The current security model used by web browsers, the Same Origin Policy (SOP), does not support secure cross-domain communication desired by web mashup developers. The developers have to choose between no trust, where no communication is allowed, and full trust, where third-party content runs with the full privilege of the integrator. Furthermore, the SOP has its own set of security vulnerabilities and pitfalls, including Cross-Site Request Forgery, DNS rebinding and dynamic pharming. To overcome the unfortunate tradeoff between security and functionality forced upon today's mashup developers, we propose OMash, a simple abstraction that treats web pages as objects and allows objects to communicate only via their declared public interfaces. Since OMash does not rely on the SOP for controlling DOM access or cross-domain data exchange, it does not suffer from the SOP's vulnerabilities. We show that OMash satisfies the trust relationships desired by mashup authors and may be configured to be backward compatible with the SOP. We implemented a prototype of OMash using Mozilla Firefox 2.0 and demonstrated several proof-of-concept applications.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Craigslist. http://www.craigslist.org/, 2008, (accessed August 10, 2008).
	2	Google Maps. http://maps.google.com/, 2008, (accessed August 10, 2008).
	3	Google Maps API. http://www.google.com/apis/maps/, 2008, (accessed August 10, 2008).
	4	HousingMaps. http://www.housingmaps.com/, 2008, (accessed August 10, 2008).
	5	JSON. http://www.json.org/, 2008, (accessed August 10, 2008).
	6	OpenAjax Alliance. http://www.openajax.org/, 2008, (accessed August 10, 2008).
	7	Session store API. http://developer.mozilla.org/en/docs/Session_store_API, January 2008, (accessed August 10, 2008).
	8	A. Barth, C. Jackson, and J. C. Mitchell. Securing frame communication in browsers. In Usenix Security Symposium, 2008.
	9	J. Burke. Cross Domain Frame Communication with Fragment Identifiers. http://tagneto.blogspot.com/2006/06/cross-domain-frame-communication-with.html, June 2006, (accessed August 10, 2008).
	10	R. Cornford. Javascript Closures. http://www.jibbering.com/faq/faq_notes/closures.html, March 2004, (accessed August 10, 2008).
	11	D. Crockford. Private Members in JavaScript. http://www.crockford.com/javascript/private.html, 2001, (accessed October 31, 2007).
	12	D. Crockford. JSONRequest. http://www.json.org/JSONRequest.html, 2006, (accessed August 10, 2008).
	13	M. Foundation. Public Suffix List: Learn more about the Public Suffix List. http://publicsuffix.org/learn/, 2008, (accessed August 10, 2008).
	14	Google. google-caja. http://code.google.com/p/google-caja/, 2008, (accessed August 10, 2008).
	15	Google. Using JSON with Google Data APIs. http://code.google.com/apis/gdata/json.html, 2008, (accessed August 10, 2008).
	16	Norm Hardy, The Confused Deputy: (or why capabilities might have been invented), ACM SIGOPS Operating Systems Review, v.22 n.4, p.36-38, Oct. 1988
	17	C. Jackson. JSONRequest Extension for Firefox. http://crypto.stanford.edu/jsonrequest/, 2007, (accessed August 10, 2008).
	18	Collin Jackson , Adam Barth , Andrew Bortz , Weidong Shao , Dan Boneh, Protecting browsers from dns rebinding attacks, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA  [doi>10.1145/1315245.1315298]
	19	Collin Jackson , Helen J. Wang, Subspace: secure cross-domain communication for web mashups, Proceedings of the 16th international conference on World Wide Web, May 08-12, 2007, Banff, Alberta, Canada  [doi>10.1145/1242572.1242655]
	20	Chris Karlof , Umesh Shankar , J. D. Tygar , David Wagner, Dynamic pharming attacks and locked same-origin policies for web browsers, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA  [doi>10.1145/1315245.1315254]
	21	Frederik De Keukelaere , Sumeer Bhola , Michael Steiner , Suresh Chari , Sachiko Yoshihama, SMash: secure component model for cross-domain mashups on unmodified browsers, Proceeding of the 17th international conference on World Wide Web, April 21-25, 2008, Beijing, China  [doi>10.1145/1367497.1367570]
	22	Z. Leatherman. Cross Domain XHR with Firefox. http://www.zachleat.com/web/2007/08/30/cross-domain-xhr-with-firefox/, August 2007, (accessed August 10, 2008).
	23	C. Reis, S. D. Gribble, and H. M. Levy. Architectural principles for safe web programs. In Sixth Workshop on Hot Topics in Networks, 2007.
	24	J. Ruderman. The Same Origin Policy. http://www.mozilla.org/projects/security/components/same-origin.html, August 2001, (accessed August 10, 2008).
	25	J. Ruderman. Configurable Security Policies (CAPS). http://www.mozilla.org/projects/security/components/ConfigPolicy.html, April 2006, (accessed August 10, 2008).
	26	Helen J. Wang , Xiaofeng Fan , Jon Howell , Collin Jackson, Protection and communication abstractions for web browsers in MashupOS, Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles, October 14-17, 2007, Stevenson, Washington, USA
	27	Yahoo! Using JSON with Yahoo! Web Services. http://developer.yahoo.com/common/json.html, 2008, (accessed August 10, 2008).