Mashups are new Web 2.0 applications that seamlessly combine contents from multiple heterogeneous data sources into one integrated browser environment. The hallmark of these applications is to facilitate dynamic information sharing and analysis, thereby creating a more integrated and convenient experience for end-users. As mashups evolve into portals designed to offer convenient access to information on critical domains, such as banking, shopping, investment, enterprise mashups, and web desktops, concerns to protect clients’ personal information and trade secrets become important, thereby motivating the need for strong security guarantees. We develop a security architecture that provides high assurance on the mutual authentication, data confidentiality, and message integrity of mashup applications. In this paper, we describe the design and implementation of OpenMashupOS (OMOS), an open-source browserindependent framework for secure inter-domain communication and mashup development....