Abstract

Web browsers have evolved from a single-principal platform on
which one site is browsed at a time into a multi-principal platform
on which data and code from mutually distrusting sites interact
programmatically in a single page at the browser. Today’s
“Web 2.0” applications (or mashups) offer rich services, rivaling
those of desktop PCs. However, the protection and communication
abstractions offered by today’s browsers remain suitable only for
a single-principal system—either no trust through complete isolation
between principals (sites) or full trust by incorporating third
party code as libraries. In this paper, we address this deficiency
by identifying and designing the missing abstractions needed for
a browser-based multi-principal platform. We have designed our
abstractions to be backward compatible and easily adoptable. We
have built a prototype system that realizes almost all of our abstractions
and their associated properties. Our evaluation shows that our
abstractions make it easy to build more secure and robust client-side
Web mashups and can be easily implemented with negligible
performance overhead.