OMOS: A Framework for Secure Communication in Mashup Applications

Saman Zarandioon Danfeng (Daphne) Yao Vinod Ganapathy Department of Computer Science Rutgers University Piscataway, NJ 08854 {samanz,danfeng,vinodg}@cs.rutgers.edu

December 2008

OpenMashupOS.com ACSAC 2008 – 1 / 11 Mashups

Introduction . What is a Mashup application? Mashups Architecture Security in client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups

Introduction . What is a Mashup application? Mashups Architecture Security in ■ client-side services Seamlessly combine contents from multiple heterogeneous OMOS data sources. Experiments ■ Overal goal: more integrated and convenient end-user experience.

■ Becoming very popular - Web 2.0

OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups

Introduction . What is a Mashup application? Mashups Architecture Security in . My favorite mashup website Zillow! client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups

Introduction Mashups Architecture Security in client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups

Introduction Mashups Architecture Security in client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups

Introduction Mashups Architecture Security in client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups

Introduction Mashups Architecture Security in client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups

Introduction . What is a Mashup application? Mashups Architecture Security in . My favorite mashup website Zillow! client-side services OMOS . (webtop) (e.g. eyeOS, DesktopTwo, G.ho.st, Experiments Netvibes, and Online OS).

OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups

Introduction Mashups Architecture Security in client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 2 / 11 Architecture

Introduction Ways that service providers can expose their services: Mashups Architecture . Server-side services Security in client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 3 / 11 Architecture

Introduction Ways that service providers can expose their services: Mashups Architecture . Server-side services Security in client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 3 / 11 Architecture

Introduction Ways that service providers can expose their services: Mashups Architecture . Server-side services Security in client-side services . Client-side services OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 3 / 11 Architecture

Introduction Ways that service providers can expose their services: Mashups Architecture . Server-side services Security in client-side services . Client-side services OMOS

Experiments

User is involved; AJAX-oriented; More responsive/efficient

OpenMashupOS.com ACSAC 2008 – 3 / 11 Security in client-side services

Introduction Mashups ■ Service providers use ad-hoc non-secure methods. Architecture Security in client-side services

OMOS

Experiments

OpenMashupOS.com ACSAC 2008 – 4 / 11 Security in client-side services

Introduction Mashups ■ Service providers use ad-hoc non-secure methods. Architecture Security in client-side services ■ Consumers need to trust service providers: Not suitable OMOS when dealing with sensitive personal data. Experiments

OpenMashupOS.com ACSAC 2008 – 4 / 11 Security in client-side services

Introduction Mashups ■ Service providers use ad-hoc non-secure methods. Architecture Security in client-side services ■ Consumers need to trust service providers: Not suitable OMOS when dealing with sensitive personal data. Experiments ■ HTML, JavaScript and browsers are not designed to support client-side communication.

OpenMashupOS.com ACSAC 2008 – 4 / 11 Security in client-side services

Introduction Mashups ■ Service providers use ad-hoc non-secure methods. Architecture Security in client-side services ■ Consumers need to trust service providers: Not suitable OMOS when dealing with sensitive personal data. Experiments ■ HTML, JavaScript and browsers are not designed to support client-side communication.

■ Trade-Off Between Usability and Security: All or Nothing, Complete isolation vs. complete exposure.

OpenMashupOS.com ACSAC 2008 – 4 / 11 Security in client-side services

Introduction Mashups ■ Service providers use ad-hoc non-secure methods. Architecture Security in client-side services ■ Consumers need to trust service providers: Not suitable OMOS when dealing with sensitive personal data. Experiments ■ HTML, JavaScript and browsers are not designed to support client-side communication.

■ Trade-Off Between Usability and Security: All or Nothing, Complete isolation vs. complete exposure.

OpenMashupOS.com ACSAC 2008 – 4 / 11 Overview

Introduction ■ OMOS OpenMashupOS (OMOS) is a mashup framework that is Overview designed to support secure client-side services. Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 5 / 11 Overview

Introduction ■ OMOS OpenMashupOS (OMOS) is a mashup framework that is Overview designed to support secure client-side services. Mashlet Secure Frame-to-frame ■ Design Goals: Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 5 / 11 Overview

Introduction ■ OMOS OpenMashupOS (OMOS) is a mashup framework that is Overview designed to support secure client-side services. Mashlet Secure Frame-to-frame ■ Design Goals: Communication Communication Stack ◆ To be compatible with all major browsers without any MDP Layer MHTTP Layer change or extension to the browsers. Experiments

OpenMashupOS.com ACSAC 2008 – 5 / 11 Overview

Introduction ■ OMOS OpenMashupOS (OMOS) is a mashup framework that is Overview designed to support secure client-side services. Mashlet Secure Frame-to-frame ■ Design Goals: Communication Communication Stack ◆ To be compatible with all major browsers without any MDP Layer MHTTP Layer change or extension to the browsers. Experiments ◆ To provide a powerful abstraction that is flexible and easy to understand and use by mashup developers.

OpenMashupOS.com ACSAC 2008 – 5 / 11 Overview

Introduction ■ OMOS OpenMashupOS (OMOS) is a mashup framework that is Overview designed to support secure client-side services. Mashlet Secure Frame-to-frame ■ Design Goals: Communication Communication Stack ◆ To be compatible with all major browsers without any MDP Layer MHTTP Layer change or extension to the browsers. Experiments ◆ To provide a powerful abstraction that is flexible and easy to understand and use by mashup developers. ◆ To guarantee mutual authentication, data confidentiality, and message integrity for communication between service provider and consumer.

OpenMashupOS.com ACSAC 2008 – 5 / 11 Overview

Introduction ■ OMOS OpenMashupOS (OMOS) is a mashup framework that is Overview designed to support secure client-side services. Mashlet Secure Frame-to-frame ■ Design Goals: Communication Communication Stack ◆ To be compatible with all major browsers without any MDP Layer MHTTP Layer change or extension to the browsers. Experiments ◆ To provide a powerful abstraction that is flexible and easy to understand and use by mashup developers. ◆ To guarantee mutual authentication, data confidentiality, and message integrity for communication between service provider and consumer.

OpenMashupOS.com ACSAC 2008 – 5 / 11 Mashlet

Introduction ■ Mashlet is a client side component that runs in the OMOS Overview browser under the privilege of the principal that is defined Mashlet Secure by the domain name of the server that hosts the mashlet. Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 6 / 11 Mashlet

Introduction ■ Mashlet is a client side component that runs in the OMOS Overview browser under the privilege of the principal that is defined Mashlet Secure by the domain name of the server that hosts the mashlet. Frame-to-frame Communication Communication ■ Mashlets should be able to communicate securely on the Stack MDP Layer client side, meaning that the communication protocol MHTTP Layer guarantees: Experiments

OpenMashupOS.com ACSAC 2008 – 6 / 11 Mashlet

Introduction ■ Mashlet is a client side component that runs in the OMOS Overview browser under the privilege of the principal that is defined Mashlet Secure by the domain name of the server that hosts the mashlet. Frame-to-frame Communication Communication ■ Mashlets should be able to communicate securely on the Stack MDP Layer client side, meaning that the communication protocol MHTTP Layer guarantees: Experiments ◆ Mutual Authentication ◆ Confidentiality ◆ Message Integrity

OpenMashupOS.com ACSAC 2008 – 6 / 11 Mashlet

Introduction ■ Mashlet is a client side component that runs in the OMOS Overview browser under the privilege of the principal that is defined Mashlet Secure by the domain name of the server that hosts the mashlet. Frame-to-frame Communication Communication ■ Mashlets should be able to communicate securely on the Stack MDP Layer client side, meaning that the communication protocol MHTTP Layer guarantees: Experiments ◆ Mutual Authentication ◆ Confidentiality ◆ Message Integrity

OpenMashupOS.com ACSAC 2008 – 6 / 11 Mashlet

Introduction ■ Mashlet is a client side component that runs in the OMOS Overview browser under the privilege of the principal that is defined Mashlet Secure by the domain name of the server that hosts the mashlet. Frame-to-frame Communication Communication ■ Mashlets should be able to communicate securely on the Stack MDP Layer client side, meaning that the communication protocol MHTTP Layer guarantees: Experiments ◆ Mutual Authentication ◆ Confidentiality ◆ Message Integrity

OpenMashupOS.com ACSAC 2008 – 6 / 11 Mashlet

Introduction

OMOS Overview Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

Using OMOS API, mashlets can communicate with their siblings and parents.

OpenMashupOS.com ACSAC 2008 – 6 / 11 Secure Frame-to-frame Communication

Introduction Security of OMOS communication protocol relies on Same OMOS Overview Origin Policy (SOP): Mashlet Secure ■ Frame-to-frame Protects confidentiality of domains against each other. Communication Communication (DOM elements, events, cookies, ...) Stack MDP Layer ■ URL property of an iframe is write-only. MHTTP Layer Experiments ■ Partial change of URL is not allowed.

OpenMashupOS.com ACSAC 2008 – 7 / 11 Secure Frame-to-frame Communication

Introduction

OMOS Overview Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 7 / 11 Secure Frame-to-frame Communication

Introduction

OMOS Overview Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 7 / 11 Secure Frame-to-frame Communication

Introduction

OMOS Overview Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 7 / 11 Secure Frame-to-frame Communication

Introduction

OMOS Overview Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 7 / 11 Secure Frame-to-frame Communication

Introduction

OMOS Overview Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 7 / 11 Secure Frame-to-frame Communication

Introduction

OMOS Overview Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 7 / 11 Secure Frame-to-frame Communication

Introduction

OMOS Overview Key exchange protocol: Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 7 / 11 Secure Frame-to-frame Communication

Introduction

OMOS Overview Key exchange protocol: Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 7 / 11 Secure Frame-to-frame Communication

Introduction

OMOS Overview Key exchange protocol: Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 7 / 11 Secure Frame-to-frame Communication

Introduction

OMOS Overview Key exchange protocol: Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 7 / 11 Secure Frame-to-frame Communication

Introduction

OMOS Overview Key exchange protocol: Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 7 / 11 Secure Frame-to-frame Communication

Introduction

OMOS Overview Key exchange protocol: Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 7 / 11 Secure Frame-to-frame Communication

Introduction

OMOS Overview Key exchange protocol: Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 7 / 11 Communication Stack

Introduction

OMOS Overview Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

Each layer hides complex implementation details of communication in lower layers.

OpenMashupOS.com ACSAC 2008 – 8 / 11 MDP Layer

Introduction 3-way Handshake OMOS Overview Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 9 / 11 MDP Layer

Introduction 3-way Handshake OMOS Overview Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 9 / 11 MDP Layer

Introduction 3-way Handshake OMOS Overview Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 9 / 11 MDP Layer

Introduction 3-way Handshake OMOS Overview Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 9 / 11 MDP Layer

Introduction

OMOS Overview Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

OpenMashupOS.com ACSAC 2008 – 9 / 11 MHTTP Layer

Introduction

OMOS Overview Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer

Experiments

Versatile asyncRequest: mashlet-to-mashlet, same-domain & cross-domain mashlet-to-server communication.

OpenMashupOS.com ACSAC 2008 – 10 / 11 Results

Introduction

OMOS

Experiments Results

OpenMashupOS.com ACSAC 2008 – 11 / 11 Results

Introduction

OMOS

Experiments Results

OpenMashupOS.com ACSAC 2008 – 11 / 11