![](/images/graphics-bg.png)
Simple access control for post message API in unmodified browsers
Other Title(s)
سيطرة وصول مبسطة لمواجهة postMessage البرمجية على المتصفحات غير المعدلة
Dissertant
al-Ithawi, Umar Muthanna Adnan
Thesis advisor
Comitee Members
al-Mahdi, Nailah
Darwish, Abd Allah
al-Qatawnah, Jafar
University
Princess Sumaya University for Technology
Faculty
King Hussein Faculty for Computing Sciences
Department
Department of Computer Sciences
University Country
Jordan
Degree
Master
Degree Date
2015
English Abstract
Mashup is a web site that combines content from multiple sources.
Where the web site is called the integrator, and other components are the gadgets.
In this thesis, we propose Okra, which is a framework to mediate cross-domain communications in web mashups.
It is an abstraction layer over the low-level postMessage Application Programming Interface (API) to simplify the integration between cross-origin components while maintaining a least privileged communications through whitelisted access control.
This research employs a bottom-up approach in designing the framework through simulation, proof-of-concept and based on existing principles of software security and quality.
This approach aims to make a minimal, but featurefull framework.
Okra aims to be compatible with the majority of the browsers, and to secure itself and the mashup that employs it.
Evaluating the framework showed a moderate performance overhead over the postMessage API.
Okra’s simple API helps in reducing the complexity of defining and consuming interfaces for mashup components.
The access control layer of Okra has been tested against two types of malicious attacks, and no vulnerability have been found.
Main Subjects
Information Technology and Computer Science
Topics
No. of Pages
54
Table of Contents
Table of contents.
Abstract.
Abstract in Arabic.
Chapter One : Introduction.
Chapter Two : Background and literature review.
Chapter Three : The okra framework.
Chapter Four : Evaluation.
Chapter Five : Conclusion.
References.
American Psychological Association (APA)
al-Ithawi, Umar Muthanna Adnan. (2015). Simple access control for post message API in unmodified browsers. (Master's theses Theses and Dissertations Master). Princess Sumaya University for Technology, Jordan
https://search.emarefa.net/detail/BIM-651094
Modern Language Association (MLA)
al-Ithawi, Umar Muthanna Adnan. Simple access control for post message API in unmodified browsers. (Master's theses Theses and Dissertations Master). Princess Sumaya University for Technology. (2015).
https://search.emarefa.net/detail/BIM-651094
American Medical Association (AMA)
al-Ithawi, Umar Muthanna Adnan. (2015). Simple access control for post message API in unmodified browsers. (Master's theses Theses and Dissertations Master). Princess Sumaya University for Technology, Jordan
https://search.emarefa.net/detail/BIM-651094
Language
English
Data Type
Arab Theses
Record ID
BIM-651094