Advertisement

Specification and Verification of Web Applications in Rewriting Logic

  • María Alpuente
  • Demis Ballis
  • Daniel Romero
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5850)

Abstract

This paper presents a Rewriting Logic framework that formalizes the interactions between Web servers and Web browsers through a communicating protocol abstracting HTTP. The proposed framework includes a scripting language that is powerful enough to model the dynamics of complex Web applications by encompassing the main features of the most popular Web scripting languages (e.g. PHP, ASP, Java Servlets). We also provide a detailed characterization of browser actions (e.g. forward/backward navigation, page refresh, and new window/tab openings) via rewrite rules, and show how our models can be naturally model-checked by using the Linear Temporal Logic of Rewriting (LTLR), which is a Linear Temporal Logic specifically designed for model-checking rewrite theories. Our formalization is particularly suitable for verification purposes, since it allows one to perform in-depth analyses of many subtle aspects related to Web interaction. Finally, the framework has been completely implemented in Maude, and we report on some successful experiments that we conducted by using the Maude LTLR model-checker.

Keywords

Linear Temporal Logic Linear Temporal Logic Formula Query String Navigation Model Computational Tree Logic 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Message, R., Mycroft, A.: Controlling Control Flow in Web Applications. Electronic Notes in Theoretical Computer Science 200(3), 119–131 (2008)CrossRefGoogle Scholar
  2. 2.
    Graunke, P., Findler, R., Krishnamurthi, S., Felleisen, M.: Modeling Web Interactions. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 238–252. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Open Web Application Security Project: Top ten security flaws, http://www.owasp.org/index.php/OWASP_Top_Ten_Project
  4. 4.
    Martí-Oliet, N., Meseguer, J.: Rewriting Logic: Roadmap and Bibliography. Theoretical Computer Science 285(2), 121–154 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Meseguer, J.: Conditional Rewriting Logic as a Unified Model of Concurrency. Theoretical Computer Science 96(1), 73–155 (1992)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Han, M., Hofmeister, C.: Modeling and Verification of Adaptive Navigation in Web Applications. In: 6th International Conference on Web Engineering, pp. 329–336. ACM, New York (2006)CrossRefGoogle Scholar
  7. 7.
    Bae, K., Meseguer, J.: A Rewriting-Based Model Checker for the Linear Temporal Logic of Rewriting. ENTCS. Elsevier, Amsterdam (to appear)Google Scholar
  8. 8.
    Meseguer, J.: The Temporal Logic of Rewriting: A Gentle Introduction. In: Degano, P., De Nicola, R., Meseguer, J. (eds.) Concurrency, Graphs and Models. LNCS, vol. 5065, pp. 354–382. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007)zbMATHGoogle Scholar
  10. 10.
    TeReSe (ed.): Term Rewriting Systems. Cambridge University Press, Cambridge (2003)Google Scholar
  11. 11.
    Alpuente, M., Ballis, D., Romero, D.: A Rewriting Logic Framework for the Specification and the Analysis of Web Applications. Technical Report DSIC-II/01/09, Technical University of Valencia (2009), http://www.dsic.upv.es/~dromero/web-tlr.html
  12. 12.
    Meseguer, J., Palomino, M., Martí-Oliet, N.: Equational Abstractions. Theoretical Computer Science 403(2-3), 239–264 (2008)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Manna, Z., Pnueli, A.: The Temporal Logic of Reactive and Concurrent Systems. Springer, Heidelberg (1992)Google Scholar
  14. 14.
    Alfaro, L.: Model Checking the World Wide Web. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 337–349. Springer, Heidelberg (2001)Google Scholar
  15. 15.
    Flores, S., Lucas, S., Villanueva, A.: Formal Verification of Websites. Electronic notes in Theoretical Computer Science 200(3), 103–118 (2008)CrossRefGoogle Scholar
  16. 16.
    Haydar, M., Sahraoui, H., Petrenko, A.: Specification Patterns for Formal Web Verification. In: 8th International Conference on Web Engineering, pp. 240–246. IEEE Computer Society, Los Alamitos (2008)CrossRefGoogle Scholar
  17. 17.
    Miao, H., Zeng, H.: Model Checking-based Verification of Web Application. In: 12th IEEE International Conference on Engineering Complex Computer Systems, pp. 47–55. IEEE Computer Society, Los Alamitos (2007)Google Scholar
  18. 18.
    Donini, F.M., Mongiello, M., Ruta, M., Totaro, R.: A Model Checking-based Method for Verifying Web Application Design. Electronic Notes in Theoretical Computer Science 151(2), 19–32 (2006)CrossRefGoogle Scholar
  19. 19.
    Queinnec, C.: Continuations and Web Servers. Higher-Order and Symbolic Computation 17(4), 277–295 (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • María Alpuente
    • 1
  • Demis Ballis
    • 2
  • Daniel Romero
    • 1
  1. 1.Universidad Politécnica de ValenciaValenciaSpain
  2. 2.Dipartimento di Matematica e InformaticaUdineItaly

Personalised recommendations