Hyperdocuments as automata: verification of trace-based browsing properties by model checking
ACM Transactions on Information Systems (TOIS)
Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
NuSMV 2: An OpenSource Tool for Symbolic Model Checking
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
Modeling Web-Based Dialog Flows for Automatic Dialog Control
Proceedings of the 19th IEEE international conference on Automated software engineering
Formal Framework for Automated Analysis and Verification of Web-Based Applications
Proceedings of the 19th IEEE international conference on Automated software engineering
Verifying Interactive Web Programs
Proceedings of the 19th IEEE international conference on Automated software engineering
Verifiable Web Services with Hierarchical Interfaces
ICWS '05 Proceedings of the IEEE International Conference on Web Services
A system for specification and verification of interactive, data-driven web applications
Proceedings of the 2006 ACM SIGMOD international conference on Management of data
Model Checking-based Verification of Web Application
ICECCS '07 Proceedings of the 12th IEEE International Conference on Engineering Complex Computer Systems
Provable Protection against Web Application Vulnerabilities Related to Session Data Dependencies
IEEE Transactions on Software Engineering
Aspect-Oriented Programming for Web Controller Layer
APSEC '08 Proceedings of the 2008 15th Asia-Pacific Software Engineering Conference
Using static analysis for Ajax intrusion detection
Proceedings of the 18th international conference on World wide web
Browser-Based Enforcement of Interface Contracts in Web Applications with BeepBeep
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
A Model Checking-based Method for Verifying Web Application Design
Electronic Notes in Theoretical Computer Science (ENTCS)
Specification and Control of Interface Responses to User Input in Rich Internet Applications
ASE '09 Proceedings of the 2009 IEEE/ACM International Conference on Automated Software Engineering
Design verification of web applications using symbolic model checking
ICWE'05 Proceedings of the 5th international conference on Web Engineering
Relating navigation and request routing models in web applications
MODELS'07 Proceedings of the 10th international conference on Model Driven Engineering Languages and Systems
Runtime verification for the web: a tutorial introduction to interface contracts in web applications
RV'10 Proceedings of the First international conference on Runtime verification
Automated driver generation for analysis of web applications
FASE'11/ETAPS'11 Proceedings of the 14th international conference on Fundamental approaches to software engineering: part of the joint European conferences on theory and practice of software
Bounded verification of Ruby on Rails data models
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Static detection of access control vulnerabilities in web applications
SEC'11 Proceedings of the 20th USENIX conference on Security
Unbounded data model verification using SMT solvers
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Extracting EFSMs of web applications for formal requirements specification
SAFECOMP'12 Proceedings of the 31st international conference on Computer Safety, Reliability, and Security
Metamodeling to Control and Audit E-Commerce Web Applications
International Journal of Electronic Commerce
Control-Flow integrity in web applications
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Data model property inference and repair
Proceedings of the 2013 International Symposium on Software Testing and Analysis
Automated exploration and analysis of ajax web applications with WebMole
Proceedings of the 22nd international conference on World Wide Web companion
Hi-index | 0.00 |
The enforcement of navigation constraints in web applications is challenging and error prone due to the unrestricted use of navigation functions in web browsers. This often leads to navigation errors, producing cryptic messages and exposing information that can be exploited by malicious users. We propose a runtime enforcement mechanism that restricts the control flow of a web application to a state machine model specified by the developer, and use model checking to verify temporal properties on these state machines. Our experiments, performed on three real-world applications, show that 1) our runtime enforcement mechanism incurs negligible overhead under normal circumstances, and can even reduce server processing time in handling unexpected requests; 2) by combining runtime enforcement with model checking, navigation correctness can be efficiently guaranteed in large web applications.