Protection and communication abstractions for web browsers in MashupOS

Helen J. Wang, Xiaofeng Fan, Jon Howell, Collin Jackson
{"title":"Protection and communication abstractions for web browsers in MashupOS","authors":"Helen J. Wang, Xiaofeng Fan, Jon Howell, Collin Jackson","doi":"10.1145/1294261.1294263","DOIUrl":null,"url":null,"abstract":"Web browsers have evolved from a single-principal platform on which one site is browsed at a time into a multi-principal platform on which data and code from mutually distrusting sites interact programmatically in a single page at the browser. Today's \"Web 2.0\" applications (or mashups) offer rich services, rivaling those of desktop PCs. However, the protection andcommunication abstractions offered by today's browsers remain suitable onlyfor a single-principal system--either no trust through completeisolation between principals (sites) or full trust by incorporating third party code as libraries. In this paper, we address this deficiency by identifying and designing the missing abstractions needed for a browser-based multi-principal platform. We have designed our abstractions to be backward compatible and easily adoptable. We have built a prototype system that realizes almost all of our abstractions and their associated properties. Our evaluation shows that our abstractions make it easy to build more secure and robust client-side Web mashups and can be easily implemented with negligible performance overhead.","PeriodicalId":20672,"journal":{"name":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","volume":"30 1","pages":"1-16"},"PeriodicalIF":0.0000,"publicationDate":"2007-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"149","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1294261.1294263","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 149

Abstract

Web browsers have evolved from a single-principal platform on which one site is browsed at a time into a multi-principal platform on which data and code from mutually distrusting sites interact programmatically in a single page at the browser. Today's "Web 2.0" applications (or mashups) offer rich services, rivaling those of desktop PCs. However, the protection andcommunication abstractions offered by today's browsers remain suitable onlyfor a single-principal system--either no trust through completeisolation between principals (sites) or full trust by incorporating third party code as libraries. In this paper, we address this deficiency by identifying and designing the missing abstractions needed for a browser-based multi-principal platform. We have designed our abstractions to be backward compatible and easily adoptable. We have built a prototype system that realizes almost all of our abstractions and their associated properties. Our evaluation shows that our abstractions make it easy to build more secure and robust client-side Web mashups and can be easily implemented with negligible performance overhead.
MashupOS中web浏览器的保护和通信抽象
Web浏览器已经从一次浏览一个站点的单一主体平台发展到多主体平台,在该平台上,来自相互不信任的站点的数据和代码以编程方式在浏览器的单个页面中进行交互。今天的“Web 2.0”应用程序(或mashup)提供丰富的服务,可以与桌面pc相媲美。然而,今天的浏览器提供的保护和通信抽象仍然只适用于单一主体系统——要么通过主体(站点)之间的完全隔离来实现无信任,要么通过将第三方代码作为库来实现完全信任。在本文中,我们通过识别和设计基于浏览器的多主体平台所需的缺失抽象来解决这一缺陷。我们设计的抽象是向后兼容和易于采用的。我们已经建立了一个原型系统,它实现了几乎所有的抽象及其相关属性。我们的评估表明,我们的抽象可以很容易地构建更安全、更健壮的客户端Web mashup,并且可以很容易地实现,性能开销可以忽略不计。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信