skip to main content
10.1145/1294261.1294263acmconferencesArticle/Chapter ViewAbstractPublication PagessospConference Proceedingsconference-collections
Article

Protection and communication abstractions for web browsers in MashupOS

Published: 14 October 2007 Publication History

Abstract

Web browsers have evolved from a single-principal platform on which one site is browsed at a time into a multi-principal platform on which data and code from mutually distrusting sites interact programmatically in a single page at the browser. Today's "Web 2.0" applications (or mashups) offer rich services, rivaling those of desktop PCs. However, the protection andcommunication abstractions offered by today's browsers remain suitable onlyfor a single-principal system--either no trust through completeisolation between principals (sites) or full trust by incorporating third party code as libraries. In this paper, we address this deficiency by identifying and designing the missing abstractions needed for a browser-based multi-principal platform. We have designed our abstractions to be backward compatible and easily adoptable. We have built a prototype system that realizes almost all of our abstractions and their associated properties. Our evaluation shows that our abstractions make it easy to build more secure and robust client-side Web mashups and can be easily implemented with negligible performance overhead.

Supplementary Material

JPG File (1294263.jpg)
index.html (index.html)
Slides from the presentation
ZIP File (p1-slides.zip)
Supplemental material for Protection and communication abstractions for web browsers in MashupOS
Audio only (1294263.mp3)
Video (1294263.mp4)

References

[1]
Adobe. External data not accessible outside a Macromedia Flash movie's domain, 2007. http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_14213.
[2]
JavaScript Speed Test: BenchJS. http://www.24fun.com/downloadcenter/benchjs/benchjs.html.
[3]
B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers, and S. Eggers. Extensibility, Safety and Performance in the SPIN Operating System. In Proceedings of the 15th ACM Symposium on Operating System Principles (SOSP--15), December 1995.
[4]
Browser Helper Object. http://msdn2.microsoft.com/en-us/bb250436.aspx.
[5]
S. Brin and L. Page. The anatomy of a large-scale hypertextual Web search engine. In 7th International World World Web Conference, 1998.
[6]
J. Burke. Cross Domain Frame Communication with Fragment Identifiers. http://tagneto.blogspot.com/2006/06/cross--domain--frame-communication-with.html.
[7]
S. M. Christey. Vulnerability Type Distribution in CVE, September 2006. http://www.attrition.org/pipermail/vim/2006--September/001032.html.
[8]
Component Object Model (COM). http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnanchor/html/componentobjectmodelanchor.asp.
[9]
J. Couvreur. FlashXMLHttpRequest: cross-domain requests. http://blog.monstuff.com/FlashXMLHttpRequest.
[10]
R. Cox, J. Hansen, S. Gribble, and H. Levy. A Safety-Oriented Platform for Web Applications. In Proc. IEEE Symposium on Security and Privacy, 2006.
[11]
D. Crockford. JSONRequest. http://www.json.org/jsonrequest.html.
[12]
D. Crockford. The Module Tag: A Proposed Solution to the Mashup Security Problem. http://www.json.org/module.html.
[13]
Document Object Model. http://www.w3.org/DOM/.
[14]
BEich. JavaScript: Mobility and Ubiquity. http://kathrin.dagstuhl.de/files/Materials/07/07091/07091.EichBrendan.Slides.pdf.
[15]
Big WebOS roundup -- 10 online operating systems reviewed. http://franticindustries.com/blog/2006/12/21/.
[16]
D. Flanagan. JavaScript: The Definitive Guide. O'Reilly, August 2006.
[17]
Flickr Services API. http://www.flickr.com/services/api/.
[18]
N. Freed. Media Type Specifications and Registration Procedures, December 2005. http://rfc.net/rfc4288.html.
[19]
Google Maps API, 2007. http://www.google.com/apis/maps/.
[20]
Preventing comment spam, January 2005. http://googleblog.blogspot.com/2005/01/preventing-comment-spam.html.
[21]
J. Grossman. Advanced Web Attack Techniques using GMail. http://jeremiahgrossman.blogspot.com/2006/01/advanced-web-attack-techniques-using.html.
[22]
W. H. A. TW. Group. Web Applications 1.0, February 2007. http://www.whatwg.org/specs/web-apps/current-work/.
[23]
HTML 4.01 Specification, December 1999. http://www.w3.org/TR/html401/.
[24]
G. Hunt and J. Larus. Singularity: Rethinking the Software Stack. In Operating Systems Review, April 2007.
[25]
Internet Explorer Architecture. http://msdn.microsoft.com/workshop/browser/overview/ie_arch.asp.
[26]
Persistence of Internet Explorer. http://msdn.microsoft.com/workshop/author/persistence/overview.asp?frame=true.
[27]
GInc. Google Gadgets API Developer Guide. http://www.google.com/apis/gadgets/fundamentals.html.
[28]
C. Jackson and H. Wang. Subspace: Secure Cross-Domain Communication for Web Mashups. In Proc. WWW, 2007.
[29]
T. Jim, N. Swamy, and M. Hicks. BEEP: Browser-Enforced Embedded Policies. In 16th International World World Web Conference, May 2007.
[30]
JavaScript Object Notation (JSON). http://www.json.org/.
[31]
F.D. Keukelaere, S. Bhola, M. Steiner, S. Chari, and S. Yoshihama. S. Mash: Secure Cross-Domain Mashups on Unmodified Browsers. Technical report, IBM Research, Tokyo Research Laboratory, June 2007.
[32]
D. Kristol and L. Montulli. HTTP State Management Mechanism. IETF RFC 2965, October 2000.
[33]
Windows Live Gadget Developer's Guide. http://microsoftgadgets.com/livesdk/docs/default.htm.
[34]
L. Masinter. RFC 2397: The "data" URL Scheme, August 1998. http://tools.ietf.org/html/rfc2397.
[35]
About Asynchronous Pluggable Protocols. http://msdn2.microsoft.com/en-us/library/aa767916.aspx.
[36]
C. Reis, B. Bershad, S. Gribble, and H. Levy. Using processes to improve the reliability of browser-based applications. In Under submission.
[37]
R. Snake. XSS Cheat Sheet. http://ha.ckers.org/xss.html.
[38]
J. Ruderman. The Same Origin Policy. http://www.mozilla.org/projects/security/components/same-origin.html.
[39]
Technical explanation of The MySpace Worm. http://namb.la/popular/tech.html.
[40]
R. Wahbe, S. Lucco, T.E. Anderson, and S.L. Graham. Efficient Software-Based Fault Isolation. In Proceedings of the 14th ACM Symposium on Operating Systems Principles, December 1993.
[41]
Web applications working draft. http://www.whatwg.org/specs/web-apps/current-work/#crossDocumentMessages.
[42]
Web desktop. http://en.wikipedia.org/wiki/Webtop.
[43]
The XMLHttpRequest Object. http://www.w3.org/TR/XMLHttpRequest/.
[44]
Google, Yahoo, MSN Unite On Support For Nofollow Attribute For Links, January 2005. http://blog.searchenginewatch.com/blog/050118-204728.
[45]
YouOS. http://www.youos.com/.

Cited By

View all
  • (2022)SoK: All or Nothing - A Postmortem of Solutions to the Third-Party Script Inclusion Permission Model and a Path Forward2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP53844.2022.00021(206-222)Online publication date: Jun-2022
  • (2019)Programming Situational Mobile Web Applications with Cloud-Mobile Convergence: An Internetware-Oriented ApproachIEEE Transactions on Services Computing10.1109/TSC.2016.258726012:1(6-19)Online publication date: 1-Jan-2019
  • (2016)Mashic compiler: Mashup sandboxing based on inter-frame communicationJournal of Computer Security10.3233/JCS-16054224:1(91-136)Online publication date: 1-Mar-2016
  • Show More Cited By

Index Terms

  1. Protection and communication abstractions for web browsers in MashupOS

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SOSP '07: Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
    October 2007
    378 pages
    ISBN:9781595935915
    DOI:10.1145/1294261
    • cover image ACM SIGOPS Operating Systems Review
      ACM SIGOPS Operating Systems Review  Volume 41, Issue 6
      SOSP '07
      December 2007
      363 pages
      ISSN:0163-5980
      DOI:10.1145/1323293
      Issue’s Table of Contents
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 14 October 2007

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. abstractions
    2. browser
    3. communications
    4. multi-principal OS
    5. protection
    6. same-origin policy
    7. security
    8. web

    Qualifiers

    • Article

    Conference

    SOSP07
    Sponsor:
    SOSP07: ACM SIGOPS 21st Symposium on Operating Systems Principles 2007
    October 14 - 17, 2007
    Washington, Stevenson, USA

    Acceptance Rates

    Overall Acceptance Rate 174 of 961 submissions, 18%

    Upcoming Conference

    SOSP '25
    ACM SIGOPS 31st Symposium on Operating Systems Principles
    October 13 - 16, 2025
    Seoul , Republic of Korea

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)16
    • Downloads (Last 6 weeks)2
    Reflects downloads up to 08 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2022)SoK: All or Nothing - A Postmortem of Solutions to the Third-Party Script Inclusion Permission Model and a Path Forward2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP53844.2022.00021(206-222)Online publication date: Jun-2022
    • (2019)Programming Situational Mobile Web Applications with Cloud-Mobile Convergence: An Internetware-Oriented ApproachIEEE Transactions on Services Computing10.1109/TSC.2016.258726012:1(6-19)Online publication date: 1-Jan-2019
    • (2016)Mashic compiler: Mashup sandboxing based on inter-frame communicationJournal of Computer Security10.3233/JCS-16054224:1(91-136)Online publication date: 1-Mar-2016
    • (2015)JaTEProceedings of the 31st Annual Computer Security Applications Conference10.1145/2818000.2818019(151-160)Online publication date: 7-Dec-2015
    • (2015)LogSecProceedings of the 30th Annual ACM Symposium on Applied Computing10.1145/2695664.2695709(2149-2156)Online publication date: 13-Apr-2015
    • (2015)Understanding and Monitoring Embedded Web ScriptsProceedings of the 2015 IEEE Symposium on Security and Privacy10.1109/SP.2015.57(850-865)Online publication date: 17-May-2015
    • (2014)PivotProceedings of the 2014 IEEE Symposium on Security and Privacy10.1109/SP.2014.24(261-275)Online publication date: 18-May-2014
    • (2014)Declarative Policies for Capability ControlProceedings of the 2014 IEEE 27th Computer Security Foundations Symposium10.1109/CSF.2014.9(3-17)Online publication date: 19-Jul-2014
    • (2013)Content-based isolationProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2516722(1167-1180)Online publication date: 4-Nov-2013
    • (2013)Preventing accidental data disclosure in modern operating systemsProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2516677(1029-1042)Online publication date: 4-Nov-2013
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media