Key points are not available for this paper at this time.
Adobe Flash and Microsoft Silverlight are two widely adopted platforms for providing Rich Internet Applications (RIA) over the World Wide Web. The need for RIAs to retrieve content hosted on different domains, in order to enrich user experience, led to the use of cross-domain policies by content providers. Cross-domain policies define the list of RIA hosting domains that are allowed to retrieve content from the content provider's domain. Misinterpretation or misconfigurations of the policies may give the opportunity to malicious RIAs to access and handle users' private data.
Kontaxis et al. (Sun,) studied this question.