Mashic compiler: Mashup sandboxing based on inter-frame communication

Abstract : Mashups are a prevailing kind of web applications integrating external gadget APIs often written in the JavaScript programming language. Writing secure mashups is a challenging task due to the heterogeneity of existing gadget APIs, the privileges granted to gadgets during mashup executions, and JavaScript's highly dynamic environment. We propose a new compiler , called Mashic, for the automatic generation of secure JavaScript-based mashups from existing mashup code. The Mashic compiler can effortlessly be applied to existing mashups based on a wide-range of gadget APIs. It offers security and correct-ness guarantees. Security is achieved via the Same Origin Policy. Correctness is ensured in the presence of benign gadgets, that satisfy confidentiality and integrity constrains with regard to the integrator code. The compiler has been successfully applied to real world mashups based on Google maps, Bing maps, YouTube, and Zwibbler APIs.
Type de document :
Article dans une revue
Journal of Computer Security, IOS Press, 2016, 〈10.3233/JCS-160542〉
Liste complète des métadonnées

Littérature citée [33 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01353966
Contributeur : Tamara Rezk <>
Soumis le : lundi 22 août 2016 - 15:56:28
Dernière modification le : jeudi 11 janvier 2018 - 16:47:59
Document(s) archivé(s) le : mercredi 23 novembre 2016 - 11:33:15

Fichier

main.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Zhengqin Luo, José Fragoso Santos, Ana Almeida Matos, Tamara Rezk. Mashic compiler: Mashup sandboxing based on inter-frame communication. Journal of Computer Security, IOS Press, 2016, 〈10.3233/JCS-160542〉. 〈hal-01353966〉

Partager

Métriques

Consultations de la notice

187

Téléchargements de fichiers

117