Crowdsourced Web Augmentation: A Security Model

Web augmentation alters the rendering of existing Web applications at the back of these applications. Changing the layout, adding/removing content
or providing additional hyperlinks/widgets are examples of Web augmentation that account for a more personalized user experience. Crowdsourced Web
augmentation considers end users not only the beneficiaries but also the contributors of augmentation scripts. The fundamental problem with so
augmented Web applications is that code from numerous and possibly untrusted users are placed into the same security domain, hence, raising security and integrity concerns. Current solutions either coexist with the danger (e.g. Greasemonkey, where scripts work on the same security domain that the hosting application) or limit augmentation possibilities (e.g. virtual iframes in Google’s Caja, where the widget is prevented from accessing the application space). This work introduces Modding Interfaces: application-specific interfaces that regulate inflow and outflow communication between the hosting code and the user code. The paper shows how the combined use of sandboxed iframes and “modding-interface” HTML5 channels ensures application integrity while permitting controlled augmentation on the hosting application.

  • The 11th International Conference on Web Information Systems Engineering (WISE2010), Hong Kong, (China)

  • December, 2010
  • 978-3-642-17615-9

This publication has not any associated project.

This publication has not any associated prototype.


University of the basque country