Web-2.0 and Browser Security
Web 2.0 applications aim to improve browsing experience using techniques such as client-side script execution and information integration in the form of mashups. However, such applications also raise new security concerns. How to ensure safe yet expressive script execution? How to ensure confidentiality and integrity of sensitive information? This project is investigating techniques to answer such questions in the context of Web 2.0 applications and the Web browser.
In preliminary work, we develop a security architecture for mashup development that provides high assurance on mutual authentication, data confidentiality, and message integrity of mashup applications as they communicate within a Web browser.
We are currently working on ensuring safe client-side script execution, without compromising end-user experience and ensuring safety of user sensitive information.
Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC 2009), Honolulu, Hawaii, December 2009
OMOS: A Framework for Secure Communication in Mashup Applications
Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC 2008); pages 355--364; Anaheim, California; December 8-12, 2008.