Jigsaw: Efficient, Low-effort Mashup Isolation

A single web application often incorporates code from a variety of origins. Securing such a mashup application is challenging because origins often distrust each other and wish to expose narrow interfaces to their private code and data. Jigsaw is a new framework for isolating these mashup components. Jigsaw is an extension of the JavaScript language that can be run inside standard browsers using a Jigsaw-to-JavaScript compiler. Unlike prior mashup isolation schemes that require developers to specify complex, error-prone policies, Jigsaw leverages the well-understood public/private keywords from traditional object-oriented programming, making it easy for developers to tag internal data as externally visible. Jigsaw provides strong iframe-like isolation, but unlike previous approaches that use iframes as isolation containers, Jigsaw allows mutually distrusting code to run inside the same frame; this allows developers to invoke cross-origin code using synchronous method calls instead of asynchronous message passing. Using a novel mechanism called surrogates, origins can safely exchange objects by reference instead of by value, removing cross-origin marshaling overhead. Jigsaw is also fail-stop by default when handling legacy JavaScript code, so Jigsaw applications cannot accidentally introduce security holes by incorporating older scripts.

jigsaw.pdf
PDF file

In  Proceedings of WebApps

Publisher  USENIX

Details

TypeProceedings
> Publications > Jigsaw: Efficient, Low-effort Mashup Isolation