Abstract
Many techniques used for discovering faults and vulnerabilities in distributed systems and services require as inputs formal behavioral models of the systems under validation. Such models are traditionally written by hand, according to the specifications which are known, leading to a gap between the real systems which have to be validated and their abstract models.
A method to bridge this gap is to develop tools that automatically extract the models directly from the implementations of distributed systems and services. We propose here a general model extraction solution, applicable to several service technologies. At the core of our solution we develop a method for transforming the control flow graph of an abstract communicating system into its corresponding behavioral model represented as an Extended Finite State Machine. We then illustrate our method for extracting models from services implemented using different concrete technologies such as Java RMI, Web services and HTTP Web applications and servlets.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Albert, E., Østvold, B.M., Rojas, J.M.: Automated extraction of abstract behavioural models from jms applications. In: Stoelinga, M., Pinger, R. (eds.) FMICS 2012. LNCS, vol. 7437, pp. 16–31. Springer, Heidelberg (2012)
Alur, R., Černý, P., Madhusudan, P., Nam, W.: Synthesis of interface specifications for Java classes. In: Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2005), pp. 98–109. ACM, New York (2005)
Armando, A., Carbone, R., Compagna, L., Li, K., Pellegrino, G.: Model-checking driven security testing of web-based applications. In: 2010 Third International Conference on Software Testing, Verification, and Validation Workshops (ICSTW), pp. 361–370 (2010)
Bertolino, A., Inverardi, P., Pelliccione, P., Tivoli, M.: Automatic synthesis of behavior protocols for composable web-services. In: Proceedings of the 7th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2009), pp. 141–150. ACM, New York (2009)
Buchler, M., Oudinet, J., Pretschner, A.: Semi-automatic security testing of web applications from a secure model. In: 2012 IEEE Sixth International Conference on Software Security and Reliability (SERE), pp. 253–262 (2012)
Corbett, J.C., Dwyer, M.B., Hatcliff, J., Laubach, S., Pasareanu, C.S., Robby, Zheng, H.: Bandera: extracting finite-state models from java source code. In: Proceedings of the 2000 International Conference on Software Engineering, pp. 439–448 (2000)
Hossen, K., Groz, R., Richier, J.L.: Security vulnerabilities detection using model inference for applications and security protocols. In: IEEE 4th International Conference on Software Testing, Verification and Validation Workshops, pp. 534–536 (2011)
IBM. Watson, T.J.: Libraries for Analysis (WALA). Technical report, IBM T.J.Watson Research Centre (2010)
Lorenzoli, D., Mariani, L., Pezze, M.: Automatic generation of software behavioral models. In: ACM/IEEE 30th International Conference on Software Engineering (ICSE 2008), pp. 501–510 (2008)
Mariani, L., Pezzè, M., Riganelli, O., Santoro, M.: SEIM: static extraction of interaction models. In: Proceedings of the 2nd International Workshop on Principles of Engineering Service-Oriented Systems (PESOS 2010), pp. 22–28. ACM, New York (2010)
Merten, M., Howar, F., Steffen, B., Pellicione, P., Tivoli, M.: Automated inference of models for black box systems based on interface descriptions. In: Margaria, T., Steffen, B. (eds.) ISoLA 2012, Part I. LNCS, vol. 7609, pp. 79–96. Springer, Heidelberg (2012)
von Oheimb, D., Mödersheim, S.: ASLan++ — a formal security specification language for distributed systems. In: Aichernig, B.K., de Boer, F.S., Bonsangue, M.M. (eds.) Formal Methods for Components and Objects. LNCS, vol. 6957, pp. 1–22. Springer, Heidelberg (2011)
Shoham, S., Yahav, E., Fink, S.J., Pistoia, M.: Static specification mining using automata-based abstractions. IEEE Transactions on Software Engineering 34(5), 651–666 (2008)
Sora, I., Popovici, D.-T.: Extracting behavioral models from service implementations. In: Proceedings of 8th International Conference on Evaluation of Novel Software Approaches to Software Engineering (ENASE 2013), pp. 226–231. SciTePress (2013)
Tripp, O., Pistoia, M., Fink, S.J., Sridharan, M., Weisman, O.: TAJ: effective taint analysis of web applications. In: Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2009), pp. 87–97. ACM, New York (2009)
Viganò, L.: Towards the secure provision and consumption in the internet of services. In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds.) TrustBus 2012. LNCS, vol. 7449, pp. 214–215. Springer, Heidelberg (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Şora, I., Popovici, DT. (2013). Automatic Extraction of Behavioral Models from Distributed Systems and Services. In: Filipe, J., Maciaszek, L.A. (eds) Evaluation of Novel Approaches to Software Engineering. ENASE 2013. Communications in Computer and Information Science, vol 417. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54092-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-54092-9_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54091-2
Online ISBN: 978-3-642-54092-9
eBook Packages: Computer ScienceComputer Science (R0)