Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2010
ACM
2010
ACM
A lattice-based approach to mashup security
A web mashup is a web application that integrates content from different providers to create a new service, not offered by the content providers. As mashups grow in popularity, the problem of securing information flow between mashup components becomes increasingly important. This paper presents a security lattice-based approach to mashup security, where the origins of the different components of the mashup are used as levels in the security lattice. Declassification allows controlled information release between the components. We formalize a notion of composite delimited release policy and provide considerations for practical (static as well as runtime) enforcement of mashup information-flow security policies in a web browser. Categories and Subject Descriptors D.4.6 [Security and Protection]: Information flow controls General Terms Security, Languages Keywords Web mashups, security policies, lattices, information flow, declassification, noninterference
Real-time Traffic| Added | 18 May 2010 |
| Updated | 18 May 2010 |
| Type | Conference |
| Year | 2010 |
| Where | CCS |
| Authors | Jonas Magazinius, Aslan Askarov, Andrei Sabelfeld |
Comments (0)
Researcher Info
|
