l4 - CS 290C: Formal Models for Web Software Lecture 4:...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: CS 290C: Formal Models for Web Software Lecture 4: Model Checking Navigation Models with Spin Instructor: Tevfik Bultan Model Checking Navigation We discussed modeling navigation using state machines. Once we have a navigation model, we would like to analyze it. We can use model existing model checking tools if we can write our state machine model in the input language of a model checker There are model checkers (such as Spin) that can be used to specify and verify finite state machine specifications. Model checking navigation in existing applications The following paper uses model checking to analyze navigation: Automatic Extraction and Verification of Page Transitions in a Web Application, Atsuto Kubo, Hironori Washizaki, Yoshiaki Fukazawa, APSEC 2007 They focus on the Struts framework, I will discuss this paper in the next several slides Model checking navigation Model checking navigation can be done in two ways 1. We can first construct the navigation model, verify it, and then while implementing the application we can enforce the navigation model (forward engineering) If we can enforce the navigation model precisely, then verification results hold for the final application 1. We can try to extract the navigation model from an existing application by analyzing the application, and then verify the properties of the extracted model (reverse engineering) If the automatically extracted model is precise, then the verification results hold for the application Model checking navigation Web application typically have some navigation constraints that they wish to enforce. For example Transition to a particular page must be via a specific other page. For example, a page displaying the contents of the shopping cart must be displayed before proceeding to the checkout From any position in the application the users should be able to go back to the home page We would like to check these types of constraints on the navigation model Web application model in Struts The application model in Struts framework uses a set of pages and a set of transitions between pages The pages are separated from the processing Page generation is handled with JSP Processing is handled by action servlets JSP and servlets can be developed independently and the associations between them are made using a configuration file The processing of the user requests is as follows; The user sends form data as a request to the server The server handles the request with and action servlet that makes calls to the business logic The action servlet returns the processing results using a JSP Navigation behavior in web applications http is a stateless protocol The state information for http sessions is held using session cookies or as part of the URI However, clients can modify this content so the server cannot control what will be the next request that will be sent by the client Navigation behavior in web applications...
View Full Document

Page1 / 43

l4 - CS 290C: Formal Models for Web Software Lecture 4:...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online