%0 Conference Paper %1 TelCho14 %A Telikicherla, Krishna Chaitanya %A Choppella, Venkatesh %B Proceedings of the 1st International Workshop on Inclusive Web Programming - Programming on the Web with Open Data for Societal Applications %C New York, NY %D 2014 %I ACM %K open open-data %P 8--15 %R 10.1145/2593761.2593764 %T Enabling the Development of Safer Mashups for Open Data %X The last decade has seen the evolution of web APIs (Application Programming Interfaces) and open data initiatives promoted by governments. This has encouraged develop- ers to build Mashups, web applications that integrate data from multiple servers. ProgrammableWeb.com reports an as- tounding 11,152 APIs and 7384 Mashups, as of March 2014. The browser security model designed for static web pages, however, was insufficient to mitigate the security concerns in mashups. Recent efforts by researchers have enhanced the security model of browsers and provided newer APIs to meet the security requirements of mashups. However, these low- level APIs require significant skill by developers to use them effectively, to avoid creating possibly unsafe applications. In this paper, we start with a survey of security concerns in the insecure usage of HTML5 APIs, particularly relevant to the security of mashups. We then present a high-level library called SafeMash, which helps developers build safe mashups over the current low-level security APIs in HTML5. SafeMash allows the mashup developer to configure the de- gree of interaction and communication of a widget. It warns developers in case of any misconfiguration. Our initial em- pirical analysis shows that an interactive mashup that does not leverage state-of-the-art browser security features can be rebuilt with SafeMash, without any loss in functionality. %@ 978-1-4503-2855-5

@inproceedings{TelCho14, abstract = {The last decade has seen the evolution of web APIs (Application Programming Interfaces) and open data initiatives promoted by governments. This has encouraged develop- ers to build Mashups, web applications that integrate data from multiple servers. ProgrammableWeb.com reports an as- tounding 11,152 APIs and 7384 Mashups, as of March 2014. The browser security model designed for static web pages, however, was insufficient to mitigate the security concerns in mashups. Recent efforts by researchers have enhanced the security model of browsers and provided newer APIs to meet the security requirements of mashups. However, these low- level APIs require significant skill by developers to use them effectively, to avoid creating possibly unsafe applications. In this paper, we start with a survey of security concerns in the insecure usage of HTML5 APIs, particularly relevant to the security of mashups. We then present a high-level library called SafeMash, which helps developers build safe mashups over the current low-level security APIs in HTML5. SafeMash allows the mashup developer to configure the de- gree of interaction and communication of a widget. It warns developers in case of any misconfiguration. Our initial em- pirical analysis shows that an interactive mashup that does not leverage state-of-the-art browser security features can be rebuilt with SafeMash, without any loss in functionality.}, acmid = {2593764}, added-at = {2014-12-08T17:24:20.000+0100}, address = {New York, NY}, author = {Telikicherla, Krishna Chaitanya and Choppella, Venkatesh}, biburl = {https://www.bibsonomy.org/bibtex/208d272ac281f8d6bb9e38ea2e1c77dc0/wiljami74}, booktitle = {Proceedings of the 1st International Workshop on Inclusive Web Programming - Programming on the Web with Open Data for Societal Applications}, description = {Enabling the development of safer mashups for open data}, doi = {10.1145/2593761.2593764}, interhash = {d62390591469ef8c0bc7d87829e51bb2}, intrahash = {08d272ac281f8d6bb9e38ea2e1c77dc0}, isbn = {978-1-4503-2855-5}, keywords = {open open-data}, location = {Hyderabad, India}, numpages = {8}, pages = {8--15}, publisher = {ACM}, series = {IWP 2014}, timestamp = {2015-08-18T11:50:14.000+0200}, title = {Enabling the Development of Safer Mashups for Open Data}, year = 2014 }