Automatic Extraction of Behavioral Models from Distributed Systems and Services
Many techniques used for discovering faults and vulnerabilities in distributed systems and services require as inputs formal behavioral models of the systems under validation. Such models are traditionally written by hand, according to the specifications which are known, leading to a gap between the real systems which have to be validated and their abstract models.
A method to bridge this gap is to develop tools that automatically extract the models directly from the implementations of distributed systems and services. We propose here a general model extraction solution, applicable to several service technologies. At the core of our solution we develop a method for transforming the control flow graph of an abstract communicating system into its corresponding behavioral model represented as an Extended Finite State Machine. We then illustrate our method for extracting models from services implemented using different concrete technologies such as Java RMI, Web services and HTTP Web applications and servlets.
KeywordsReverse Engineering Behavioral Model EFSM Distributed Computing Service Computing
Unable to display preview. Download preview PDF.
- 2.Alur, R., Černý, P., Madhusudan, P., Nam, W.: Synthesis of interface specifications for Java classes. In: Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2005), pp. 98–109. ACM, New York (2005)Google Scholar
- 3.Armando, A., Carbone, R., Compagna, L., Li, K., Pellegrino, G.: Model-checking driven security testing of web-based applications. In: 2010 Third International Conference on Software Testing, Verification, and Validation Workshops (ICSTW), pp. 361–370 (2010)Google Scholar
- 4.Bertolino, A., Inverardi, P., Pelliccione, P., Tivoli, M.: Automatic synthesis of behavior protocols for composable web-services. In: Proceedings of the 7th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2009), pp. 141–150. ACM, New York (2009)Google Scholar
- 5.Buchler, M., Oudinet, J., Pretschner, A.: Semi-automatic security testing of web applications from a secure model. In: 2012 IEEE Sixth International Conference on Software Security and Reliability (SERE), pp. 253–262 (2012)Google Scholar
- 6.Corbett, J.C., Dwyer, M.B., Hatcliff, J., Laubach, S., Pasareanu, C.S., Robby, Zheng, H.: Bandera: extracting finite-state models from java source code. In: Proceedings of the 2000 International Conference on Software Engineering, pp. 439–448 (2000)Google Scholar
- 7.Hossen, K., Groz, R., Richier, J.L.: Security vulnerabilities detection using model inference for applications and security protocols. In: IEEE 4th International Conference on Software Testing, Verification and Validation Workshops, pp. 534–536 (2011)Google Scholar
- 8.IBM. Watson, T.J.: Libraries for Analysis (WALA). Technical report, IBM T.J.Watson Research Centre (2010)Google Scholar
- 9.Lorenzoli, D., Mariani, L., Pezze, M.: Automatic generation of software behavioral models. In: ACM/IEEE 30th International Conference on Software Engineering (ICSE 2008), pp. 501–510 (2008)Google Scholar
- 10.Mariani, L., Pezzè, M., Riganelli, O., Santoro, M.: SEIM: static extraction of interaction models. In: Proceedings of the 2nd International Workshop on Principles of Engineering Service-Oriented Systems (PESOS 2010), pp. 22–28. ACM, New York (2010)Google Scholar
- 14.Sora, I., Popovici, D.-T.: Extracting behavioral models from service implementations. In: Proceedings of 8th International Conference on Evaluation of Novel Software Approaches to Software Engineering (ENASE 2013), pp. 226–231. SciTePress (2013)Google Scholar