Abstract
Supporting Mashup on mobile devices allows supporting advanced use cases and thus to accelerate the creation and combination of smart mobile applications. In this paper, we evaluate the three client-side Mashups proposals JS.JS, OMash and SMash on mobile devices. Our evaluation on mobile devices shows that the SMash proposal by IBM is reasonably suited for mobile mashups development as it requires less amount of effort from developers and at the same time it has cross-mobile-browser compatibility. In order to address the security, we integrated a sandbox functionality. We have modified the OpenAjax JavaScript library proposed in SMash and have added support of HTML5 \(\langle \)iframe\(\rangle \) tag’s “sandbox” attribute to it. \(\langle \)iframe\(\rangle \) “sandbox” attribute, mobile mashups developers can restrict the framed-content (which may not be trustworthy) in a low-privileged environment. We demonstrate our proposal on a mobile mashup application that integrates content from three different providers (i.e., News, Stock and Weather service).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
CanIUse?: Sandbox Attribute for iframes. http://caniuse.com#search=sandbox
Crites, S., Hsu, F., Chen, H.: OMash: enabling secure web mashups via object abstractions. In: Proc. of the ACM Conf. on Computer and Communications Security, (CCS 2008), pp. 99–108, October 2008
Dongy, X., Tranz, M., Liangy, Z., Jiangz., X.: Adsentry: Comprehensive and flexible confinement of javascript-based advertisements. In: Annual Computer Security Applications Conf., (ACSAC 2011), pp. 297–306 (2011)
JavaScriptinJavaScript(js.js): Sandboxing Third-Party Scripts, April 2012. http://sns.cs.princeton.edu/2012/04/javascript-in-javascript-js-js-sandboxing-third-5Cparty-scripts/
Keukelaere, F.D., Bhola, S., Steiner, M., Chari, S., Yoshihama, S.: SMash: secure component model for cross-domain mashups on unmodified browsers. In: Proc. of the Int. Conf. on World Wide Web (WWW 2008) 2008, pp. 535–544, April 2008
Kovacevic, A., Kaune, S., Heckel, H., Mink, A., Graffi, K., Heckmann, O., Steinmetz, R.: PeerfactSim.KOM - A Simulator for Large-Scale Peer-to-Peer Networks. Tech. Rep. Tr-2006-06, TU Darmstadt (2006)
Liebau, N., Pussep, K., Graffi, K., Kaune, S., Jahn, E., Beyer, A., Steinmetz, R.: The impact of the P2P paradigm on the new media industries. In: AMCIS 2007: Proceedings of Americas Conference on Information Systems (2007)
Manyika, J., Chui, M., Bughin, J., Dobbs, R., Bisson, P., Marrs, A.: Disruptive Technologies: Advances that will transform life, business, and the global economy, May 2013. http://www.mckinsey.com/insights/
Mozilla: Configurable Security Policies. http://www-archive.mozilla.org/projects/security/components/ConfigPolicy.html
OpenAjaxAlliance: Openajax alliance open source project at sourceforge. http://openajaxallianc.sourceforge.net/
Ruderman, J.: The same origin policy, August 2001. http://www.mozilla.org/projects/security/components/same-origin.html/
De Ryck, P., Decat, M., Desmet, L., Piessens, F., Joosen, W.: Security of web mashups: a survey. In: Aura, T., Järvinen, K., Nyberg, K. (eds.) NordSec 2010. LNCS, vol. 7127, pp. 223–238. Springer, Heidelberg (2012)
spec.whatwg: HTML-The Living Standard. https://html.spec.whatwg.org/multi-page/embedded-content.html#attr-iframe-sandbox
Terrace, J., Beard, S.R., Katta, N.P.K.: JavaScript in JavaScript (js.js): sandboxing third-party scripts. In: Proc. of the USENIX Conf. on Web Application Development (WebApps 2012), pp. 95–100 (2012)
West, M.: Play safely in sandboxed iframes, January 4, 2013. http://www.html5rocks.com/en/tutorials/security/sandboxed-iframes/
Zarandioon, S., Yao, D.D., Ganapathy, V.: OMOS: a framework for secure communication in mashup applications. In: Annual Computer Security Applications Conf., (ACSAC 2008), pp. 355–364 (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Ali, R., Graffi, K. (2015). SandMash: An Approach for Mashups Techniques on Smartphones. In: Younas, M., Awan, I., Mecella, M. (eds) Mobile Web and Intelligent Information Systems. MobiWIS 2015. Lecture Notes in Computer Science(), vol 9228. Springer, Cham. https://doi.org/10.1007/978-3-319-23144-0_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-23144-0_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23143-3
Online ISBN: 978-3-319-23144-0
eBook Packages: Computer ScienceComputer Science (R0)