CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

A lattice-based approach to mashup security

Jonas Magazinius (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers)) ; Aslan Askarov ; Andrei Sabelfeld (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers))
5th ACM Symposium on Information, Computer and Communication Security, ASIACCS 2010; Beijing; 13 April 2010 through 16 April 2010 p. 15-23 . (2010)
[Konferensbidrag, refereegranskat]

A web mashup is a web application that integrates content from different providers to create a new service, not offered by the content providers. As mashups grow in popularity, the problem of securing information flow between mashup components becomes increasingly important. This paper presents a security lattice-based approach to mashup security, where the origins of the different components of the mashup are used as levels in the security lattice. Declassification allows controlled information release between the components. We formalize a notion of composite delimited release policy and provide considerations for practical (static as well as runtime) enforcement of mashup information-flow security policies in a web browser. © 2010 ACM.

Nyckelord: declassification; information flow; lattices; noninterference; security policies; web mashups



Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2010-08-19. Senast ändrad 2016-07-22.
CPL Pubid: 124911

 

Läs direkt!


Länk till annan sajt (kan kräva inloggning)


Institutioner (Chalmers)

Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers) (2008-2010)

Ämnesområden

Informations- och kommunikationsteknik
Datalogi
Programvaruteknik

Chalmers infrastruktur

Relaterade publikationer

Denna publikation ingår i:


Dynamic enforcement of decentralized security policies


Securing the mashed up web