WWW2008 Refereed Papers - WWW 2008: Refereed Papers
Skip to main content.

Refereed Papers

Track: Security II: Web Client Security

Paper Title:
SMash: Secure Component Model for Cross-Domain Mashups on Unmodified Browsers


  • Frederik De Keukelaere(IBM Tokyo Research Laboratory)
  • Sumeer Bhola(IBM T.J. Watson Research Center)
  • Michael Steiner(IBM T.J. Watson Research Center)
  • Suresh Chari(IBM T.J. Watson Research Center)
  • Sachiko Yoshihama(IBM Tokyo Research Laboratory)

Mashup applications mix and merge content (data and code) from multiple content providers in a user's browser, to provide high-value web applications that can rival the user experience provided by desktop applications. Current browser security models were not designed to support such applications and they are therefore implemented with insecure workarounds. In this paper, we present a secure component model, where components are provided by different trust domains, and can interact using a communication abstraction that allows ease of specification of a security policy. We have developed an implementation of this model that works currently in all major browsers, and addresses challenges of communication integrity and frame-phishing. An evaluation of the performance of our implementation shows that this approach is not just feasible but also practical.

PDF version

Inquiries can be sent to: Email contact: program-chairs at www2008.org

Valid XHTML 1.0 Transitional