Mashic: Automated Mashup Sandboxing based on Inter-frame Communication
(paper to appear in CSF12)
We propose a new compiler, called Mashic,
existing mashup code. The Mashic compiler can effortlessly be
applied to existing mashups based on a wide-range of gadget APIs.
It offers security and correctness guarantees. Security is achieved
via the Same Origin Policy. Correctness is ensured in the presence
of benign gadgets, that satisfy confidentiality and integrity
constrains with regard to the integrator code. The compiler has
been successfully applied to real world mashups based on Google
maps, Bing maps, YouTube, and Zwibbler APIs.
Draft long version
An extended long version of our CSF paper can be
This version contains details of JS decorated semantics, CPS transformation rules and proofs of theorems.
Mashic Compiler Prototype Implementation
The machic compiler can be downloaded
The compiler is written in a dialect of scheme - Bigloo.
For each of the demos, the integrator is hosted
on www.mashic.net, the sandboxed gadget is hosted
These demos may require the lastest version of your web browser. They
are tested to be compatible with Firefox 3.5+, Google Chrome 11+,
Internet Explorer 9, Safari 5+.