Generating interface grammars from WSDL for automated verification of web services

Interface grammars are a formalism for expressing constraints on sequences of messages exchanged between two components. In this paper, we extend interface grammars with an automated translation of XML Schema definitions present in WSDL documents into interface grammar rules. Given an interface grammar, we can then automatically generate either 1) a parser, to check that a sequence of messages generated by a web service client is correct with respect to the interface specification, or 2) a sentence generator producing compliant message sequences, to check that the web service responds to them according to the interface specification. By doing so, we can validate and generate both messages and sequences of messages in a uniform manner; moreover, we can express constraints where message structure and control flow cannot be handled separately

Reasoning with qualitative preferences for optimization of component-based system development

A component-based system is a set of entities that work together in well-defined ways to satisfy a given requirement specified by the stakeholders for the system. This requirement can be modeled as a set of combinations of traits, which represent acceptable alternatives for providing the required functionality. A system satisfies its requirement if and only if it provides one of the required sets of traits in its entirety. Beyond the requirement, system stakeholders may also have preferences with respect to optional functionality that could be provided by a system, tradeoffs between non-functional properties, or other system design options. This work focuses on integrating support for both qualitative preference reasoning and formal verification into the component-based system design process in order to choose a set of components for the system that, when composed, will (1) satisfy the stakeholders\u27 requirement for the system and (2) provide a set of traits that is optimal with respect to the given preferences. Our primary research objective is to develop a generic, modular, end-to-end framework for developing component-based systems of any type which are correct according to the system requirement and most preferred with respect to the stakeholders\u27 preferences. Applications of the framework to problems in Web service composition, goal-oriented requirements engineering, and other areas will be discussed, along with future work toward integrating multi-stakeholder preference reasoning and partial satisfaction of traits into the framework

Automatic Detection and Repair of Input Validation and Sanitization Bugs

A crucial problem in developing dependable web applications is thecorrectness of the input validation and sanitization. Bugs in stringmanipulation operations used for validation and sanitization are common,resulting in erroneous application behavior and vulnerabilities that areexploitable by malicious users. In this dissertation, we investigate theproblem of automatic detection and repair of validation and sanitization bugsboth at the client-side (JavaScript) and the server-side (PHP or Java) code.We first present a formal model for input validation and sanitizationfunctions along with a new domain specific intermediate languageto represent them. Then, we show how to extract input validation andsanitization functions in our intermediate language from both client andserver-side code in web applications. After the extraction phase, we useautomata-based static string-analysis techniques to automatically verifyand fix the extracted functions. One of our contributions is the developmentof efficient automata-based string analysis techniques for frequently used,complex string operations.We developed two basic approaches to bug detection and repair: 1)policy-based, and 2) differential. In the policy-based approach, inputvalidation and sanitization policies are expressed using two regularexpressions, one specifying the maximum policy (the upper bound for theset of strings that should be allowed) and the other specifying the minimumpolicy (the lower bound for the set of strings that should be allowed). Usingour string analysis techniques we can identify two types of errors inan input validation and sanitization function: 1) it accepts a set of strings thatis not permitted by the maximum policy (i.e., it is under-constrained),or 2) it rejects a set of strings that is permitted by the minimum policy(i.e., it is over-constrained).Our differential bug detection and repair approach does not require anypolicy specifications. It exploits the fact that, in web applications,developers typically perform redundant input validation and sanitizationin both the client and the server-side since client-side checks canbe by-passed. Using automata-based string analysis, we compare theinput validation and sanitization functions extracted from the client- andserver-side code, and identify and report the inconsistencies between them.Finally, we present an automated differential repair technique that canrepair client and server-side code with respect to each other, or acrossapplications in order to strengthen the validation and sanitizationchecks. Given a reference and a target function, our differential repairtechnique strengthens the validation and sanitization operations in thetarget function based on the reference function by automatically generatinga set of patches.We experimented with a number of real world web applications and found manybugs and vulnerabilities. Our analysis generates counter-example behaviorsdemonstrating the detected bugs and vulnerabilities to help the developerswith the debugging process. Moreover, we automatically generate patchesthat can be used to mitigate the detected bugs and vulnerabilities untildevelopers write their own patches