract: A growing trend of nowadays web sites is to combine active content (applications) from untrusted sources, as in so-called mashups, in order to provide more functionality and expressiveness. Due to the potential risk of leaking sensitive information to these third-party sources, it is urgent to provide a secure “sandbox” for playing the untrusted content and allow developers to apply flexible security policy at the same time. In this paper, we propose and implement a new safe framework to prevent untrusted applications from interfering with each other based on HTML5 technology. By creating a separated fake DOM environment in the background, developers can load untrusted content into the “sandbox” and apply their custom security policy in real window or server side when receiving script generated messages from it. The advantage is that it is very flexible as the security policy is also written in JavaScript and requires minimum learning efforts for web developers. The drawback is that i t is based on element “web workers” and method “postMessage” introduced in HTML5 and can’t be run in older browsers without these supports. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 35.175.201.14

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Wang, Y.; Li, Z.; Guo, T. and Shi, Z. (2012). FSMesh - Flexibly Securing Mashups by User Defined DOM Environment.In Proceedings of the 8th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-8565-08-2, pages 96-102. DOI: 10.5220/0003899000960102

@conference{webist12,
author={Yi Wang. and Zhoujun Li. and Tao Guo. and Zhiwei Shi.},
title={FSMesh - Flexibly Securing Mashups by User Defined DOM Environment},
booktitle={Proceedings of the 8th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2012},
pages={96-102},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003899000960102},
isbn={978-989-8565-08-2},
}

TY - CONF

JO - Proceedings of the 8th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - FSMesh - Flexibly Securing Mashups by User Defined DOM Environment
SN - 978-989-8565-08-2
AU - Wang, Y.
AU - Li, Z.
AU - Guo, T.
AU - Shi, Z.
PY - 2012
SP - 96
EP - 102
DO - 10.5220/0003899000960102

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.