OMOS: a Framework for Secure Communication in Mashup Applications

OMOS: a Framework for Secure Communication in Mashup Applications

OMOS: A Framework for Secure Communication in Mashup Applications Saman Zarandioon Danfeng (Daphne) Yao Vinod Ganapathy Department of Computer Science Rutgers University Piscataway, NJ 08854 {samanz,danfeng,vinodg}@cs.rutgers.edu December 2008 OpenMashupOS.com ACSAC 2008 – 1 / 11 Mashups Introduction . What is a Mashup application? Mashups Architecture Security in client-side services OMOS Experiments OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups Introduction . What is a Mashup application? Mashups Architecture Security in ■ client-side services Seamlessly combine contents from multiple heterogeneous OMOS data sources. Experiments ■ Overal goal: more integrated and convenient end-user experience. ■ Becoming very popular - Web 2.0 OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups Introduction . What is a Mashup application? Mashups Architecture Security in . My favorite mashup website Zillow! client-side services OMOS Experiments OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups Introduction Mashups Architecture Security in client-side services OMOS Experiments OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups Introduction Mashups Architecture Security in client-side services OMOS Experiments OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups Introduction Mashups Architecture Security in client-side services OMOS Experiments OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups Introduction Mashups Architecture Security in client-side services OMOS Experiments OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups Introduction . What is a Mashup application? Mashups Architecture Security in . My favorite mashup website Zillow! client-side services OMOS . Web desktop (webtop) (e.g. eyeOS, DesktopTwo, G.ho.st, Experiments Netvibes, and Online OS). OpenMashupOS.com ACSAC 2008 – 2 / 11 Mashups Introduction Mashups Architecture Security in client-side services OMOS Experiments OpenMashupOS.com ACSAC 2008 – 2 / 11 Architecture Introduction Ways that service providers can expose their services: Mashups Architecture . Server-side services Security in client-side services OMOS Experiments OpenMashupOS.com ACSAC 2008 – 3 / 11 Architecture Introduction Ways that service providers can expose their services: Mashups Architecture . Server-side services Security in client-side services OMOS Experiments OpenMashupOS.com ACSAC 2008 – 3 / 11 Architecture Introduction Ways that service providers can expose their services: Mashups Architecture . Server-side services Security in client-side services . Client-side services OMOS Experiments OpenMashupOS.com ACSAC 2008 – 3 / 11 Architecture Introduction Ways that service providers can expose their services: Mashups Architecture . Server-side services Security in client-side services . Client-side services OMOS Experiments User is involved; AJAX-oriented; More responsive/efficient OpenMashupOS.com ACSAC 2008 – 3 / 11 Security in client-side services Introduction Mashups ■ Service providers use ad-hoc non-secure methods. Architecture Security in client-side services OMOS Experiments OpenMashupOS.com ACSAC 2008 – 4 / 11 Security in client-side services Introduction Mashups ■ Service providers use ad-hoc non-secure methods. Architecture Security in client-side services ■ Consumers need to trust service providers: Not suitable OMOS when dealing with sensitive personal data. Experiments OpenMashupOS.com ACSAC 2008 – 4 / 11 Security in client-side services Introduction Mashups ■ Service providers use ad-hoc non-secure methods. Architecture Security in client-side services ■ Consumers need to trust service providers: Not suitable OMOS when dealing with sensitive personal data. Experiments ■ HTML, JavaScript and browsers are not designed to support client-side communication. OpenMashupOS.com ACSAC 2008 – 4 / 11 Security in client-side services Introduction Mashups ■ Service providers use ad-hoc non-secure methods. Architecture Security in client-side services ■ Consumers need to trust service providers: Not suitable OMOS when dealing with sensitive personal data. Experiments ■ HTML, JavaScript and browsers are not designed to support client-side communication. ■ Trade-Off Between Usability and Security: All or Nothing, Complete isolation vs. complete exposure. OpenMashupOS.com ACSAC 2008 – 4 / 11 Security in client-side services Introduction Mashups ■ Service providers use ad-hoc non-secure methods. Architecture Security in client-side services ■ Consumers need to trust service providers: Not suitable OMOS when dealing with sensitive personal data. Experiments ■ HTML, JavaScript and browsers are not designed to support client-side communication. ■ Trade-Off Between Usability and Security: All or Nothing, Complete isolation vs. complete exposure. OpenMashupOS.com ACSAC 2008 – 4 / 11 Overview Introduction ■ OMOS OpenMashupOS (OMOS) is a mashup framework that is Overview designed to support secure client-side services. Mashlet Secure Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer Experiments OpenMashupOS.com ACSAC 2008 – 5 / 11 Overview Introduction ■ OMOS OpenMashupOS (OMOS) is a mashup framework that is Overview designed to support secure client-side services. Mashlet Secure Frame-to-frame ■ Design Goals: Communication Communication Stack MDP Layer MHTTP Layer Experiments OpenMashupOS.com ACSAC 2008 – 5 / 11 Overview Introduction ■ OMOS OpenMashupOS (OMOS) is a mashup framework that is Overview designed to support secure client-side services. Mashlet Secure Frame-to-frame ■ Design Goals: Communication Communication Stack ◆ To be compatible with all major browsers without any MDP Layer MHTTP Layer change or extension to the browsers. Experiments OpenMashupOS.com ACSAC 2008 – 5 / 11 Overview Introduction ■ OMOS OpenMashupOS (OMOS) is a mashup framework that is Overview designed to support secure client-side services. Mashlet Secure Frame-to-frame ■ Design Goals: Communication Communication Stack ◆ To be compatible with all major browsers without any MDP Layer MHTTP Layer change or extension to the browsers. Experiments ◆ To provide a powerful abstraction that is flexible and easy to understand and use by mashup developers. OpenMashupOS.com ACSAC 2008 – 5 / 11 Overview Introduction ■ OMOS OpenMashupOS (OMOS) is a mashup framework that is Overview designed to support secure client-side services. Mashlet Secure Frame-to-frame ■ Design Goals: Communication Communication Stack ◆ To be compatible with all major browsers without any MDP Layer MHTTP Layer change or extension to the browsers. Experiments ◆ To provide a powerful abstraction that is flexible and easy to understand and use by mashup developers. ◆ To guarantee mutual authentication, data confidentiality, and message integrity for communication between service provider and consumer. OpenMashupOS.com ACSAC 2008 – 5 / 11 Overview Introduction ■ OMOS OpenMashupOS (OMOS) is a mashup framework that is Overview designed to support secure client-side services. Mashlet Secure Frame-to-frame ■ Design Goals: Communication Communication Stack ◆ To be compatible with all major browsers without any MDP Layer MHTTP Layer change or extension to the browsers. Experiments ◆ To provide a powerful abstraction that is flexible and easy to understand and use by mashup developers. ◆ To guarantee mutual authentication, data confidentiality, and message integrity for communication between service provider and consumer. OpenMashupOS.com ACSAC 2008 – 5 / 11 Mashlet Introduction ■ Mashlet is a client side component that runs in the OMOS Overview browser under the privilege of the principal that is defined Mashlet Secure by the domain name of the server that hosts the mashlet. Frame-to-frame Communication Communication Stack MDP Layer MHTTP Layer Experiments OpenMashupOS.com ACSAC 2008 – 6 / 11 Mashlet Introduction ■ Mashlet is a client side component that runs in the OMOS Overview browser under the privilege of the principal that is defined Mashlet Secure by the domain name of the server that hosts the mashlet. Frame-to-frame Communication Communication ■ Mashlets should be able to communicate securely on the Stack MDP Layer client side, meaning that the communication protocol MHTTP Layer guarantees: Experiments OpenMashupOS.com ACSAC 2008 – 6 / 11 Mashlet Introduction ■ Mashlet is a client side component that runs in the OMOS Overview browser under the privilege of the principal that is defined Mashlet Secure by the domain name of the server that hosts the mashlet. Frame-to-frame Communication Communication ■ Mashlets should be able to communicate securely on the Stack MDP Layer client side, meaning that the communication protocol MHTTP Layer guarantees: Experiments ◆ Mutual Authentication ◆ Confidentiality ◆ Message Integrity OpenMashupOS.com ACSAC 2008 – 6 / 11 Mashlet Introduction ■ Mashlet is a client side component that runs in the OMOS Overview browser under the privilege of the principal that is defined Mashlet Secure by the domain name of the server that hosts the mashlet. Frame-to-frame Communication Communication ■ Mashlets should be able to communicate securely on the Stack MDP Layer client side, meaning that the communication protocol MHTTP Layer guarantees: Experiments ◆ Mutual Authentication ◆ Confidentiality ◆ Message Integrity OpenMashupOS.com ACSAC 2008 – 6 / 11 Mashlet Introduction ■ Mashlet is a client side component that runs in the OMOS Overview browser under the privilege of the principal that is defined Mashlet Secure by the domain name of the server that hosts the mashlet. Frame-to-frame Communication Communication ■ Mashlets should be able to communicate securely on the Stack MDP Layer

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    54 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us