
Departmental Papers (CIS)
Date of this Version
2011
Document Type
Conference Paper
Recommended Citation
Jian Chang, Krishna Venkatasubramanian, Andrew G. West, Sampath Kannan, Oleg Sokolsky, Myuhng Joo Kim, and Insup Lee, "ToMaTo: A Trustworthy Code Mashup Development Tool", 5th International Workshop on Web APIs and Service Mashups (Mashups '11) . January 2011. http://dx.doi.org/10.1145/2076006.2076012
Abstract
Recent years have seen the emergence of a new programming paradigm for Web applications that emphasizes the reuse of external content, the mashup. Although the mashup paradigm enables the creation of innovative Web applications with emergent features, its openness introduces trust problems. These trust issues are particularly prominent in JavaScript code mashup - a type of mashup that integrated external Javascript libraries to achieve function and software reuse. With JavaScript code mashup, external libraries are usually given full privileges to manipulate data of the mashup application and executing arbitrary code. This imposes considerable risk on the mashup developers and the end users.
One major causes for these trust problems is that the mashup developers tend to focus on the functional aspects of the application and implicitly trust the external code libraries to satisfy security, privacy and other non-functional requirements. In this paper, we present ToMaTo, a development tool that combines a novel trust policy language and a static code analysis engine to examine whether the external libraries satisfy the non-functional requirements. ToMaTo gives the mashup developers three essential capabilities for building trustworthy JavaScript code mashup: (1) to specify trust policy, (2) to assess policy adherence, and (3) to handle policy violation. The contributions of the paper are: (1) a description of JavaScript code mashup and its trust issues, and (2) a development tool (ToMaTo) for building trustworthy JavaScript code mashup.
Subject Area
CPS Formal Methods
Publication Source
5th International Workshop on Web APIs and Service Mashups (Mashups '11)
Start Page
Article No. 5
DOI
10.1145/2076006.2076012
Copyright/Permission Statement
© ACM 2011. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in Proceedings of the 5th International Workshop on Web APIs and Service Mashups (Mashups '11), http://dx.doi.org/10.1145/2076006.2076012.
Keywords
Mashup, Trust, JavaScript, Code Analysis
Date Posted: 07 September 2011
This document has been peer reviewed.
Comments
5th International Workshop on Web APIs and Service Mashups (Mashups '11), September 14, 2011, Lugano, Switzerland.