Rewriting-based Verification and Debugging of Web Systems

The increasing complexity of Web system has led to the development of sophisticated formal methodologies for verifying and correcting Web data and Web programs. In general, establishing whether a Web system behaves correctly with respect to the original intention of the programmer or checking its internal consistency are non-trivial tasks as witnessed by many studies in the literature. In this dissertation, we face two challenging problems related to the verification of Web systems. Firstly, we extend a previous Web verification framework based on partial rewriting by providing a semi-automatic technique for repairing Web systems. We propose a basic repairing methodology that is endowed with several strategies for optimizing the number of repair actions that must be executed in order to fix a given Web site. Also, we develop an improvement of the Web verification framework that is based on abstract interpretation and greatly enhances both efficiency and scalability of the original technique. Secondly, we formalize a framework for the specification and model-checking of dynamic Web applications that is based on Rewriting Logic. Our framework allows one to simulate the user navigation and the evaluation of Web scripts within a Web application, and also check important related properties such us reachability and consistency. When a property is refuted, a counter-example with the erroneous trace is delivered. Such information can be analyzed in order to debug the Web application under examination by means of a novel backward trace slicing technique that we formulated for this purpose. This technique consists in tracing back, along an execution trace, all the relevant symbols of the term (or state) that we are interested to observe.Romero ., DO. (2011). Rewriting-based Verification and Debugging of Web Systems [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/12496Palanci

Debugging of Web Applications with Web-TLR

Web-TLR is a Web verification engine that is based on the well-established Rewriting Logic--Maude/LTLR tandem for Web system specification and model-checking. In Web-TLR, Web applications are expressed as rewrite theories that can be formally verified by using the Maude built-in LTLR model-checker. Whenever a property is refuted, a counterexample trace is delivered that reveals an undesired, erroneous navigation sequence. Unfortunately, the analysis (or even the simple inspection) of such counterexamples may be unfeasible because of the size and complexity of the traces under examination. In this paper, we endow Web-TLR with a new Web debugging facility that supports the efficient manipulation of counterexample traces. This facility is based on a backward trace-slicing technique for rewriting logic theories that allows the pieces of information that we are interested to be traced back through inverse rewrite sequences. The slicing process drastically simplifies the computation trace by dropping useless data that do not influence the final result. By using this facility, the Web engineer can focus on the relevant fragments of the failing application, which greatly reduces the manual debugging effort and also decreases the number of iterative verifications.Comment: In Proceedings WWV 2011, arXiv:1108.208

Model checking: Correct Web page navigations with browser behavior.

While providing better performance, transparency and expressiveness, the main features of the web technologies such as web caching, session and cookies, dynamically generated web pages etc. may also affect the correct understanding of the web applications running on top of them. From the viewpoint of formal verification and specification-based testing, this suggests that the formal model of the web application we use for static analysis or test case generation should contain the abstract behavior of the underlying web application environment. Here we consider the automated generation of such a model in terms of extended finite state machines from a given abstract description of a web application by incorporating the abstract behavioral model of the web browsers in the presence of session/cookies and dynamically generated web pages. The derived model can serve as the formal basis for both model checking and specification-based testing on the web applications where we take into account the effect of the internal caching mechanism to the correct accessibility of the web pages, which can be quite sensitive to the security of the information they carry. In order to check the correctness of the derived model against required properties, we provide the automated translation of the model into Promela. By applying SPIN on Promela models, we present experimental results on the evaluation of the proposed modeling in terms of scalability.Dept. of Computer Science. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2004 .Z543. Source: Masters Abstracts International, Volume: 43-05, page: 1761. Adviser: Jessica Chen. Thesis (M.Sc.)--University of Windsor (Canada), 2004

Model checking web applications

The modelling of web-based applications can assist in capturing and understanding their behaviour. The development of such applications requires the use of sound methodologies to ensure that the intended and actual behaviour are the same. As a verification technique, model checking can assist in finding design flaws and simplifying the design of a web application, and as a result the design and the security of the web application can be improved. Model checking has the advantage of using an exhaustive search of the state space of a system to determine if the specifications are true or not in a given model. In this thesis we present novel approaches in modelling and verifying web applications' properties to ensure their design correctness and security. Since the actions in web applications rely on both the user input and the server status; we propose an approach for modelling and verifying dynamic navigation properties. The Spin model checker has been used successfully in verifying communication protocols. However, the current version of Spin does not support modelling time. We integrate discrete time in the Spin model to allow the modelling of realistic properties that rely on time constraints and to analyse the sequence of actions and time. Examining the sequence of actions in web applications assists in understanding their behaviour in different scenarios such as navigation errors and in the presence of an intruder. The model checker Uppaal is presented in the literature as an alternative to Spin when modelling real-time systems. We develop models with real time constraints in Uppaal in order to validate the results from the Spin models and to compare the differences between modelling with real time and with discrete time as in Spin. We also compare the complexity and expressiveness of each model checker in verifying web applications' properties. The web application models in our research are developed gradually to ensure their correctness and to manage the complexities of specifying the security and navigation properties. We analyse the compromised model to compare the differences in the sequence of actions and time with the secure model to assist in improving early detections of malicious behaviour in web applications

An executable formal semantics of PHP with applications to program analysis

Nowadays, many important activities in our lives involve the web. However, the software and protocols on which web applications are based were not designed with the appropriate level of security in mind. Many web applications have reached a level of complexity for which testing, code reviews and human inspection are no longer sufficient quality-assurance guarantees. Tools that employ static analysis techniques are needed in order to explore all possible execution paths through an application and guarantee the absence of undesirable behaviours. To make sure that an analysis captures the properties of interest, and to navigate the trade-offs between efficiency and precision, it is necessary to base the design and the development of static analysis tools on a firm understanding of the language to be analysed. When this underlying knowledge is missing or erroneous, tools can’t be trusted no matter what advanced techniques they use to perform their task. In this Thesis, we introduce KPHP, the first executable formal semantics of PHP, one of the most popular languages for server-side web programming. Then, we demonstrate its practical relevance by developing two verification tools, of increasing complexity, on top of it - a simple verifier based on symbolic execution and LTL model checking and a general purpose, fully configurable and extensible static analyser based on Abstract Interpretation. Our LTL-based tool leverages the existing symbolic execution and model checking support offered by K, our semantics framework of choice, and constitutes a first proof-of-concept of the usefulness of our semantics. Our abstract interpreter, on the other hand, represents a more significant and novel contribution to the field of static analysis of dynamic scripting languages (PHP in particular). Although our tool is still a prototype and therefore not well suited for handling large real-world codebases, we demonstrate how our semantics-based, principled approach to the development of verification tools has lead to the design of static analyses that outperform existing tools and approaches, both in terms of supported language features, precision, and breadth of possible applications.Open Acces

Modeling and Formal Verification of Smart Environments

Smart Environments (SmE) are a growing combination of various computing frameworks (ubiquitous, pervasive etc), devices, control algorithms and a complex web of interactions. It is at the core of user facilitation in a number of industrial, domestic and public areas. Based on their application areas, SmE may be critical in terms of correctness, reliability, safety, security etc. To achieve error-free and requirement-compliant implementation, these systems are designed resorting to various modeling approaches including Ontology and Statecharts. This paper attempts to consider correctness, reliability, safety and security in the design process of SmE and its related components by proposing a design time modeling and formal verification methodology. The proposed methodology covers various design features related to modeling and formal verification SmE (focusing on users, devices, environment, control algorithms and their interaction) against the set of the requirements through model checking. A realistic case study of a Bank Door Security Booth System (BDSB) is tested. The results show the successful verification of the properties related to the safety, security and desired reliable behavior of BDSB

Real-time systems refinement : application to the verification of web services

Les services Web sont des applications distribuées qui sont conçus pour atteindre une tâche spécifique de l'entreprise sur le web. Afin d'augmenter la qualité et d'élever la sécurité des services Web, la vérification de BPEL, un service web langage de composition est considérée. Dans ce contexte, le model checking est une des techniques de vérification les plus utilisés en raison de son exhaustivité, son application facile et automatique. Cependant, un inconvénient majeur du model checking est l'explosion combinatoire en cas de grands modèles. Le raffinement est une des techniques utilisées pour combattre au problème d'explosion. Dans cette thèse, nous étudions le raffinement des systèmes temporisés et son application à des situations réelles, à savoir les modèles BPEL. Pour cela, nous proposons d'abord une technique automatique pour la vérification de la simulation faible temporisée entre des systèmes de transitions temporisé basée sur des modèles issus d'un langage de spécification formelle, FIACRE. La technique est une méthode basée sur l'observation, dans laquelle deux systèmes de transitions temporisés sont composées avec un observateur temporisé. Une propriété de mu-calcul qui capte la simulation faible temporisée est ensuite vérifiée sur le résultat de la composition. En deuxième étape, afin de valider les modèles BPEL, nous proposons une technique qui consiste dans les étapes suivantes: premièrement, les activités BPEL qui ont besoin d'être abstrait sont fournis avec leurs abstractions. Deuxièmement, la source BPEL est transformé en FIACRE en fonction des choix précédents. Troisièmement, les propriétés d'exigences sont vérifiées sur le modèle de FIACRE abstrait. Enfin, les relations de simulation sont prouvés entre les composants concrets et abstraits du modèle.Web services are distributed applications which are designed to achieve a specific business task over the web. In order to increase the security and to elevate the safety of web services, the verification of BPEL, a web services composition language is considered. In this context, model checking is one of the most used verification techniques because of its thoroughness, its easy application, and automatic approach. However, a major drawback of model checking is the combinatory explosion in case of large models. Refinement is one of the used techniques to alleviate the model checking problem. In this PhD, we study the refinement of timed systems and its application to real life scenarios, namely to BPEL models. For this, we first suggest an automatic technique for checking the timed weak simulation between timed transition systems based on models originating from a formal specification language, FIACRE. The technique is an observation-based method in which two timed transition systems are composed with a timed observer. A $\mu$-calculus property that captures the timed weak simulation is then verified upon the result of the composition. At the second stage, in order to validate BPEL models, we suggest a technique that consists in the following steps : first, BPEL activities to-be-abstracted are provided along with their abstractions. Second, the BPEL source is transformed to FIACRE according to the previous choices. Third, domain properties are verified on the abstract FIACRE model. Finally, simulation relations are proven between concrete and abstract parts of the model

Procedure-modular specification and verification of temporal safety properties

This paper describes ProMoVer, a tool for fully automated procedure-modular verification of Java programs equipped with method-local and global assertions that specify safety properties of sequences of method invocations. Modularity at the procedure-level is a natural instantiation of the modular verification paradigm, where correctness of global properties is relativized on the local properties of the methods rather than on their implementations. Here, it is based on the construction of maximal models for a program model that abstracts away from program data. This approach allows global properties to be verified in the presence of code evolution, multiple method implementations (as arising from software product lines), or even unknown method implementations (as in mobile code for open platforms). ProMoVer automates a typical verification scenario for a previously developed tool set for compositional verification of control flow safety properties, and provides appropriate pre- and post-processing. Both linear-time temporal logic and finite automata are supported as formalisms for expressing local and global safety properties, allowing the user to choose a suitable format for the property at hand. Modularity is exploited by a mechanism for proof reuse that detects and minimizes the verification tasks resulting from changes in the code and the specifications. The verification task is relatively light-weight due to support for abstraction from private methods and automatic extraction of candidate specifications from method implementations. We evaluate the tool on a number of applications from the domains of Java Card and web-based application