Generation of Secure Web Applications from Web Transition Diagrams - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

Generation of Secure Web Applications from Web Transition Diagrams

Description:

scripting languages: JavaScript and VBScript. compiled modules: Java applets and ActiveX controls ... Processing on client and server sides. client side scripts ... – PowerPoint PPT presentation

Number of Views:399
Avg rating:3.0/5.0
Slides: 26
Provided by: Kornk
Category:

less

Transcript and Presenter's Notes

Title: Generation of Secure Web Applications from Web Transition Diagrams


1
Generation of Secure Web Applications from Web
Transition Diagrams
  • K. Jamroendararasame, T. Matsuzaki,
  • T. Suzuki, and T. Tokuda
  • Dept. of Computer Science,
  • Tokyo Inst. of Tech., JAPAN

2
Architectures for Web Applications (1)
  • Processing on the client side
  • scripting languages JavaScript and VBScript
  • compiled modules Java applets and ActiveX
    controls
  • Processing on the server side
  • SSI (Server Side Includes)
  • CGI (Common Gateway Interface)
  • Java Servlet
  • server side scripts JSP, ASP, and PHP
  • components EJB and COM

3
Architectures for Web Applications (2)
  • Processing on client and server sides
  • client side scripts with server side programs
  • client-server programs communicating by general
    protocols
  • RMI (Remote Method Invocation)

We concentrate on CGI architecture.
4
Disadvantages of Current Web Application
Construction Approaches
  • manual management of consistency and security of
    systems
  • ad hoc construction of processing programs
  • complex logical structure processing programs
  • no graphical view of overall system behavior

5
Purposes (1)
  • To define a graphical method to describe behavior
    of Web applications
  • Web Transition Diagrams
  • representation of overall behavior of Web
    applications
  • based on pipe/filter software architecture

6
Purposes (2)
To generate Web applications from Web transition
diagrams
  • A Web application generator T-Web system
  • consisting of
  • a Web transition diagram editor
  • a Web application generator
  • based on template method

7
Web Transition Diagrams
Links
Nodes
title
title
Page transition link
Fixed Web page node Output Web page node
name
Data-flow link
name
Processing node Database node
8
An Example of Web Transition DiagramsA Seminar
Room Booking System
9
T-Web Systema Web Application Generator
  • We compose a Web transition diagram using the
    editor
  • We allow the generator to generate Web pages,
    processing programs, and a script for database
    tables creation
  • We optionally revise Web pages using a Web page
    composer
  • We place Web pages, processing programs, and the
    script on a Web server and run the script to
    create all database tables

10
Composition of Web Transition Diagrams using
T-Web System
11
(No Transcript)
12
(No Transcript)
13
(No Transcript)
14
(No Transcript)
15
(No Transcript)
16
(No Transcript)
17
Setting up HTTP cookies
  • 4 actions on HTTP cookies set, get, delete, and
    authenticate

delete id
18
Web Pages Generating Approach
ltHTMLgt ltTITLEgtRegisterlt/TITLEgt ltBODYgt ltFORM
ACTION "/cgi-bin/ADD1.cgi" METHOD
"POST"gt IDltINPUT TYPE text NAME__IDgt PWltINP
UT TYPE password NAME__PWgt EMltINPUT TYPE
text NAME__EMgt ltINPUT TYPE submit
VALUESubmitgt lt/FORMgt ltA HREF
Top.htmlgthomelt/Agt lt/BODYgt lt/HTMLgt
Register
ID PW EM

Submit
home
an example of Web pages
19
Processing Programs and a Script Generating
Approach
dbname ltDB_NAMEgt lt- booking table
ltTABLE_NAMEgt lt- USER_LIST _at_field
(ltFIELD_NAMEgt) lt- ID, PW, EM,
PIN ReadParse(in) ltltPARAMETER_NAME
in'__PARAMETER_NAME'gtgt lt- ID
in'__ID' PW in__PW
EM in__EM if (Blank_check(ltPARAMETER_F
OR_BLANKgt)) lt- ID,EM,PW connect(dbname)
exist_check(table, ltPARAMETER_FOR_MATCHgt,
ltPARAMETER_FOR_MATCHgt) lt- ID, EM
ID,EM if (sth-gtrows 0) ltID_FIELDNAME
PIN_generate(table)gt lt- PIN
PIN_generate(table) ltDATE_FIELDNAME
Date()gt lt- NULL
dbname booking table USER_LIST _at_field
(ID, PW, EM, PIN) ReadParse(in) ID
in__ID PW in__PW EM
in__EM if (Blank_check(ID,EM,PW)) conn
ect(dbname) exist_check(table, ID, EM ,
ID,EM) if (sth-gtrows 0) PIN
PIN_generate(table)
an example of templates
20
Consistency management
  • Adding some checking codes into templates of
    processing programs which process a side-effect
    on databases
  • Checking codes detect inappropriate values of
    input parameters and conclude the process to a
    bad condition.

time
t0
t1
t2
t3
21
Security management
  • Adding some checking codes in templates and
    predefined CGI libraries
  • Examples of codes
  • for denying unacceptable amount of form input
  • over-maximum-length input data
  • for denying unacceptable format of form input
  • HTML tags
  • abnormal-formatted email addresses

22
Evaluation
  • T-Web system can generate
  • typical small-to-medium scale systems
  • a seminar room booking system
  • a guest book system
  • a shopping cart system
  • T-Web system cannot generate
  • real-time processing systems
  • a real-time chat system
  • large-scale systems
  • Generalization
  • by a reasonable number of predefined templates

23
Comparisons (1)
24
Comparisons (2)
25
Summary Future work
  • Web transition diagrams
  • T-Web system
  • compose Web transition diagrams
  • generate Web applications
  • Future work
  • improvement of the level of systems consistency
    and security
  • implementation of a generator for Web
    applications based on other architectures
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Generation of Secure Web Applications from Web Transition Diagrams" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!