Smashups: Making Your Browser More Secure

Until Web 2.0 mashups came about, my favorite kind of mashup was a Cherry Mash. Alas, both mashes have now been pushed aside by "smashups"--a technology that lets information from different sources talk to each other, but keeps them separate so that malicious code can't creep in. "Secure mashups," in other words. Officially referred to as "SMash," secure mashups keep code and data from each of the sources separated, while allowing controlled sharing of the data through a secure communication channel.

Why do we need yet another mash? Well, the problem is that Web 2.0 mashups bring together, in a user’s browser, data and code from multiple content providers--something existing browser security wasn't designed to accomodate. Simply put, it's insecure. Consequently, companies like IBM have been working towards developing secure models in which components are provided by different trust domains. That's SMash. And according to IBM's X-Force Security Team, we need this now more than ever before because of the rise in the sophistication of attacks that attempt to steal a user's identity and control that person's computer without the user's knowledge. SMash technology was developed by IBM, who has donated it to the OpenAjax Alliance, an organization that develops and promotes open and interoperable Ajax-based web technologies. IBM plans on including SMash technology in Lotus Mashups, its commercially available mashup maker.

To find out more about SMash technology, see SMash: Secure Cross-Domain Mashups on Unmodified Browsers, by Frederik De Keukelaere, Sumeer Bhola, Michael Steiner, Suresh Chari, and Sachiko Yoshihama.

-- Jonathan Erickson
jerickson@ddj.com

Posted by Jon Erickson at 02:07 PM  Permalink