Jigsaw: Efficient, Low-effort Mashup Isolation

A single web application often incorporates code from a variety of origins. Securing such a mashup application is challenging because origins often distrust each other and wish to expose narrow interfaces to their private code and data. Jigsaw is a new framework for isolating these mashup components. Jigsaw is an extension of the JavaScript language that can be run inside standard browsers using a Jigsaw-to-JavaScript compiler. Unlike prior mashup isolation schemes that require developers to specify complex, error-prone policies, Jigsaw leverages the well-understood public/private keywords from traditional object-oriented programming, making it easy for developers to tag internal data as externally visible. Jigsaw provides strong iframe-like isolation, but unlike previous approaches that use iframes as isolation containers, Jigsaw allows mutually distrusting code to run inside the same frame; this allows developers to invoke cross-origin code using synchronous method calls instead of asynchronous message passing. Using a novel mechanism called surrogates, origins can safely exchange objects by reference instead of by value, removing cross-origin marshaling overhead. Jigsaw is also fail-stop by default when handling legacy JavaScript code, so Jigsaw applications cannot accidentally introduce security holes by incorporating older scripts.