Skip to main content
SpringerLink
Log in

An Analysis of Widget Security

  • Conference paper
Book cover Identity and Privacy in the Internet Age (NordSec 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5838))

Included in the following conference series:

  • 1192 Accesses

Abstract

Widget is a Web 2.0 concept that is gaining momentum lately. But, in order to be successful, it must have a sound security scheme. Unfortunately, until now, the security issues do not receive sufficiently attention. This paper provides a comprehensive analysis of vulnerabilities and threats for widgets. To clarify the seriousness of the threats, some known widget attacks are described. The paper proposes countermeasures to protect both the user’s devices and the widget servers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. BONDI Architecture & Security Requirements version 1.0. OMTP (February 9, 2009)

    Google Scholar 

  2. Roessler, T.: More on widgets: When one e-mail is enough to break a system, Thomas Roessler’s blog (December 19, 2007), http://log.does-not-exist.org/archives/2007/12/19/2159_more_on_widgets_when_one_email_is_enough_to_break_a_system.html

  3. Apple Dashboard Widget Insecurity, Geisterstunde.org (October 6, 2008), http://www.geisterstunde.org/drupal/?q=node/67

  4. Access Control for Cross-Site Requests, W3C Working Draft (September 12, 2008)

    Google Scholar 

  5. Schuh, J.: Same-Origin Policy Part 1: Why we’re stuck with things like XSS and XSRF/CSRF (February 8, 2007), http://taossa.com/index.php/2007/02/08/same-origin-policy

  6. Zalewski, M.: Browser Security Handbook, part 2, Google Inc. (2008), http://code.google.com/p/browsersec/wiki/Part2

  7. Symbian: How do I get my Symbian OS application signed? https://www.symbiansigned.com/how_do_I_get_my_application_signed_2.5.pdf

  8. Thomson, L.: Mobile virus moves to new level – when friends infect (April 5, 2005), http://www.vnunet.com/vnunet/news/2127090/mobile-virus-moves-level

  9. Maier, J.D., Mackman, A., Wastell, B.: Threat Modeling Web Applications, Patterns & Practices Library, Microsoft Corporation (2005)

    Google Scholar 

  10. Widgets 1.0: The Widget Landscape, W3C Working Draft (April 14, 2008)

    Google Scholar 

  11. Liwell, M., Nilsson, C.: Sony Ericsson Position Paper for the W3C Workshop Security for Access to Device APIs from the Web in London (December 10-11, 2008), http://www.w3.org/2008/security-ws/papers/SEMC_Position_Paper.pdf

  12. Roessler, T.: When Widgets Go Wrong, W3C Q&A Blog (December 20, 2007), Available at http://www.w3.org/QA/2007/12/when_widgets_go_wrong.html

Download references

Author information

Authors and Affiliations

  1. NTNU, O.S. Bragstadsplass 2B, N-7491, Trondheim, Norway

    Karsten Peder Holth

  2. Linus, Martin Lingesvei 17, 1330, Fornebu, Norway

    Do van Thuan

  3. Ubisafe, Gamleveien 252, 2624, Lillehammer, Norway

    Ivar Jørstad

  4. Telenor & NTNU, Snaroyveien 30, 1331, Fornebu, Norway

    Do van Thanh

Authors
  1. Karsten Peder Holth
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Do van Thuan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ivar Jørstad
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Do van Thanh
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Oslo, University Graduate Center, Kjeller, Norway

    Audun Jøsang

  2. Norwegian Defence Research Establishment, Kjeller, Norway

    Torleiv Maseng

  3. Norwegian University of Science and Technology, Centre for Quantifiable Quality of Service in Communication Systems, Trondheim, Norway

    Svein Johan Knapskog

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Holth, K.P., van Thuan, D., Jørstad, I., van Thanh, D. (2009). An Analysis of Widget Security. In: Jøsang, A., Maseng, T., Knapskog, S.J. (eds) Identity and Privacy in the Internet Age. NordSec 2009. Lecture Notes in Computer Science, vol 5838. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04766-4_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04766-4_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04765-7

  • Online ISBN: 978-3-642-04766-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation