[OpenAjaxSecurity] SMash source code contribution

Frederik De Keukelaere EB41704 at jp.ibm.com
Fri Aug 31 01:26:21 PDT 2007


Dear all,

We are happy to announce that we have just completed checking in the SMash 
source code into the OAA SourceForge project. The code is available in the 
sandbox under the directory smash (/hub/trunk/sandbox/smash). 

The code is accompanied by 3 small demo's illustrating the potential use 
of this library.

Simple demo: This is basic demo illustrating the basics of cross frame 
communication in 
this library. The ports are statically wired to the channels in the main 
application.
(includes alerts that illustrate component state transitions and messages 
on channels)
smash/demos/simple/index.html

Dynamic demo: This is a basic demo illustrating dynamic wiring of ports 
and channels and the 
dynamic creation and deletion of components.
(includes alerts that illustrate component state transitions and messages 
on channels)
smash/demos/dynamic/index.html

Attacks: This demo contains a list of the possible attacks against our 
library (message integrity
attacks and component phishing attacks) and the different detection and 
protection mechanisms 
we have implemented for them.
smash/demos/attacks/index.html

More information about SMash can be found at 
http://www.openajax.org/member/wiki/Mashup_Security_Approaches#SMash.

I would like to encourage people to have a look at it and discuss how this 
technology can be used to enable secure mashups for future Hub releases.

Kind regards,

Frederik 
on behalf of the SMash team.

---
Frederik De Keukelaere, Ph.D.
Postdoctoral Researcher
IBM Research, Tokyo Research Laboratory
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openajax.org/pipermail/security/attachments/20070831/2fceee9d/attachment.html 


More information about the security mailing list