Abstract
Web augmentation alters the rendering of existing Web applications at the back of these applications. Changing the layout, adding/removing content or providing additional hyperlinks/widgets are examples of Web augmentation that account for a more personalized user experience. Crowdsourced Web augmentation considers end users not only the beneficiaries but also the contributors of augmentation scripts. The fundamental problem with so augmented Web applications is that code from numerous and possibly untrusted users are placed into the same security domain, hence, raising security and integrity concerns. Current solutions either coexist with the danger (e.g. Greasemonkey, where scripts work on the same security domain that the hosting application) or limit augmentation possibilities (e.g. virtual iframes in Google’s Caja, where the widget is prevented from accessing the application space). This work introduces Modding Interfaces: application-specific interfaces that regulate inflow and outflow communication between the hosting code and the user code. The paper shows how the combined use of sandboxed iframes and “modding-interface” HTML5 channels ensures application integrity while permitting controlled augmentation on the hosting application.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Greasemonkey Homepage, http://www.greasespot.net/
Monkey patch, http://en.wikipedia.org/wiki/Monkey_patch
Bouvin, N.O.: Unifying Strategies for Web Augmentation. In: Proceedings of the 10th ACM Conference on Hypertext and Hypermedia, HYPERTEXT 1999 (1999)
Microsoft Corp. Microsoft Web Sandbox, http://websandbox.livelabs.com/
Microsoft Corp. Microsoft Web Sandbox: QoS Layer, http://websandbox.livelabs.com/documentation/vm_qos.aspx
Díaz, O., Arellano, C., Iturrioz, J.: Layman Tuning of Websites: Facing Change Resilience. In: The 17th International Conference on World Wide Web, WWW 2008 (2008)
Dojo. Secure Mashups with dojox.secure, http://www.sitepen.com/blog/2008/08/01/secure-mashups-with-dojoxsecure/
Hoffman, B., Sullivan, B.: Web Mashups and Aggregators. In: AJAX Security, ch. 11, pp. 295–327. Addison-Wesley, Reading (2007)
Facebook Inc. Apps on Facebook, http://developers.facebook.com/docs/guides/canvas/
Google Inc. Google Caja: A source-to-source translator for securing Javascript-based web content, http://code.google.com/p/google-caja/
JCP. JSR 168: Portlet Specification Version 1.0 (2003), http://www.jcp.org/en/jsr/detail?id=168
Maver, J., Popp, C.: Essential Facebook Development: Build Successful Applications for the Facebook Platform. Addison-Wesley, Reading (2009)
Möller, K., Bechhofer, S., Heath, T.: Semantic Web Conference Ontology (2007), http://data.semanticweb.org/ns/swc/ontology
Scacchi, W.: Computer Game Mods, Modders, Modding, and the Mod Scene. First Monday 15 (2010)
Smith, M.K., Welty, C., McGuinness, D.L.: OWL Web Ontology Language Guide. W3C Recommendation (2004), http://www.w3.org/TR/owl-guide/
Voas, J.: Certification: Reducing the Hidden Costs of Poor Quality. IEEE Software 16, 22–25 (1999)
W3CDOMWG. W3C DOM Level 2, http://www.w3.org/DOM/DOMTR#dom2
W3CHTML5WG. HTML5, http://www.w3.org/TR/html5/
Yu, J., Benatallah, B., Casati, F., Daniel, F.: Understanding Mashup Development. IEEE Internet Computing 12, 44–52 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Arellano, C., Díaz, O., Iturrioz, J. (2010). Crowdsourced Web Augmentation: A Security Model. In: Chen, L., Triantafillou, P., Suel, T. (eds) Web Information Systems Engineering – WISE 2010. WISE 2010. Lecture Notes in Computer Science, vol 6488. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17616-6_27
Download citation
DOI: https://doi.org/10.1007/978-3-642-17616-6_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17615-9
Online ISBN: 978-3-642-17616-6
eBook Packages: Computer ScienceComputer Science (R0)