Abstract
Widget is a Web 2.0 concept that is gaining momentum lately. But, in order to be successful, it must have a sound security scheme. Unfortunately, until now, the security issues do not receive sufficiently attention. This paper provides a comprehensive analysis of vulnerabilities and threats for widgets. To clarify the seriousness of the threats, some known widget attacks are described. The paper proposes countermeasures to protect both the user’s devices and the widget servers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
BONDI Architecture & Security Requirements version 1.0. OMTP (February 9, 2009)
Roessler, T.: More on widgets: When one e-mail is enough to break a system, Thomas Roessler’s blog (December 19, 2007), http://log.does-not-exist.org/archives/2007/12/19/2159_more_on_widgets_when_one_email_is_enough_to_break_a_system.html
Apple Dashboard Widget Insecurity, Geisterstunde.org (October 6, 2008), http://www.geisterstunde.org/drupal/?q=node/67
Access Control for Cross-Site Requests, W3C Working Draft (September 12, 2008)
Schuh, J.: Same-Origin Policy Part 1: Why we’re stuck with things like XSS and XSRF/CSRF (February 8, 2007), http://taossa.com/index.php/2007/02/08/same-origin-policy
Zalewski, M.: Browser Security Handbook, part 2, Google Inc. (2008), http://code.google.com/p/browsersec/wiki/Part2
Symbian: How do I get my Symbian OS application signed? https://www.symbiansigned.com/how_do_I_get_my_application_signed_2.5.pdf
Thomson, L.: Mobile virus moves to new level – when friends infect (April 5, 2005), http://www.vnunet.com/vnunet/news/2127090/mobile-virus-moves-level
Maier, J.D., Mackman, A., Wastell, B.: Threat Modeling Web Applications, Patterns & Practices Library, Microsoft Corporation (2005)
Widgets 1.0: The Widget Landscape, W3C Working Draft (April 14, 2008)
Liwell, M., Nilsson, C.: Sony Ericsson Position Paper for the W3C Workshop Security for Access to Device APIs from the Web in London (December 10-11, 2008), http://www.w3.org/2008/security-ws/papers/SEMC_Position_Paper.pdf
Roessler, T.: When Widgets Go Wrong, W3C Q&A Blog (December 20, 2007), Available at http://www.w3.org/QA/2007/12/when_widgets_go_wrong.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Holth, K.P., van Thuan, D., Jørstad, I., van Thanh, D. (2009). An Analysis of Widget Security. In: Jøsang, A., Maseng, T., Knapskog, S.J. (eds) Identity and Privacy in the Internet Age. NordSec 2009. Lecture Notes in Computer Science, vol 5838. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04766-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-04766-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04765-7
Online ISBN: 978-3-642-04766-4
eBook Packages: Computer ScienceComputer Science (R0)