CS 290C Spring 2013 Home Page

CS 290C - Formal Models for Web Software - Spring 2013

Instructor: Tevfik Bultan
Office Hours: Tuesday/Thursday 10:00-11:00, HFH 2123
Class Times: Tuesday/Thursday 11:00-12:50, PHELP 1401
Class homepage: http://www.cs.ucsb.edu/~bultan/courses/290-S13/

Course Topics

The web has evolved into an ubiquitous medium for computing and communication services that both businesses and individuals rely on extensively. There is reason to be concerned about this ever-increasing reliance on web applications. Web application development is an error-prone process that produces a complicated distributed software system with complex interactions among many components. In this course we will investigate recent advances in formal specification, modeling and analysis of web software. The common goal of these techniques is improving the dependability of web software. The areas that we will focus on include:

navigation modeling with extended state machines and hierarchical state machines
automata based analysis of input validation and sanitization operations
process-algebra and automata based formal models for interactions among software services, orchestration, choreography
formal data models
specification and analysis of access control policies

Course Work

There will be several homeworks and the students will be required to do a course project. The papers related to the topics discussed in the class will be given as reading assignments.

Course Project

Project List

There will be a course project. The goal of the projects is to extract formal models from existing web applications and analyze it using formal analysis tools. Here are three possible types of modeling and analysis that can be done in this project (you are welcome to come up with other types of projects as long as they involve formal modeling and analysis of web software using an automated tool):

Navigation Analysis: Extract navigation models from web applications and analyze them using the Spin or NuSMV model checkers.
Data Model Analysis: Extract data models from web applications and analyze them using the Alloy analyzer.
Behavior Analysis: Extract behavior models from web applications and analyze them using CADP Toolbox or Spin.
Access Control Analysis: Extract access control models from web applications and analyze them using Margrave or Alloy analyzer
Input Validation Analysis: Extract input validation policies from web applications and analyze them using string analysis tools such as Hampi, Bek, Stranger, or Kaluza.

Lectures and Reading Assignments

Lecture 1: Introduction
Lecture 2: Navigation Modeling with Statecharts
- "Statecharts: A Visual Formalism for Complex Systems." David Harel. Sci. Comput. Program. 8(3): 231-274 (1987)
- "Modeling Web Navigation by Statechart." Karl R.P.H. Leung, Lucas C.K. Hui, S.M. Yiu, and Ricky W.M. Tang. The Twenty-Fourth Annual International Computer Software and Applications Conference (COMPSAC 2000).
Lecture 3: Verification of Navigation Models with the Spin Model Checker
- "The Model Checker SPIN," Gerard J. Holzmann, IEEE Trans. Software Eng. 23(5): 279-295 (1997)
- "Basic Spin Manual"
Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker
- "Implementing Statecharts in PROMELA/SPIN," Erich Mikk, Yassine Laknech, Michael Siegel, Gerard J. Holzmann, WIFT'98 Workshop.
Lecture 5: Automated Extraction and Verification of Navigation Behavior
- "Automatic Extraction and Verification of Page Transitions in a Web Application." Atsuto Kubo, Hironori Washizaki, Yoshiaki Fukazawa. 14th Asia-Pacific Software Engineering Conference (APSEC'07).
- "Verifying Interactive Web Programs" Daniel R. Licata, Shriram Krishnamurthi IEEE International Symposium on Automated Software Engineering (ASE'04).
- "VeriWeb: Automatically Testing Dynamic Web Sites" Michael Benedikt, Juliana Freire, Patrice Godefroid. 11th International World Wide Web Conference (WWW'02).
Lecture 6: Language and Model-Based Solutions to Navigation Errors
- Modeling Web Interactions and Errors Shriram Krishnamurthi, Robert Bruce Findler, Paul Graunke, Matthias Felleisen. In Interactive Computation: The New Paradigm, Springer-Verlag, 2006.
- "Eliminating Navigation Errors in Web Applications via Model Checking and Runtime Enforcement of Navigation State Machines" Sylvain Halle, Taylor Ettema, Chris Bunch and Tevfik Bultan, ASE 2010.
Lectures 7 and 8: Alloy, Alloy Analyzer, Data Modeling and Analysis with Alloy
- "Alloy: a lightweight object modelling notation" Daniel Jackson, ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 11 Issue 2, April 2002 Pages 256 - 290. (The Alloy language syntax used in this paper has been deprecated, use the tutorial below to learn the current Alloy syntax).
- Alloy 4 Tutorial
Lecture 9: Analyzing Data Models Using Alloy Analyzer and SMT-Solvers
- Jaideep Nijjar and Tevfik Bultan. "Bounded Verification of Ruby on Rails Data Models." Proceedings of the 2011 International Symposium on Software Testing and Analysis (ISSTA 2011), pages 67-77.
- Jaideep Nijjar and Tevfik Bultan. "Unbounded Data Model Verification Using SMT Solvers." Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering (ASE 2012), pages 210-219.
Lecture 10 Web application modeling, analysis and synthesis with Alloy
- Chapter 2 from ``Generation of Policy-rich Websites from Declarative Models.'' Felix Chang, MIT PhD Thesis, February 2009.
Lecture 11: Model Driven Development for Web Applications Using WebML
- "Conceptual Modeling of Data-Intensive Web Applications." Stefano Ceri, Piero Fraternali, Maristella Matera. IEEE Internet Computing 6(4): 20-30 (2002)
- WebML slides
Lecture 12: Modeling and Analyzing Access Control Policies
- XML Security: Control information access with XACML: The objectives, architecture, and basic concepts of eXtensible Access Control Markup Language, Manish Verma
- "Verification and Change-Impact Analysis of Access-Control Policies." Kathi Fisler, Shriram Krishnamurthi, Leo A. Meyerovich, Michael Carl Tschantz, Proceedings of the 27th International Conference on Software Engineering (ICSE 2005), pp. 196-205.
- "Automated Veriﬁcation of Access Control Policies Using a SAT Solver," Graham Hughes and Tevfik Bultan, International Journal on Software Tools for Technology Transfer (STTT), vol. 10, no. 6, pp. 473 – 534, December 2008.
Lecture 13: An Overview of Web Services
- "Web Services Orchestration and Choreography," Chris Peltz, IEEE Computer, vol. 36, no. 10, pp. 46 – 52, October 2003.
- To learn more about XML, XML Schema, XPath, WSDL, SOAP etc. you can look at the tutorials here.
Lecture 14: Formal Modeling and Analysis of Orchestration and Choreography Specifications
- "Analyzing Conversations of Web Services," Tevfik Bultan, Xiang Fu, Jianwen Su.
Lecture 15: Visual Models for Choreography: Message Sequence Charts and Collaboration Diagrams
- LTSA-WS: a tool for model-based verification of web service compositions and choreography, Howard Foster, Sebastian Uchitel, Jeff Magee, Jeff Kramer.
Lecture 16: Process Algebras for Choreography and Orchestration
- Read at least pages 3 to 15 from "A Theoretical Basis of Communication-Centred Concurrent Programming," Marco Carbone, Kohei Honda, Nobuko Yoshida, Robin Milner, Gary Brown, and Steve Ross-Talbot.
Lecture 17: Analyzing Input Validation and Sanitization in Web Applications

Tentative Reading List (subject to change)

Navigation Modeling and Analysis
- "Statecharts: A Visual Formulation for Complex Systems." David Harel. Sci. Comp ut. Program. 8(3): 231-274 (1987)
- "Modeling Web Navigation by Statechart." Karl R.P.H. Leung, Lucas C.K. Hui, S.M. Yiu, and Ricky W.M. Tang. The Twenty-Fourth Annual International Computer Software and Applications Conference (COMPSAC 2000).
- "Automatic Extraction and Verification of Page Transitions in a Web Application." Atsuto Kubo, Hironori Washizaki, Yoshiaki Fukazawa. 14th Asia-Pacific Software Engineering Conference (APSEC'07), 2007.
- "Modeling and verification of adaptive navigation in web applications" Minmin Han and Christine Hofmeister. Proceedings of the 6th International Conference on Web Engineering (ICWE 2006).
- "Eliminating Navigation Errors in Web Applications via Model Checking and Runtime Enforcement of Navigation State Machines" Sylvain Halle, Taylor Ettema, Chris Bunch and Tevfik Bultan
- "Modeling Web Interactions and Errors," Shriram Krishnamurthi, Robert Bruce Findler, Paul Graunke, and Matthias Felleisen.
- D. R. Licata and S. Krishnamurthi. Verifying interactive web programs. In 19th IEEE International Conference on Automated Software Engineering (ASE 2004), 20-25 September 2004, Linz, Austria. pages 164–173.
- S. Halle and R. Villemaire. Browser-based enforcement of interface contracts in web applications with BeepBeep. In A. Bouajjani and O. Maler, editors, CAV, volume 5643 of Lecture Notes in Computer Science, pages 648–653. Springer, 2009
- Multi-Module Vulnerability Analysis of Web-based Applications D. Balzarotti, M. Cova, V. Felmetsger, G. Vigna Proceedings of the ACM Conference on Computer and Communications Security (CCS) Alexandria, VA October 2007
- P. D. Stotts, R. Furuta, and C. R. Cabarrus. Hyperdocuments as automata: Verification of trace-based browsing properties by model checking. ACM Trans. Inf. Syst., 16(1):1–30, 1998
- S. Yuen, K. Kato, D. Kato, , and K. Agusa. Web automata: A behavioral model of web applications based on the MVC model. Information and Media Technologies, 1(1):66–79, 2006.
Service Interactions
- "WSAT: A Tool for Formal Analysis of Web Services," Xiang Fu, Tevfik Bultan, and Jianwen Su.
- "Analyzing Conversations of Web Services," Tevfik Bultan, Xiang Fu, Jianwen Su.
- Xiang Fu, Tevfik Bultan, Jianwen Su. Analysis of interacting BPEL web services. WWW 2004: 621-630
- "A Theoretical Basis of Communication-Centred Concurrent Programming," Marco Carbone, Kohei Honda, Nobuko Yoshida, Robin Milner, Gary Brown, and Steve Ross-Talbot.
- K. Honda, V. T. Vasconcelos, and M. Kubo. Language primitives and type discipline for structured communication-based programming. In 7th European Symp. on Programming on Programming Languages and Systems (ESOP'98), pages 122-138, 1998
- K. Honda, N. Yoshida, and M. Carbone. Multiparty asynchronous session types. In G. C. Necula and P. Wadler, editors, POPL, pages 273-284. ACM, 2008.
- R. Kazhamiakin and M. Pistore. Analysis of realizability conditions for web service choreographies. In FORTE, pages 61-76, 2006.
- J. M. Zaha, M. Dumas, A. ter Hofstede, A. Barros, and G. Decker. Service interaction modeling: Bridging global and local views. In EDOC, pages 45-55. IEEE Computer Society, 2006.
- N. Lohmann, O. Kopp, F. Leymann, and W. Reisig. Analyzing BPEL4Chor: Verication and participant synthesis. In M. Dumas and R. Heckel, editors, WS-FM, volume 4937 of Lecture Notes in Computer Science, pages 46-60. Springer, 2007.
Data Modeling and Analysis
- Jaideep Nijjar and Tevfik Bultan. "Unbounded Data Model Verification Using SMT Solvers." To appear in the Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering (ASE 2012).
- Jaideep Nijjar and Tevfik Bultan. "Bounded Verification of Ruby on Rails Data Models." Proceedings of the 2011 International Symposium on Software Testing and Analysis (ISSTA 2011), pages 67-77, Toronto, Ontario, Canada, July 17-21, 2011.
- "A Verifier for Interactive, Data-Driven Web Applications." Alin Deutsch, Monica Marcus, Liying Sui, Victor Vianu, Dayou Zhou. Proceedings of the 2005 ACM SIGMOD international conference on Management of data.
- Alin Deutsch, Victor Vianu: WAVE: Automatic Verification of Data-Driven Web Services. IEEE Data Eng. Bull. 31(3): 35-39 (2008)
- Lin Wang, Gillian Dobbie, Jing Sun, Lindsay Groves. Validating ORA-SS Data Models using Alloy. ASWEC 2006, pages 231-242.
Input Validation
- Fast and Precise Sanitizer Analysis with BEK Pieter Hooimeijer, Ben Livshits, David Molnar, Prateek Saxena, Margus Veanes. 20th Usenix Security Symposium (Usenix Security 2011), August 2011.
- A Systematic Analysis of XSS Sanitization in Web Application Frameworks Joel Weinberger, Prateek Saxena, Devdatta Akhawe, Matthew Finifter, Richard Shin, Dawn Song European Symposium on Research in Computer Security (ESORICS 2011), September 2011.
- A Symbolic Execution Framework for JavaScript Prateek Saxena, Devdatta Akhawe, Steve Hanna, Stephen McCamant, Feng Mao, Dawn Song. 31st IEEE Symposium on Security and Privacy (Oakland 2010), May 2010.
- Muath Alkhalaf, Tevfik Bultan, and Jose L. Gallegos. "Verifying Client-Side Input Validation Functions Using String Analysis." Proceedings of the 34th International Conference on Software Engineering (ICSE 2012), pages 947-957, Zurich, Switzerland, June 2-9, 2012. Fang Yu, Muath Alkhalaf and Tevfik Bultan. "Patching Vulnerabilities with Sanitization Synthesis." Proceedings of the 33rd International Conference on Software Engineering (ICSE 2011), pages 251-260, Waikiki, Honolulu , Hawaii, USA, May 21-28, 2011.
- Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications D. Balzarotti, M. Cova, V. Felmetsger, N. Jovanovic, E. Kirda, C. Kruegel, G. Vigna Proceedings of the IEEE Symposium on Security and Privacy Oakland, CA May 2008
- The Essence of Command Injection Attacks in Web Applications. Zhendong Su and Gary Wassermann. In Proceedings of POPL'06, Charleston, South Carolina, January 11-13, 2006
Access Control
- Static Detection of Access Control Vulnerabilities in Web Applications. Fangqi Sun, Liang Xu, and Zhendong Su. In Proceedings of USENIX Security 2011, San Francisco, CA, August 8-12, 2011
- Kathi Fisler, Shriram Krishnamurthi, Leo A. Meyerovich, Michael Carl Tschantz: Verification and change-impact analysis of access-control policies. ICSE 2005: 196-205
- Graham Hughes and Tevfik Bultan. "Automated Verification of Access Control Policies Using a SAT Solver" International Journal on Software Tools for Technology Transfer (STTT), vol. 10, no. 6, pp. 473 – 534, December 2008.
Model Driven Development
- Stefano Ceri, Marco Brambilla, Piero Fraternali: The History of WebML Lessons Learned from 10 Years of Model-Driven Development of Web Applications. Conceptual Modeling: Foundations and Applications 2009: 273-292
- Stefano Ceri, Piero Fraternali, Aldo Bongio: Web Modeling Language (WebML): a modeling language for designing Web sites. Computer Networks 33(1-6): 137-157 (2000)
- S Ceri, P Fraternali, M Matera. Conceptual modeling of data-intensive Web applications. IEEE Internet Computing (2002), volume: 6 issue: 4 page: 20.
- Avraham Leff, James T. Rayfield, "Web-Application Development Using the Model/View/Controller Design Pattern," Enterprise Distributed Object Computing Conference, IEEE International, pp. 0118, Fifth IEEE International Enterprise Distributed Object Computing Conference, 2001.