IBM cracks Web 2.0 security concerns with “SMash”

IBM announced new technology to secure “mashups,” web applications that pull information from multiple sources, such as Web sites, enterprise databases or emails, to create one unified view. Mashups are attractive for business use, as they allow non-technical users to gain insight on complex situations in minutes, but as with all Web-based initiatives, security has been a concern.

The technology is codenamed “SMash.” Short for secure mashup, it allows information from different sources to talk to each other, but keeps them separate so malicious code cannot creep into enterprise systems.

SMash addresses a key part of the browser mashup security issue by keeping code and data from each of the sources separated, while allowing controlled sharing of the data through a secure communication channel. Performance evaluations have shown that SMash can be used in common enterprise mashup applications. Mashups provide us with a glimpse into the future of work and how business will be conducted in the 21st century.

In February, IBM’s X-Force Security Team released the findings of a report, detailing a disturbing rise in the sophistication of attacks by cyber criminals on Web browsers worldwide. According to the study, by attacking a computer user’s browser, cyber criminals are able to steal their identity and control the computer without their knowledge. Additionally, when attackers invade an enterprise machine, they could steal sensitive company information or use the compromised machine to gain access to other corporate assets behind the firewall.

To truly empower the Web community, which is an underlying tenet of this new phase of Web usage and application development, the community first has to be able to share a common access method to a given application. IBM recognizes that the ongoing development of standards-based technologies is a key to enabling more enterprises utilize Web 2.0 technologies.

In order to give consumer and business users the opportunity to take advantage of mashup technology, IBM is contributing the SMash technology to the OpenAjax Alliance. The OpenAjax Alliance is an organization of vendors, open source projects and companies using Ajax that are dedicated to the successful adoption of open and interoperable Ajax-based Web technologies.