Protection and communication abstractions for web browsers in MashupOS

Helen Wang, Xiaofeng Fan, Jon Howell, and Collin Jackson


Web browsers have evolved from a single-principal platform on

which one site is browsed at a time into a multi-principal platform

on which data and code from mutually distrusting sites interact

programmatically in a single page at the browser. Today’s

“Web 2.0” applications (or mashups) offer rich services, rivaling

those of desktop PCs. However, the protection and communication

abstractions offered by today’s browsers remain suitable only for

a single-principal system—either no trust through complete isolation

between principals (sites) or full trust by incorporating third

party code as libraries. In this paper, we address this deficiency

by identifying and designing the missing abstractions needed for

a browser-based multi-principal platform. We have designed our

abstractions to be backward compatible and easily adoptable. We

have built a prototype system that realizes almost all of our abstractions

and their associated properties. Our evaluation shows that our

abstractions make it easy to build more secure and robust client-side

Web mashups and can be easily implemented with negligible

performance overhead.


Publication typeInproceedings
Published inSOSP
> Publications > Protection and communication abstractions for web browsers in MashupOS