Abstract
Mashups empower users to easily combine and connect resources from independent Web-based sources and domains. However, these characteristics also introduce new and amplify existing security and privacy problems. This is especially critical in the emerging field of enterprise Mashups. Despite several contributions in the field of Mashup security the issue of protecting exchanged resources against the Mashup-providing Platform has generally been neglected. In this contribution we address the security challenges of server-side Mashup-providing Platforms with the aim of minimizing the required amount of trust. We achieve this by implementing a privacy-enhancing identity management system into the Mashup-providing Platform using Reverse Identity Based Encryption.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Merrill, D.: Mashups: The new breed of Web app., IBM developerWorks (August 2006)
Hoyer, V., Fischer, M.: Market Overview of Enterprise Mashup Tools. In: Bouguettaya, A., Krueger, I., Margaria, T. (eds.) ICSOC 2008. LNCS, vol. 5364, pp. 708–721. Springer, Heidelberg (2008)
Keukelaere, F.D., Bhola, S., Steiner, M., Chari, S., Yoshihama, S.: SMash: secure component model for cross-domain mashups on unmodified browsers. In: Proceeding of the 17th international conference on World Wide Web, pp. 535–544. ACM, Beijing (2008)
Jackson, C., Wang, H.J.: Subspace: secure cross-domain communication for web mashups. In: Proceedings of the 16th international conference on World Wide Web, pp. 611–620. ACM, Banff (2007)
Crites, S., Hsu, F., Chen, H.: OMash: enabling secure web mashups via object abstractions. In: Proceedings of the 15th ACM conference on Computer and communications security, pp. 99–108. ACM, Alexandria (2008)
Zarandioon, S., Yao, D., Ganapathy, V.: OMOS: A Framework for Secure Communication in Mashup Applications. In: Proceedings of the 2008 Annual Computer Security Applications Conference, pp. 355–364. IEEE Computer Society, Los Alamitos (2008)
Mather, T., Kumaraswamy, S., Latif, S.: Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. O’Reilly Media, Sebastopol (2009)
Brown, D.H., Lockett, N.: E-business, innovation and SMEs: the significance of hosted services and firm aggregations. International Journal of Entrepreneurship and Innovation Management 7, 92–112 (2007)
Hansen, M., Berlich, P., Camenisch, J., Clauß, S., Pfitzmann, A., Waidner, M.: Privacy-enhancing identity management, Information Security Technical Report, vol. 9, pp. 35–44 (2004)
Ennals, R.J., Garofalakis, M.N.: MashMaker: mashups for the masses. In: Proceedings of the 2007 ACM SIGMOD international conference on Management of data, pp. 1116–1118. ACM, Beijing (2007)
Close, T.: Web-key: Mashing with permission. In: W2SP 2008: Web 2.0 Security and Privacy 2008. IEEE Computer Society, Oakland (2008)
Hasan, R., Winslett, M., Conlan, R., Slesinsky, B., Ramani, N.: Please Permit Me: Stateless Delegated Authorization in Mashups. In: Proceedings of the 2008 Annual Computer Security Applications Conference, pp. 173–182. IEEE Computer Society, Los Alamitos (2008)
Open Mashup Alliance: OMA EMML Specification 1.0, http://www.openmashup.org/omadocs/v1.0/index.html
JackBe: JackBe Mashup Editor and Composer, http://www.jackbe.com/products/composers.php
Ives, B., Walsh, K.R., Schneider, H.: The domino effect of password reuse. ACM Commun. 47, 75–78 (2004)
Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: Proceedings of the 8th conference on USENIX Security Symposium, vol. 8, p. 14. USENIX Association, Washington (1999)
Zarandioon, S., Yao, D., Ganapathy, V.: Privacy-aware identity management for client-side mashup applications. In: Proceedings of the 5th ACM workshop on Digital identity management, pp. 21–30. ACM, Chicago (2009)
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. ACM Commun. 21, 120–126 (1978)
Shamir, A.: Identity-Based Cryptosystems and Signature Schemes. Advances in Cryptology, 47–53 (1985)
Guan, Z., Cao, Z., Zhao, X., Chen, R., Chen, Z., Nan, X.: WebIBC: Identity Based Cryptography for Client Side Security in Web Applications. In: International Conference on Distributed Computing Systems, pp. 689–696. IEEE Computer Society, Los Alamitos (2008)
Kemmerer, R.A.: Security issues in distributed software. SIGSOFT Softw. Eng. Notes 22, 52–59 (1997)
Halderman, J.A., Waters, B., Felten, E.W.: A convenient method for securely managing passwords. In: Proceedings of the 14th international conference on World Wide Web, pp. 471–479. ACM, Chiba (2005)
Kaliski, B.: PKCS #5: Password-Based Cryptography Specification Version 2.0 (2000)
Abadi, M., Bharat, K., Marais, J.: System and method for generating unique passwords, U.S. Patent 6141760
Zibuschka, J., Roßnagel, H.: Implementing Strong Authentication Interoperability with Legacy Systems. In: Policies and Research in Identity Management, pp. 149–160. Springer, Heidelberg (2008)
Dhamija, R., Dusseault, L.: The Seven Flaws of Identity Management: Usability and Security Challenges. IEEE Security & Privacy Magazine 6, 24–29 (2008)
de Clerq, J.: Single Sign-on Architectures. In: Proceedings of Infrastructure Security, International Conference, Bristol, UK, pp. 40–58 (2002)
Erlingsson, U., Livshits, B., Xie, Y.: End-to-end Web Application Security. In: 11th Workshop on Hot Topics in Operating Systems. USENIX Association, San Diego (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zibuschka, J., Herbert, M., Roßnagel, H. (2010). Towards Privacy-Enhancing Identity Management in Mashup-Providing Platforms. In: Foresti, S., Jajodia, S. (eds) Data and Applications Security and Privacy XXIV. DBSec 2010. Lecture Notes in Computer Science, vol 6166. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13739-6_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-13739-6_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13738-9
Online ISBN: 978-3-642-13739-6
eBook Packages: Computer ScienceComputer Science (R0)