Static Detection of Logic Flaws in Service-Oriented Applications

Authors:
Chiara Bodei;Linda Brodo;Roberto Bruni
Affiliations:
Dipartimento di Informatica, Università di Pisa, Italy;Dipartimento di Scienze dei Linguaggi, Università di Sassari, Italy;Dipartimento di Informatica, Università di Pisa, Italy
Venue:
Foundations and Applications of Security Analysis
Year:
2009

Citing 0
Cited 3

Calculi for Service-Oriented Computing

Formal Methods for Web Services
Static analysis techniques for session-oriented calculi

Rigorous software engineering for service-oriented systems
SENSORIA results applied to the case studies

Rigorous software engineering for service-oriented systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Application or business logic, used in the development of services, has to do with the operations that define the application functionalities and not with the platform ones. Often security problems can be found at this level, because circumventing or misusing the required operations can lead to unexpected behaviour or to attacks, called application logic attacks. We investigate this issue, by using the CaSPiS calculus to model services, and by providing a Control Flow Analysis able to detect and prevent some possible misuses.