diff --git a/publications.bib b/publications.bib
index 731009e345ae8fc36cd600d6d4bb4f492b7a9784..a737343597399ec27dbcb7793b857053dce96986 100644
--- a/publications.bib
+++ b/publications.bib
@@ -558,3 +558,18 @@ Building on separation logic with concurrent abstract predicates (CAP), we intro
 
   Project                  = { concurrency, tada }
 }
+@Article{Fragoso2016Mashic,
+  Title                    = {{Mashic Compiler: Mashup Sandboxing based on Inter-frame Communication}},
+  Author                   = {Zhengqin Luo and José Fragoso Santos and Ana Almeida Matos and Tamara Rezk},
+  Journal                  = {Journal of Computer Security},
+  Year                     = {2016},
+  Number                   = {24},
+  Volume                   = {1},
+  Pages                    = {91--136},
+  doi                      = {10.3233/JCS-160542},
+  url                      = { http://dx.doi.org/10.3233/JCS-160542},
+
+  Abstract                 = { Mashups are a prevailing kind of web applications integrating external gadget APIs often written in the JavaScript programming language. Writing secure mashups is a challenging task due to the heterogeneity of existing gadget APIs, the privileges granted to gadgets during mashup executions, and JavaScript’s highly dynamic environment. We propose a new compiler, called Mashic, for the automatic generation of secure JavaScript-based mashups from existing mashup code. The Mashic compiler can effortlessly be applied to existing mashups based on a wide-range of gadget APIs. It offers security and correctness guarantees. Security is achieved via the Same Origin Policy. Correctness is ensured in the presence of benign gadgets, that satisfy confidentiality and integrity constraints with regard to the integrator code. The compiler has been successfully applied to real world mashups based on Google maps, Bing maps, YouTube, and Zwibbler APIs.},
+   
+  Project                  = { web }
+   }