A novel methodology towards a trusted environment in mashup web applications

A mashup is a web-based application developed through aggregation of data from different public external or internal sources (including trusted and untrusted). Mashup introduces an open environment that is exposed to many security vulnerabilities, threats and risks. These weaknesses will bring security to the forefront when developing mashup applications and will require new ways of identifying and managing said risks. The primary goal of this paper is to present a client side mashup security framework to ensure that the sources for mashup applications are tested and secured against malicious intrusions. This framework is based on risk analysis and mashup source classification that will examine, analyze and evaluate the data transitions between the server-side and the client-side. Risk filtering using data mining suggests a new data mining technique also be utilized to enhance the quality of the risk analysis by removing most of the false risks. This approach is called the Risk Filtering Data Mining algorithm (RFDM). The RFDM framework deals with three types of clusters (trusted, untrusted and hesitation or unknown) to handle the hesitation clusters. Our proposal is to employ Atanassov's Instuitionistic Fuzzy Sets (A-IFs) as it improves the results of an URL. Finally, the results would be evaluated based on five experimental measures generated by a confusion matrix, namely: Accuracy (AC), recall or true positive rate (TP), precision (P), F-measure (considers both precision and recall) and Fβ.