Helen J. Wang
Abstract
Web browsers have evolved from a single-principal platform on which one site is browsed at a time into a multi-principal platform on which data and code from mutually distrusting sites interact programmatically in a single page at the browser. Today's "Web 2.0" applications (or mashups) offer rich services, rivaling those of desktop PCs. However, the protection andcommunication abstractions offered by today's browsers remain suitable onlyfor a single-principal system--either no trust through completeisolation between principals (sites) or full trust by incorporating third party code as libraries. In this paper, we address this deficiency by identifying and designing the missing abstractions needed for a browser-based multi-principal platform. We have designed our abstractions to be backward compatible and easily adoptable. We have built a prototype system that realizes almost all of our abstractions and their associated properties. Our evaluation shows that our abstractions make it easy to build more secure and robust client-side Web mashups and can be easily implemented with negligible performance overhead.
Supplemental Material
Available for Download
Slides from the presentation
Supplemental material for Protection and communication abstractions for web browsers in MashupOS
- Adobe. External data not accessible outside a Macromedia Flash movie's domain, 2007. http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_14213.Google Scholar
- JavaScript Speed Test: BenchJS. http://www.24fun.com/downloadcenter/benchjs/benchjs.html.Google Scholar
- B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers, and S. Eggers. Extensibility, Safety and Performance in the SPIN Operating System. In Proceedings of the 15th ACM Symposium on Operating System Principles (SOSP--15), December 1995. Google ScholarDigital Library
- Browser Helper Object. http://msdn2.microsoft.com/en-us/bb250436.aspx.Google Scholar
- S. Brin and L. Page. The anatomy of a large-scale hypertextual Web search engine. In 7th International World World Web Conference, 1998. Google ScholarDigital Library
- J. Burke. Cross Domain Frame Communication with Fragment Identifiers. http://tagneto.blogspot.com/2006/06/cross--domain--frame-communication-with.html.Google Scholar
- S. M. Christey. Vulnerability Type Distribution in CVE, September 2006. http://www.attrition.org/pipermail/vim/2006--September/001032.html.Google Scholar
- Component Object Model (COM). http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnanchor/html/componentobjectmodelanchor.asp.Google Scholar
- J. Couvreur. FlashXMLHttpRequest: cross-domain requests. http://blog.monstuff.com/FlashXMLHttpRequest.Google Scholar
- R. Cox, J. Hansen, S. Gribble, and H. Levy. A Safety-Oriented Platform for Web Applications. In Proc. IEEE Symposium on Security and Privacy, 2006. Google ScholarDigital Library
- D. Crockford. JSONRequest. http://www.json.org/jsonrequest.html.Google Scholar
- D. Crockford. The Module Tag: A Proposed Solution to the Mashup Security Problem. http://www.json.org/module.html.Google Scholar
- Document Object Model. http://www.w3.org/DOM/.Google Scholar
- BEich. JavaScript: Mobility and Ubiquity. http://kathrin.dagstuhl.de/files/Materials/07/07091/07091.EichBrendan.Slides.pdf.Google Scholar
- Big WebOS roundup -- 10 online operating systems reviewed. http://franticindustries.com/blog/2006/12/21/.Google Scholar
- D. Flanagan. JavaScript: The Definitive Guide. O'Reilly, August 2006. Google ScholarDigital Library
- Flickr Services API. http://www.flickr.com/services/api/.Google Scholar
- N. Freed. Media Type Specifications and Registration Procedures, December 2005. http://rfc.net/rfc4288.html.Google Scholar
- Google Maps API, 2007. http://www.google.com/apis/maps/.Google Scholar
- Preventing comment spam, January 2005. http://googleblog.blogspot.com/2005/01/preventing-comment-spam.html.Google Scholar
- J. Grossman. Advanced Web Attack Techniques using GMail. http://jeremiahgrossman.blogspot.com/2006/01/advanced-web-attack-techniques-using.html.Google Scholar
- W. H. A. TW. Group. Web Applications 1.0, February 2007. http://www.whatwg.org/specs/web-apps/current-work/.Google Scholar
- HTML 4.01 Specification, December 1999. http://www.w3.org/TR/html401/.Google Scholar
- G. Hunt and J. Larus. Singularity: Rethinking the Software Stack. In Operating Systems Review, April 2007. Google ScholarDigital Library
- Internet Explorer Architecture. http://msdn.microsoft.com/workshop/browser/overview/ie_arch.asp.Google Scholar
- Persistence of Internet Explorer. http://msdn.microsoft.com/workshop/author/persistence/overview.asp?frame=true.Google Scholar
- GInc. Google Gadgets API Developer Guide. http://www.google.com/apis/gadgets/fundamentals.html.Google Scholar
- C. Jackson and H. Wang. Subspace: Secure Cross-Domain Communication for Web Mashups. In Proc. WWW, 2007. Google ScholarDigital Library
- T. Jim, N. Swamy, and M. Hicks. BEEP: Browser-Enforced Embedded Policies. In 16th International World World Web Conference, May 2007. Google ScholarDigital Library
- JavaScript Object Notation (JSON). http://www.json.org/.Google Scholar
- F.D. Keukelaere, S. Bhola, M. Steiner, S. Chari, and S. Yoshihama. S. Mash: Secure Cross-Domain Mashups on Unmodified Browsers. Technical report, IBM Research, Tokyo Research Laboratory, June 2007.Google Scholar
- D. Kristol and L. Montulli. HTTP State Management Mechanism. IETF RFC 2965, October 2000. Google ScholarDigital Library
- Windows Live Gadget Developer's Guide. http://microsoftgadgets.com/livesdk/docs/default.htm.Google Scholar
- L. Masinter. RFC 2397: The "data" URL Scheme, August 1998. http://tools.ietf.org/html/rfc2397. Google ScholarDigital Library
- About Asynchronous Pluggable Protocols. http://msdn2.microsoft.com/en-us/library/aa767916.aspx.Google Scholar
- C. Reis, B. Bershad, S. Gribble, and H. Levy. Using processes to improve the reliability of browser-based applications. In Under submission.Google Scholar
- R. Snake. XSS Cheat Sheet. http://ha.ckers.org/xss.html.Google Scholar
- J. Ruderman. The Same Origin Policy. http://www.mozilla.org/projects/security/components/same-origin.html.Google Scholar
- Technical explanation of The MySpace Worm. http://namb.la/popular/tech.html.Google Scholar
- R. Wahbe, S. Lucco, T.E. Anderson, and S.L. Graham. Efficient Software-Based Fault Isolation. In Proceedings of the 14th ACM Symposium on Operating Systems Principles, December 1993. Google ScholarDigital Library
- Web applications working draft. http://www.whatwg.org/specs/web-apps/current-work/#crossDocumentMessages.Google Scholar
- Web desktop. http://en.wikipedia.org/wiki/Webtop.Google Scholar
- The XMLHttpRequest Object. http://www.w3.org/TR/XMLHttpRequest/.Google Scholar
- Google, Yahoo, MSN Unite On Support For Nofollow Attribute For Links, January 2005. http://blog.searchenginewatch.com/blog/050118-204728.Google Scholar
- YouOS. http://www.youos.com/.Google Scholar
Index Terms
- Protection and communication abstractions for web browsers in MashupOS
Recommendations
Protection and communication abstractions for web browsers in MashupOS
SOSP '07: Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principlesWeb browsers have evolved from a single-principal platform on which one site is browsed at a time into a multi-principal platform on which data and code from mutually distrusting sites interact programmatically in a single page at the browser. Today's "...
W3C user agent accessibility guidelines 1.0 for graphical Web browsers
Web browsers and multimedia players play a critical role in making Web content accessible to people with disabilities. Access to Web content requires that Web browsers provide users with final control over the styling of rendered content, the type of ...
Smart caching for web browsers
WWW '10: Proceedings of the 19th international conference on World wide webThis paper presents smart caching schemes for Web browsers. For modern Web applications, the style formatting and layout calculation often account for substantial amounts of the local computation in order to render a Web page. In this paper, we propose ...
Comments