1 / 13

Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang

Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang. Mamadou H. Diallo. Overview. Motivation Mashups: Websites or web applications that combine content from multiple sources Example: www.housingmaps.com, Google Personalized Homepage, Windows Live

kato-fernandez
Download Presentation

Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Subspace: Secure Cross Domain Communication for Web MashupsCollin Jackson and Helen J. Wang Mamadou H. Diallo

  2. Overview • Motivation • Mashups: Websites or web applications that combine content from multiple sources • Example: www.housingmaps.com, Google Personalized Homepage, Windows Live • Issues: current web mashups don’t address security issues • Same origin security model • Existing approaches • <script> tags: uncontrolled cross domain execution - high security risks • Browser plugins: cross domain interaction - inconvenient for users • Gadget aggregators: inline or sandbox • Proposals for cross-domain communication mechanisms • Approach: Subspace • A cross-domain communication mechanism • Allows efficient and secure communication across domains • Provides a communication channel between the aggregator and each gadget • Channel: JavaScript objects passed across the frames • Protect aggregators against malicious web services and gadgets • Implementation • Subspace implemented using JavaScript

  3. Mashups: Communication across domains Current Practice • Same-origin policies • Sandbox model • Same-origin principle: only the site that stores some information in the browser may read or modify that information • Applied loosely: same-origin policies • JavaScript restrictions (policies): regulate access to inline frames (IFRAMEs) and XMLHttpRequest • Protects the secrecy of HTML documents and the integrity of a page • Proxies • Cross-domain <script> tags • Browser plugins • Fragment identifier messaging

  4. Subspace • Cross-subdomain communication • Site: <protocol, hostname, port> • Example: • Cross-domain code authorization • Dynamic authorization • Static authorization • Cross-domain frame access • Permissive • Restrictive • Configurable • Permissive, but restrict location

  5. Single Web Service • Technique • Add a throwaway subdomain • Example: • Set-up phase • 1. Create a mediator frame (hidden frame) • 2. Create untrusted frame • 3. Pass JavaScript communication object

  6. Single Web Service • Data Exchange • Static authorization model for closures • Provides easy communication mechanism between the top frame and the untrusted frame • Untrusted frame: adds data request closure to the JavaScript object • Argument: data response callback • <script> tag: inserted dynamically into the untrusted frame • Tag points to some JavaScript format hosted by the web service • After loading data from the remote web service, the tag invokes the data response callback • Dynamic authorization model for closures • Does not support callback system • Workaround • catch the security exception that is thrown when an unauthorized access occurs

  7. Multiple Web Service • Challenges • Protecting mashup domain • Protecting web services from each other • Restrictive frame access • The scheme for single web service can be directly adopted • Use nested frame structure • Permissive frame access • Examples: Firefox, Safari, IE7 • Separating is much more difficult • Configuration: any frame anywhere on the page can be reached by any other frame • Solution: use a new throwaway domain for each web service

  8. Multiple Web Service • 4. Pass JavaScript communication object • 5. Cleanup • 6. Repeat for every gadget • 7. Load untrusted content • Procedure • 1. Create mediator frame • 2. Create untrusted frame • 3. Create access frame

  9. Evaluation: Mashup Measurements • Performance • Example mashup • Web service 1: Flickr • Web service 2: del.icio.us • Mashup: KittenMark: allows posting the 20 most recent kitten photos from the Flickr to del.icio.us • Three architectures • Proxy • Unsafe • Subsapce • Measurements • Built an automated timing framework • Measured the time to load the initial page and • Measured the time to download the latest list of kittens from Flickr

  10. Evaluation: Gadget Aggregator Measurements • Application • Simple gadget aggregator • Allows the user to customize the font color of all his or her gadgets • Three gadget aggregator architectures • Sandboxed • Unsafe • Subspace • Time Measurement • Used the automated timing framework • Measured the setup time • Measure the time it took to change the font color

  11. Related Work • XML access-control instruction • W3C working draft • <?access-control?>: authorization of read access to XML content • JSONRequest (JavaScript Object Notation Request) • Can perform cross-domain data requests • Accept only data with a mime type application/json • BrowserShield • preprocess the gadget’s JavaScript code to ensure that it can only perform actions within a set of acceptable guidelines • Developing these policies is a challenging problem • could prevent some denial-of-service • Cross-document messages • Proposal for a browser standard • allow frames to send string messages to each other regardless of their source domain

  12. Comments • Motivation • Spatio-Temporal Predicates

  13. Questions?

More Related