loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Yi Wang 1 ; Tao Guo 2 ; Zhiwei Shi 2 and Zhoujun Li 1

Affiliations: 1 Beihang University, China ; 2 China Information Technology Security Evaluation Center, China

Keyword(s): Mashup, Html5, Sandbox, Web Workers, Web Application.

Related Ontology Subjects/Areas/Topics: Access Control ; Data Engineering ; Databases and Data Security ; Information and Systems Security ; Internet Technology ; Web Information Systems and Technologies ; Web Programming ; Web Security and Privacy

Abstract: A growing trend of nowadays web sites is to combine active content (applications) from untrusted sources, as in so-called mashups, in order to provide more functionality and expressiveness. Due to the potential risk of leaking sensitive information to these third-party sources, it is urgent to provide a secure “sandbox” for playing the untrusted content and allow developers to apply flexible security policy at the same time. In this paper, we propose and implement a new safe framework to prevent untrusted applications from interfering with each other based on HTML5 technology. By creating a separated fake DOM environment in the background, developers can load untrusted content into the “sandbox” and apply their custom security policy in real window or server side when receiving script generated messages from it. The advantage is that it is very flexible as the security policy is also written in JavaScript and requires minimum learning efforts for web developers. The drawback is that it is based on element “web workers” and method “postMessage” introduced in HTML5 and can’t be run in older browsers without these supports. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.238.87.31

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Wang, Y.; Guo, T.; Shi, Z. and Li, Z. (2012). FSMesh - Flexibly Securing Mashups by User Defined DOM Environment. In Proceedings of the 8th International Conference on Web Information Systems and Technologies - WEBIST; ISBN 978-989-8565-08-2; ISSN 2184-3252, SciTePress, pages 96-102. DOI: 10.5220/0003899000960102

@conference{webist12,
author={Yi Wang. and Tao Guo. and Zhiwei Shi. and Zhoujun Li.},
title={FSMesh - Flexibly Securing Mashups by User Defined DOM Environment},
booktitle={Proceedings of the 8th International Conference on Web Information Systems and Technologies - WEBIST},
year={2012},
pages={96-102},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003899000960102},
isbn={978-989-8565-08-2},
issn={2184-3252},
}

TY - CONF

JO - Proceedings of the 8th International Conference on Web Information Systems and Technologies - WEBIST
TI - FSMesh - Flexibly Securing Mashups by User Defined DOM Environment
SN - 978-989-8565-08-2
IS - 2184-3252
AU - Wang, Y.
AU - Guo, T.
AU - Shi, Z.
AU - Li, Z.
PY - 2012
SP - 96
EP - 102
DO - 10.5220/0003899000960102
PB - SciTePress