{"id":"https://openalex.org/W1989161925","doi":"https://doi.org/10.1145/1455770.1455784","title":"OMash","display_name":"OMash","publication_year":2008,"publication_date":"2008-10-27","ids":{"openalex":"https://openalex.org/W1989161925","doi":"https://doi.org/10.1145/1455770.1455784","mag":"1989161925"},"language":"en","primary_location":{"id":"doi:10.1145/1455770.1455784","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1455770.1455784","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 15th ACM conference on Computer and communications security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5007508266","display_name":"Steven Crites","orcid":null},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Steven Crites","raw_affiliation_strings":["University of California, Davis, Davis, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Davis, Davis, CA, USA","institution_ids":["https://openalex.org/I84218800"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054999977","display_name":"Francis Hsu","orcid":null},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Francis Hsu","raw_affiliation_strings":["University of California, Davis, Davis, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Davis, Davis, CA, USA","institution_ids":["https://openalex.org/I84218800"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100353550","display_name":"Hao Chen","orcid":"https://orcid.org/0000-0002-4072-0710"},"institutions":[{"id":"https://openalex.org/I84218800","display_name":"University of California, Davis","ror":"https://ror.org/05rrcem69","country_code":"US","type":"education","lineage":["https://openalex.org/I84218800"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hao Chen","raw_affiliation_strings":["University of California, Davis, Davis, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Davis, Davis, CA, USA","institution_ids":["https://openalex.org/I84218800"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5007508266"],"corresponding_institution_ids":["https://openalex.org/I84218800"],"apc_list":null,"apc_paid":null,"fwci":21.149,"has_fulltext":false,"cited_by_count":54,"citation_normalized_percentile":{"value":0.99204021,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"99","last_page":"108"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7902971506118774},{"id":"https://openalex.org/keywords/mashup","display_name":"Mashup","score":0.7734723091125488},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.5885600447654724},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.53961181640625},{"id":"https://openalex.org/keywords/privilege","display_name":"Privilege (computing)","score":0.5034975409507751},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.49220386147499084},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.47105881571769714},{"id":"https://openalex.org/keywords/simple","display_name":"Simple (philosophy)","score":0.46242135763168335},{"id":"https://openalex.org/keywords/abstraction","display_name":"Abstraction","score":0.42959457635879517},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4290536642074585},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.3659905195236206},{"id":"https://openalex.org/keywords/web-2.0","display_name":"Web 2.0","score":0.19123929738998413},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.11327683925628662}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7902971506118774},{"id":"https://openalex.org/C196126337","wikidata":"https://www.wikidata.org/wiki/Q821080","display_name":"Mashup","level":4,"score":0.7734723091125488},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.5885600447654724},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.53961181640625},{"id":"https://openalex.org/C2780138299","wikidata":"https://www.wikidata.org/wiki/Q3404265","display_name":"Privilege (computing)","level":2,"score":0.5034975409507751},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.49220386147499084},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.47105881571769714},{"id":"https://openalex.org/C2780586882","wikidata":"https://www.wikidata.org/wiki/Q7520643","display_name":"Simple (philosophy)","level":2,"score":0.46242135763168335},{"id":"https://openalex.org/C124304363","wikidata":"https://www.wikidata.org/wiki/Q673661","display_name":"Abstraction","level":2,"score":0.42959457635879517},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4290536642074585},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.3659905195236206},{"id":"https://openalex.org/C136699151","wikidata":"https://www.wikidata.org/wiki/Q131164","display_name":"Web 2.0","level":3,"score":0.19123929738998413},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.11327683925628662},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1455770.1455784","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1455770.1455784","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 15th ACM conference on Computer and communications security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7599999904632568,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320333591","display_name":"Multidisciplinary University Research Initiative","ror":null},{"id":"https://openalex.org/F4320338279","display_name":"Air Force Office of Scientific Research","ror":"https://ror.org/011e9bt93"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W2022724458","https://openalex.org/W2056073317","https://openalex.org/W2103834013","https://openalex.org/W2113247363","https://openalex.org/W2122847456","https://openalex.org/W2126461222","https://openalex.org/W2145779758","https://openalex.org/W2407530542","https://openalex.org/W4299301436","https://openalex.org/W6677247423","https://openalex.org/W6713589687"],"related_works":["https://openalex.org/W2154270547","https://openalex.org/W3002405669","https://openalex.org/W66507862","https://openalex.org/W2341203197","https://openalex.org/W2112107765","https://openalex.org/W1982802095","https://openalex.org/W1851202668","https://openalex.org/W87798777","https://openalex.org/W2377354346","https://openalex.org/W2810152389"],"abstract_inverted_index":{"The":[0,24],"current":[1],"security":[2,59,78],"model":[3],"used":[4],"by":[5,20,142],"web":[6,21,94],"browsers,":[7],"the":[8,45,49,52,74,115,130,138,154],"Same":[9],"Origin":[10],"Policy":[11],"(SOP),":[12],"does":[13,111,126],"not":[14,112,127],"support":[15],"secure":[16],"cross-domain":[17,122],"communication":[18,34],"desired":[19,141],"mashup":[22,84,143],"developers.":[23],"developers":[25],"have":[26],"to":[27,101,149],"choose":[28],"between":[29,77],"no":[30,33],"trust,":[31,39],"where":[32,40],"is":[35],"allowed,":[36],"and":[37,61,69,79,98,145,166],"full":[38,46],"third-party":[41],"content":[42],"runs":[43],"with":[44,153],"privilege":[47],"of":[48,58,160],"integrator.":[50],"Furthermore,":[51],"SOP":[53,116],"has":[54],"its":[55],"own":[56],"set":[57],"vulnerabilities":[60],"pitfalls,":[62],"including":[63],"Cross-Site":[64],"Request":[65],"Forgery,":[66],"DNS":[67],"rebinding":[68],"dynamic":[70],"pharming.":[71],"To":[72],"overcome":[73],"unfortunate":[75],"tradeoff":[76],"functionality":[80],"forced":[81],"upon":[82],"today's":[83],"developers,":[85],"we":[86],"propose":[87],"OMash,":[88],"a":[89,158],"simple":[90],"abstraction":[91],"that":[92,135],"treats":[93],"pages":[95],"as":[96],"objects":[97,100],"allows":[99],"communicate":[102],"only":[103],"via":[104],"their":[105],"declared":[106],"public":[107],"interfaces.":[108],"Since":[109],"OMash":[110,136,161],"rely":[113],"on":[114],"for":[117],"controlling":[118],"DOM":[119],"access":[120],"or":[121],"data":[123],"exchange,":[124],"it":[125],"suffer":[128],"from":[129],"SOP's":[131],"vulnerabilities.":[132],"We":[133,156],"show":[134],"satisfies":[137],"trust":[139],"relationships":[140],"authors":[144],"may":[146],"be":[147,150],"configured":[148],"backward":[151],"compatible":[152],"SOP.":[155],"implemented":[157],"prototype":[159],"using":[162],"Mozilla":[163],"Firefox":[164],"2.0":[165],"demonstrated":[167],"several":[168],"proof-of-concept":[169],"applications.":[170]},"counts_by_year":[{"year":2022,"cited_by_count":2},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":3},{"year":2014,"cited_by_count":3},{"year":2013,"cited_by_count":8},{"year":2012,"cited_by_count":11}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2016-06-24T00:00:00"}