A cryptography-based approach to web mashup security

With the dawn of this century emerged new and innovative ways for creating software applications on the web. One of them is “web mashup”, which allows users to create new web applications by integrating data and services from other various web applications and data sources. Several technologies like Ajax, RSS, ATOM, REST, and XML etc have emerged which are used in creating mashups. The numerous online available data sources and services on one hand makes mashup creation fast and easy and also rich in content but on the other hand results in spawning security concerns. A wide array of security issues arises while combining diverse content/services from diverse sources into a new one, such as lack of security in the technologies and trustworthiness of content etc. In addition, several other issues like user privacy, data confidentiality, data integrity, and user authentication are needed to be addressed. In response to this, several proposals have been presented for improving the security of web mashups such as a new version of JavaScript with better security properties and addition of security tags in HTML etc. However, these approaches mostly focus on cross-site referencing issues. This research paper is aimed to provide a security framework that will use well-known cryptographic techniques to address the issues of data confidentiality, data integrity, and authentication as well as protection against the most common XSS and CSRF attacks in web mashups. Instead of concentrating on a particular security aspect, the proposed framework is more general and easy to conceptualize and implement.