Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Formal Methods

FM 2009: FM 2009: Formal Methods pp 790–805Cite as

Specification and Verification of Web Applications in Rewriting Logic

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 5850))

Abstract

This paper presents a Rewriting Logic framework that formalizes the interactions between Web servers and Web browsers through a communicating protocol abstracting HTTP. The proposed framework includes a scripting language that is powerful enough to model the dynamics of complex Web applications by encompassing the main features of the most popular Web scripting languages (e.g. PHP, ASP, Java Servlets). We also provide a detailed characterization of browser actions (e.g. forward/backward navigation, page refresh, and new window/tab openings) via rewrite rules, and show how our models can be naturally model-checked by using the Linear Temporal Logic of Rewriting (LTLR), which is a Linear Temporal Logic specifically designed for model-checking rewrite theories. Our formalization is particularly suitable for verification purposes, since it allows one to perform in-depth analyses of many subtle aspects related to Web interaction. Finally, the framework has been completely implemented in Maude, and we report on some successful experiments that we conducted by using the Maude LTLR model-checker.

This work has been partially supported by the EU (FEDER) and the Spanish MEC TIN2007-68093-C02-02 project, by the Universidad Politécnica de Valencia program PAID-06-07 (TACPAS), Generalitat Valenciana, under grant Emergentes GV/2009/024, and by the Italian MUR under grant RBIN04M8S8, FIRB project, Internationalization 2004. Daniel Romero is also supported by FPI–MEC grant BES–2008–004860.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Message, R., Mycroft, A.: Controlling Control Flow in Web Applications. Electronic Notes in Theoretical Computer Science 200(3), 119–131 (2008)

    Article  Google Scholar 

  2. Graunke, P., Findler, R., Krishnamurthi, S., Felleisen, M.: Modeling Web Interactions. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 238–252. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  3. Open Web Application Security Project: Top ten security flaws, http://www.owasp.org/index.php/OWASP_Top_Ten_Project

  4. Martí-Oliet, N., Meseguer, J.: Rewriting Logic: Roadmap and Bibliography. Theoretical Computer Science 285(2), 121–154 (2002)

    Article  MATH  MathSciNet  Google Scholar 

  5. Meseguer, J.: Conditional Rewriting Logic as a Unified Model of Concurrency. Theoretical Computer Science 96(1), 73–155 (1992)

    Article  MATH  MathSciNet  Google Scholar 

  6. Han, M., Hofmeister, C.: Modeling and Verification of Adaptive Navigation in Web Applications. In: 6th International Conference on Web Engineering, pp. 329–336. ACM, New York (2006)

    Chapter  Google Scholar 

  7. Bae, K., Meseguer, J.: A Rewriting-Based Model Checker for the Linear Temporal Logic of Rewriting. ENTCS. Elsevier, Amsterdam (to appear)

    Google Scholar 

  8. Meseguer, J.: The Temporal Logic of Rewriting: A Gentle Introduction. In: Degano, P., De Nicola, R., Meseguer, J. (eds.) Concurrency, Graphs and Models. LNCS, vol. 5065, pp. 354–382. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  9. Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007)

    MATH  Google Scholar 

  10. TeReSe (ed.): Term Rewriting Systems. Cambridge University Press, Cambridge (2003)

    Google Scholar 

  11. Alpuente, M., Ballis, D., Romero, D.: A Rewriting Logic Framework for the Specification and the Analysis of Web Applications. Technical Report DSIC-II/01/09, Technical University of Valencia (2009), http://www.dsic.upv.es/~dromero/web-tlr.html

  12. Meseguer, J., Palomino, M., Martí-Oliet, N.: Equational Abstractions. Theoretical Computer Science 403(2-3), 239–264 (2008)

    Article  MATH  MathSciNet  Google Scholar 

  13. Manna, Z., Pnueli, A.: The Temporal Logic of Reactive and Concurrent Systems. Springer, Heidelberg (1992)

    Google Scholar 

  14. Alfaro, L.: Model Checking the World Wide Web. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 337–349. Springer, Heidelberg (2001)

    Google Scholar 

  15. Flores, S., Lucas, S., Villanueva, A.: Formal Verification of Websites. Electronic notes in Theoretical Computer Science 200(3), 103–118 (2008)

    Article  Google Scholar 

  16. Haydar, M., Sahraoui, H., Petrenko, A.: Specification Patterns for Formal Web Verification. In: 8th International Conference on Web Engineering, pp. 240–246. IEEE Computer Society, Los Alamitos (2008)

    Chapter  Google Scholar 

  17. Miao, H., Zeng, H.: Model Checking-based Verification of Web Application. In: 12th IEEE International Conference on Engineering Complex Computer Systems, pp. 47–55. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

  18. Donini, F.M., Mongiello, M., Ruta, M., Totaro, R.: A Model Checking-based Method for Verifying Web Application Design. Electronic Notes in Theoretical Computer Science 151(2), 19–32 (2006)

    Article  Google Scholar 

  19. Queinnec, C.: Continuations and Web Servers. Higher-Order and Symbolic Computation 17(4), 277–295 (2004)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Universidad Politécnica de Valencia, Camino de Vera s/n, Apdo 22012, 46071, Valencia, Spain

    María Alpuente & Daniel Romero

  2. Dipartimento di Matematica e Informatica, Via delle Scienze 206, 33100, Udine, Italy

    Demis Ballis

Authors
  1. María Alpuente
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Demis Ballis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Daniel Romero
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Heslington, University of York, Y010 5DD, York, UK

    Ana Cavalcanti

  2. Bell Laboratories, 600 Mountain Ave., 07974, Murray Hill, NY, USA

    Dennis R. Dams

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Alpuente, M., Ballis, D., Romero, D. (2009). Specification and Verification of Web Applications in Rewriting Logic. In: Cavalcanti, A., Dams, D.R. (eds) FM 2009: Formal Methods. FM 2009. Lecture Notes in Computer Science, vol 5850. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-05089-3_50

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-05089-3_50

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-05088-6

  • Online ISBN: 978-3-642-05089-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation