SMash: Secure Component Model for Cross-Domain Mashups on Unmodified Browsers - overview
Mashup applications mix and merge content (data and code) from multiple content providers in a user's browser, to provide high-value web applications that can rival the user experience provided by desktop applications. Current browser security models were not designed to support such applications and they are therefore implemented with insecure workarounds.
In our project SMash, we present a secure component model, where components are provided by different trust domains, and can interact using a communication abstraction that allows ease of specification of a security policy.
We have developed an implementation of this model that works currently in all major browsers, and addresses challenges of communication integrity and frame-phishing. An evaluation of the performance of our implementation under various system parameters shows that this approach is not just feasible but also practical.
The Smash technology allows mutually mistrusting client-side components to communicate safely without any modifications to current browsers, and hence has the potential to achieve immediate and widespread adoption.
For more details, please read following paper, a slightly longer version of the paper which appeared at the 17th International World Wide Web Conference (WWW 2008).
In March 2008, IBM donated the technology to the OpenAjax Alliance for the Hub 1.1 and Hub 2.0 efforts. See the press release and some media coverage in InfoWorld, Computerworld, Web 2.0 Journal and the MIT Tech Review
In the context of SMash we also looked at how credentials should be managed for secure components such that they maintain least privilege as reported in the paper Least Privilege 2.0: Access Control for Web 2.0 applications. An off-spring of that work lead to the CSRF protection in Project Zero.