OMOS: a Framework for Secure Communication in Mashup Applications

OMOS: A Framework for Secure Communication in Mashup Applications

Saman Zarandioon Danfeng (Daphne) Yao Vinod Ganapathy Department of Computer Science Rutgers University Piscataway, NJ 08854 {samanz,danfeng,vinodg}@cs.rutgers.edu

December 2008

OpenMashupOS.com ACSAC 2008 – 1 / 11 Mashups

Introduction . What is a Mashup application? Mashups Architecture Security in client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups

Introduction . What is a Mashup application? Mashups Architecture Security in ■ client-side services Seamlessly combine contents from multiple heterogeneous OMOS data sources. Experiments ■ Overal goal: more integrated and convenient end-user experience.

■ Becoming very popular - Web 2.0

OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups

Introduction . What is a Mashup application? Mashups Architecture Security in . My favorite mashup website Zillow! client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups

Introduction Mashups Architecture Security in client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups

Introduction Mashups Architecture Security in client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups

Introduction Mashups Architecture Security in client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups

Introduction Mashups Architecture Security in client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups

Introduction . What is a Mashup application? Mashups Architecture Security in . My favorite mashup website Zillow! client-side services OMOS . Web desktop (webtop) (e.g. eyeOS, DesktopTwo, G.ho.st, Experiments Netvibes, and Online OS).

OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups

Introduction Mashups Architecture Security in client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 2 / 11 Architecture

Introduction Ways that service providers can expose their services: Mashups Architecture . Server-side services Security in client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 3 / 11 Architecture

Introduction Ways that service providers can expose their services: Mashups Architecture . Server-side services Security in client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 3 / 11 Architecture

Introduction Ways that service providers can expose their services: Mashups Architecture . Server-side services Security in client-side services . Client-side services OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 3 / 11 Architecture

Introduction Ways that service providers can expose their services: Mashups Architecture . Server-side services Security in client-side services . Client-side services OMOS

Experiments

User is involved; AJAX-oriented; More responsive/eﬃcient

OpenMashupOS.com ACSAC 2008 – 3 / 11 Security in client-side services

Introduction Mashups ■ Service providers use ad-hoc non-secure methods. Architecture Security in client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 4 / 11 Security in client-side services

Introduction Mashups ■ Service providers use ad-hoc non-secure methods. Architecture Security in client-side services ■ Consumers need to trust service providers: Not suitable OMOS when dealing with sensitive personal data. Experiments

OpenMashupOS.com ACSAC 2008 – 4 / 11 Security in client-side services

■ Trade-Oﬀ Between Usability and Security: All or Nothing, Complete isolation vs. complete exposure.

OpenMashupOS.com ACSAC 2008 – 4 / 11 Security in client-side services

■ Trade-Oﬀ Between Usability and Security: All or Nothing, Complete isolation vs. complete exposure.

OpenMashupOS.com ACSAC 2008 – 4 / 11 Overview

Introduction ■ OMOS OpenMashupOS (OMOS) is a mashup framework that is Overview designed to support secure client-side services. Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 5 / 11 Overview

Experiments

OpenMashupOS.com ACSAC 2008 – 5 / 11 Overview

Introduction ■ OMOS OpenMashupOS (OMOS) is a mashup framework that is Overview designed to support secure client-side services. Mashlet Secure Frame-to-frame ■ Design Goals: Communication Communication Stack ◆ To be compatible with all major browsers without any MDP Layer MHTTP Layer change or extension to the browsers. Experiments ◆ To provide a powerful abstraction that is ﬂexible and easy to understand and use by mashup developers.

OpenMashupOS.com ACSAC 2008 – 5 / 11 Overview

OpenMashupOS.com ACSAC 2008 – 5 / 11 Mashlet

Experiments

OpenMashupOS.com ACSAC 2008 – 6 / 11 Mashlet

Introduction ■ Mashlet is a client side component that runs in the OMOS Overview browser under the privilege of the principal that is deﬁned Mashlet Secure by the domain name of the server that hosts the mashlet. Frame-to-frame Communication Communication ■ Mashlets should be able to communicate securely on the Stack MDP Layer client side, meaning that the communication protocol MHTTP Layer guarantees: Experiments

OpenMashupOS.com ACSAC 2008 – 6 / 11 Mashlet

Introduction

OMOS Overview Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

Using OMOS API, mashlets can communicate with their siblings and parents.

OpenMashupOS.com ACSAC 2008 – 6 / 11 Secure Frame-to-frame Communication

Introduction Security of OMOS communication protocol relies on Same OMOS Overview Origin Policy (SOP): Mashlet Secure ■ Frame-to-frame Protects conﬁdentiality of domains against each other. Communication Communication (DOM elements, events, cookies, ...) Stack MDP Layer ■ URL property of an iframe is write-only. MHTTP Layer Experiments ■ Partial change of URL is not allowed.