Download now Free registration required
Mashup applications mix and merge content (data and code) from multiple content providers in a user's browser, to pro-vide high-value web applications that can rival the user experience provided by desktop applications. Current browser security models were not designed to support such applications and they are therefore implemented with insecure workarounds. This paper presents a secure component model, where components are provided by different trust do-mains, and can interact using a communication abstraction that allows ease of specification of a security policy. The paper has developed an implementation of this model that works currently in all major browsers, and addresses challenges of communication integrity and frame-phishing.
- Format: PDF
- Size: 456.8 KB