Mashic Compiler: Mashup Sandboxing Based on Inter-frame Communication

Author

Zhengqin Luo ; Rezk, Tamara

Author_Institution

INRIA, France

fYear

2012

fDate

25-27 June 2012

Firstpage

157

Lastpage

170

Abstract

We propose a new compiler, called Mashic, for the automatic generation of secure Javascript-based mashups from existing mashup code. The Mashic compiler can effortlessly be applied to existing mashups based on a wide-range of gadget APIs. It offers security and correctness guarantees. Security is achieved via the Same Origin Policy. Correctness is ensured in the presence of benign gadgets, that satisfy confidentiality and integrity constrains with regard to the integrator code. The compiler has been successfully applied to real world mashups based on Google maps, Bing maps, YouTube, and Zwibbler APIs.

Keywords

Java; application program interfaces; program compilers; security of data; Bing maps; Google maps; YouTube; Zwibbler API; automatic generation; gadget API; inter-frame communication; mashic compiler; mashup sandboxing; same origin policy; secure Javascript-based mashups; Browsers; Color; HTML; Libraries; Mashups; Security; Semantics; Compiler; Correctness; Javascript; Security; Web Mashup;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Foundations Symposium (CSF), 2012 IEEE 25th

Conference_Location

Cambridge, MA

ISSN

1940-1434

Print_ISBN

978-1-4673-1918-8

Electronic_ISBN

1940-1434

Type

conf

DOI

10.1109/CSF.2012.22

Filename

6266158

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2947674