期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

Web聚合应用的安全跨域通信机制 被引量:4

Secure cross-domain communication mechanism for Web mashups
下载PDF
导出
摘要 针对聚合应用现有的多种跨域通信方案难以同时兼顾安全性和高效性,提出适合聚合应用的安全跨域通信(SCDC,secure cross-domain communication)系统,将不同信任域内容封装成安全组件,借助于分层通信栈实现域间通信,并通过封装对象实现细粒度对象共享。保障了聚合应用与组件间的安全跨域通信与对象共享,且不需要浏览器做任何修改。实验表明,系统引入了有限的开销,而通信效率提高了5倍以上。 Many methods were used in cross-domain communication,whereas they were hardly to meet the security and high performance requirements.To this end,a secure cross-domain communication(SCDC) mechanism was proposed for Web mashups.It encapsulates content from different trust domains as secure components,achieves cross-domain communication with layered communication stack,and shares fine-grained objects by wrapping objects.SCDC mechanism supports secure cross-domain communication,shares objects between mashups and components without any browser modifications.Experiments show that the mechanism improves the communication efficiency more than five-fold,and only incurs limited overhead.
作者 孙建华 刘志容 陈浩
机构地区 湖南大学信息科学与工程学院
出处 《通信学报》 EI CSCD 北大核心 2012年第6期19-29,共11页 Journal on Communications
基金 国家自然科学基金资助项目(60803130 61173166) 中央高校基本科研业务基金资助项目~~
关键词 Web聚合应用 组件 跨域通信 共享对象 Web mashups components cross-domain communication shared object
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献11

  • 1MERRLL D. Mashups: new member of Web applications[EB/OL]. http://www.ibm.com/developerworks/cn/xml/x-mashups.html, 2008.
  • 2LEE G. Personal communication on XDDE[EB/OL]. http://www. openspot.com, 2007.
  • 3JACKSON C, WANG H. Subspace: secure cross-domain communica- tion for Web mashups[A]. The 16th International Conference on World Wide Web[C]. New York, USA, 2007.611-619.
  • 4BARTH A, JACKSON C, LI W. Attacks on JavaScript mashup com- munication[A]. IEEE Computer Security and Privacy 2009(W2SP 2009)[C]. California, USA, 2009. 323-330.
  • 5THORPE D. Secure cross-domain communication in the browser[J]. The Architecture Journal, 2007, 12(6): 14-18.
  • 6HICKSON I. HTML5 Web messaging[EB/OL], http://dev.w3.org/ html5/postmsg/, 2010.
  • 7KEUKELAERE F, BHOLA S, STEINER M, et al. SMash: secure component model for cross-domain mashups on unmodified browsers[A]. The 17th International Conference on World Wide Web[C]. New York, USA, 2008. 535-544.
  • 8BHOLA S, CHARI S, STEINER M. Least privilege 2.0: access con- trol for Web 2.0 applications[EB/OL], http://domino.research.ibm. com/comm/research_proj ect s .ns f/pages/web_2.0_security.smash.html/ SFILElleast-privilege_2.0.pdf, 2008.
  • 9MEYEROVICH L, FELT P, MILLER M. Object views: fine-grained sharing in browsers[A]. The International Conference on World Wide Web(WWW2010)[C]. NC, USA, 2010.67-76.
  • 10BARTH A, JACKSON C, MITCHELL J. Securing frame communica- tion in browsers[A]. The 17th USENIX Security Symposium(USENIX Security 2008)[C]. California, USA, 2008.83-91.

同被引文献33

  • 1杜兴,谢立,孙钟秀.计算机辅助协同工作[J].计算机科学,1994,21(1):12-16. 被引量:12
  • 2江雨燕.应用于CSCW协同控制机制的分析与设计[J].计算机工程与设计,2007,28(1):162-163. 被引量:7
  • 3吴瀚清.白帽子讲Web安全[M].北京:电子工业出版社,2012.
  • 4zciii.跨域通信与实验[EB/OL].(2012-8-30)[2012-12-20].http://zciii.com/blogwp/crossdomain/.
  • 5STUTTARDD,PINTOM.黑客攻防技术宝典Web实战篇[M].石光耀等,译.北京:人民邮电出版社,2012.
  • 6淘宝支付前端.也来谈谈“完美”跨域[EB/OL].(2008-12-17)[2012-12-20].http://ued.alipay.com/wd/2008/12/17/.
  • 7HTTPOnly OWASP.HTTPOnly[EB/OL].(2009-08 15).[2 009 08-15]. http://www.owasp.org/index.php/HTTPOnly ~Browsers Supporting HTTPOnIy.
  • 8TIWAPI S, BANSAL P, BANSAL D. Optimized Client Side Solution for Cross Site Scripting[J]. Networks, 2008(16):1.
  • 9Berinato, Scott. Software Vulnerability Disclosure: The Chilling Effect. CSO ( CXO Media ) . January 1, 2007 : ( 7 ) .
  • 10About 2-step verification, https: //support.google.com/acc ounts/answer/180744?hl=en&rd= I[EB/OL], 2011.

引证文献4

二级引证文献10

通信学报
2012年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部