Automatic Extraction of Behavioral Models from Distributed Systems and Services

  • Ioana Şora
  • Doru-Thom Popovici
Part of the Communications in Computer and Information Science book series (CCIS, volume 417)


Many techniques used for discovering faults and vulnerabilities in distributed systems and services require as inputs formal behavioral models of the systems under validation. Such models are traditionally written by hand, according to the specifications which are known, leading to a gap between the real systems which have to be validated and their abstract models.

A method to bridge this gap is to develop tools that automatically extract the models directly from the implementations of distributed systems and services. We propose here a general model extraction solution, applicable to several service technologies. At the core of our solution we develop a method for transforming the control flow graph of an abstract communicating system into its corresponding behavioral model represented as an Extended Finite State Machine. We then illustrate our method for extracting models from services implemented using different concrete technologies such as Java RMI, Web services and HTTP Web applications and servlets.


Reverse Engineering Behavioral Model EFSM Distributed Computing Service Computing 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Albert, E., Østvold, B.M., Rojas, J.M.: Automated extraction of abstract behavioural models from jms applications. In: Stoelinga, M., Pinger, R. (eds.) FMICS 2012. LNCS, vol. 7437, pp. 16–31. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  2. 2.
    Alur, R., Černý, P., Madhusudan, P., Nam, W.: Synthesis of interface specifications for Java classes. In: Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2005), pp. 98–109. ACM, New York (2005)Google Scholar
  3. 3.
    Armando, A., Carbone, R., Compagna, L., Li, K., Pellegrino, G.: Model-checking driven security testing of web-based applications. In: 2010 Third International Conference on Software Testing, Verification, and Validation Workshops (ICSTW), pp. 361–370 (2010)Google Scholar
  4. 4.
    Bertolino, A., Inverardi, P., Pelliccione, P., Tivoli, M.: Automatic synthesis of behavior protocols for composable web-services. In: Proceedings of the 7th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2009), pp. 141–150. ACM, New York (2009)Google Scholar
  5. 5.
    Buchler, M., Oudinet, J., Pretschner, A.: Semi-automatic security testing of web applications from a secure model. In: 2012 IEEE Sixth International Conference on Software Security and Reliability (SERE), pp. 253–262 (2012)Google Scholar
  6. 6.
    Corbett, J.C., Dwyer, M.B., Hatcliff, J., Laubach, S., Pasareanu, C.S., Robby, Zheng, H.: Bandera: extracting finite-state models from java source code. In: Proceedings of the 2000 International Conference on Software Engineering, pp. 439–448 (2000)Google Scholar
  7. 7.
    Hossen, K., Groz, R., Richier, J.L.: Security vulnerabilities detection using model inference for applications and security protocols. In: IEEE 4th International Conference on Software Testing, Verification and Validation Workshops, pp. 534–536 (2011)Google Scholar
  8. 8.
    IBM. Watson, T.J.: Libraries for Analysis (WALA). Technical report, IBM T.J.Watson Research Centre (2010)Google Scholar
  9. 9.
    Lorenzoli, D., Mariani, L., Pezze, M.: Automatic generation of software behavioral models. In: ACM/IEEE 30th International Conference on Software Engineering (ICSE 2008), pp. 501–510 (2008)Google Scholar
  10. 10.
    Mariani, L., Pezzè, M., Riganelli, O., Santoro, M.: SEIM: static extraction of interaction models. In: Proceedings of the 2nd International Workshop on Principles of Engineering Service-Oriented Systems (PESOS 2010), pp. 22–28. ACM, New York (2010)Google Scholar
  11. 11.
    Merten, M., Howar, F., Steffen, B., Pellicione, P., Tivoli, M.: Automated inference of models for black box systems based on interface descriptions. In: Margaria, T., Steffen, B. (eds.) ISoLA 2012, Part I. LNCS, vol. 7609, pp. 79–96. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  12. 12.
    von Oheimb, D., Mödersheim, S.: ASLan++ — a formal security specification language for distributed systems. In: Aichernig, B.K., de Boer, F.S., Bonsangue, M.M. (eds.) Formal Methods for Components and Objects. LNCS, vol. 6957, pp. 1–22. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
    Shoham, S., Yahav, E., Fink, S.J., Pistoia, M.: Static specification mining using automata-based abstractions. IEEE Transactions on Software Engineering 34(5), 651–666 (2008)CrossRefGoogle Scholar
  14. 14.
    Sora, I., Popovici, D.-T.: Extracting behavioral models from service implementations. In: Proceedings of 8th International Conference on Evaluation of Novel Software Approaches to Software Engineering (ENASE 2013), pp. 226–231. SciTePress (2013)Google Scholar
  15. 15.
    Tripp, O., Pistoia, M., Fink, S.J., Sridharan, M., Weisman, O.: TAJ: effective taint analysis of web applications. In: Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2009), pp. 87–97. ACM, New York (2009)CrossRefGoogle Scholar
  16. 16.
    Viganò, L.: Towards the secure provision and consumption in the internet of services. In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds.) TrustBus 2012. LNCS, vol. 7449, pp. 214–215. Springer, Heidelberg (2012)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Ioana Şora
    • 1
  • Doru-Thom Popovici
    • 1
  1. 1.Department of Computer and Software EngineeringPolitehnica University of TimisoaraRomania

Personalised recommendations