Subspace: secure cross-domain communication for web mashups
暂无分享,去创建一个
Combining data and code from third-party sources has enabled a new wave of web mashups that add creativity and functionality to web applications. However, browsers are poorly designed to pass data between domains, often forcing web developers to abandon security in the name of functionality. To address this deficiency, we developed Subspace, a cross-domain communication mechanism that allows efficient communication across domains without sacrificing security. Our prototype requires only a small JavaScript library, and works across all major browsers. We believe Subspace can serve as a new secure communication primitive for web mashups.
[1] Cédric Fournet,et al. Stack inspection: Theory and variants , 2003, TOPL.
[2] Thomas A. Powell,et al. JavaScript: The Complete Reference, 2nd edition , 2004 .
[3] Thomas A. Powell,et al. JavaScript: The Complete Reference , 2004 .
[4] Dan Boneh,et al. Protecting browser state from web privacy attacks , 2006, WWW '06.
[5] Helen J. Wang,et al. BrowserShield: vulnerability-driven filtering of dynamic HTML , 2006, OSDI '06.