OMash: Enabling Secure Web Mashups via Object Abstractions

Steven Crites, Francis Hsu, and Hao Chen.

The current security model used by web browsers, the Same Origin
Policy (SOP), does not support secure cross-domain communication
desired by web mashup developers.  The developers have to choose
between no trust, where no communication is allowed, and full trust,
where third-party content runs with the full privilege of the
integrator.  Furthermore, the SOP has its own set of security
vulnerabilities and pitfalls, including Cross-Site Request Forgery,
DNS rebinding and dynamic pharming.  To overcome the unfortunate
tradeoff between security and functionality forced upon today's mashup
developers, we propose OMash, a simple abstraction that treats web
pages as objects and allows objects to communicate only via their
declared public interfaces.  Since OMash does not rely on the SOP for
controlling DOM access or cross-domain data exchange, it does not
suffer from the SOP's vulnerabilities.  We show that OMash satisfies
the trust relationships desired by mashup authors and may be
configured to be backward compatible with the SOP.  We implemented a
prototype of OMash using Mozilla Firefox 2.0 and demonstrated several
proof-of-concept applications.