SandMash: An Approach for Mashups Techniques on Smartphones

  • Raed AliEmail author
  • Kalman Graffi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9228)


Supporting Mashup on mobile devices allows supporting advanced use cases and thus to accelerate the creation and combination of smart mobile applications. In this paper, we evaluate the three client-side Mashups proposals JS.JS, OMash and SMash on mobile devices. Our evaluation on mobile devices shows that the SMash proposal by IBM is reasonably suited for mobile mashups development as it requires less amount of effort from developers and at the same time it has cross-mobile-browser compatibility. In order to address the security, we integrated a sandbox functionality. We have modified the OpenAjax JavaScript library proposed in SMash and have added support of HTML5 \(\langle \)iframe\(\rangle \) tag’s “sandbox” attribute to it. \(\langle \)iframe\(\rangle \) “sandbox” attribute, mobile mashups developers can restrict the framed-content (which may not be trustworthy) in a low-privileged environment. We demonstrate our proposal on a mobile mashup application that integrates content from three different providers (i.e., News, Stock and Weather service).


Mashup Smartphones Mobile services 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    CanIUse?: Sandbox Attribute for iframes.
  2. 2.
    Crites, S., Hsu, F., Chen, H.: OMash: enabling secure web mashups via object abstractions. In: Proc. of the ACM Conf. on Computer and Communications Security, (CCS 2008), pp. 99–108, October 2008Google Scholar
  3. 3.
    Dongy, X., Tranz, M., Liangy, Z., Jiangz., X.: Adsentry: Comprehensive and flexible confinement of javascript-based advertisements. In: Annual Computer Security Applications Conf., (ACSAC 2011), pp. 297–306 (2011)Google Scholar
  4. 4.
    JavaScriptinJavaScript(js.js): Sandboxing Third-Party Scripts, April 2012.
  5. 5.
    Keukelaere, F.D., Bhola, S., Steiner, M., Chari, S., Yoshihama, S.: SMash: secure component model for cross-domain mashups on unmodified browsers. In: Proc. of the Int. Conf. on World Wide Web (WWW 2008) 2008, pp. 535–544, April 2008Google Scholar
  6. 6.
    Kovacevic, A., Kaune, S., Heckel, H., Mink, A., Graffi, K., Heckmann, O., Steinmetz, R.: PeerfactSim.KOM - A Simulator for Large-Scale Peer-to-Peer Networks. Tech. Rep. Tr-2006-06, TU Darmstadt (2006)Google Scholar
  7. 7.
    Liebau, N., Pussep, K., Graffi, K., Kaune, S., Jahn, E., Beyer, A., Steinmetz, R.: The impact of the P2P paradigm on the new media industries. In: AMCIS 2007: Proceedings of Americas Conference on Information Systems (2007)Google Scholar
  8. 8.
    Manyika, J., Chui, M., Bughin, J., Dobbs, R., Bisson, P., Marrs, A.: Disruptive Technologies: Advances that will transform life, business, and the global economy, May 2013.
  9. 9.
  10. 10.
    OpenAjaxAlliance: Openajax alliance open source project at sourceforge.
  11. 11.
    Ruderman, J.: The same origin policy, August 2001.
  12. 12.
    De Ryck, P., Decat, M., Desmet, L., Piessens, F., Joosen, W.: Security of web mashups: a survey. In: Aura, T., Järvinen, K., Nyberg, K. (eds.) NordSec 2010. LNCS, vol. 7127, pp. 223–238. Springer, Heidelberg (2012) Google Scholar
  13. 13.
  14. 14.
    Terrace, J., Beard, S.R., Katta, N.P.K.: JavaScript in JavaScript (js.js): sandboxing third-party scripts. In: Proc. of the USENIX Conf. on Web Application Development (WebApps 2012), pp. 95–100 (2012)Google Scholar
  15. 15.
    West, M.: Play safely in sandboxed iframes, January 4, 2013.
  16. 16.
    Zarandioon, S., Yao, D.D., Ganapathy, V.: OMOS: a framework for secure communication in mashup applications. In: Annual Computer Security Applications Conf., (ACSAC 2008), pp. 355–364 (2008)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Technology of Social Networks GroupUniversity of DüsseldorfDüsseldorfGermany

Personalised recommendations