The Research Of Secure Cross-domain Communication For Web Mashup Applications

In traditional Web1.0applications, accessing Web site can only get informationfrom its own site as isolated from each other. In Web2.0applications, we hope tobreak the isolation among Web sites to share data. In this context, Mashupapplication, which is a new type of Web applications, is growing up.Traditional Web applications must observe the same-origin policy (SOP) toaccess content from the same origin, while content from different origin interactswith constraints. There is an urgent problem for Mashup to integrate independentthird-party data and achieve communication among different sources. It is prone tolead to frame-phishing through cross-domain communication and reveal privateinformation through sharing objects for Mashup. There is another problem forMashup to ensure security and integrity of communication among different sources.Therefore, an improved system of secure cross-domain communication for WebMashup applications is developed (SCDC). The main work is introduced as follows.First, we implement the system including three modules. It encapsulates contentfrom different trust domains as secure components in order to achieve inter-domainisolation. Cross-domain interaction is achieved by cross-document communicationmechanism and layered communication stack. Fine-grained mediation of sharedobjects is realized by wrapping objects and layered communication stack. Then, weanalyse security of the system, making use of the whole security policies of thesystem and special policies to protect for frame-fishing and object sharing. Finally,we collect data do performance testing, experiments show that data throughput andevent rate are increased about five times than cross-communication system byfragment-indentifier messaging, component loading latency is fell obviously, andobject sharing only leads to limited overhead. We inspect and verify the security ofcross-domain communication and object sharing, expriments show that our securitypolicies are valid to improve security of Mashup.SCDC system supports cross-domain communication and shared objects forMashup without any modification of browser. It has strong security and reliability,high efficiency, as well as supporting object sharing of applications in order toprovide a secure and reliable cross-domain communication system for Mashup.