发布求助
文献互助 智能选刊 最新文献

TAV-WEB '08最新文献

筛选
英文 中文
White-box testing of behavioral web service contracts with Pex 使用Pex对行为web服务契约进行白盒测试
TAV-WEB '08 Pub Date : 2008-07-21 DOI: 10.1145/1390832.1390840
N. Tillmann, J. D. Halleux
{"title":"White-box testing of behavioral web service contracts with Pex","authors":"N. Tillmann, J. D. Halleux","doi":"10.1145/1390832.1390840","DOIUrl":"https://doi.org/10.1145/1390832.1390840","url":null,"abstract":"A web service exposes a public API that can be accessed by potentially hostile clients over the internet. Pex, a white-box test generation tool for .NET, can automatically create test inputs that cover comer cases of a web service implemented in .NET, simulating a malicous attacker.","PeriodicalId":391739,"journal":{"name":"TAV-WEB '08","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116858498","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Towards a unified framework for the monitoring and recovery of BPEL processes 朝着监视和恢复BPEL流程的统一框架迈进
TAV-WEB '08 Pub Date : 2008-07-21 DOI: 10.1145/1390832.1390835
L. Baresi, Sam Guinea, L. Pasquale
{"title":"Towards a unified framework for the monitoring and recovery of BPEL processes","authors":"L. Baresi, Sam Guinea, L. Pasquale","doi":"10.1145/1390832.1390835","DOIUrl":"https://doi.org/10.1145/1390832.1390835","url":null,"abstract":"Web services have proven to be a viable solution for interoperability issues. Since end users do not buy services, but only interact with them remotely, such complex systems end up having a distributed ownership, meaning different parts of a system can evolve independently. This has brought researchers to concentrate on run-time management issues such as dynamic monitoring and self-recovery.\u0000 However, we advocate that no silver bullet has been found. All the major approaches have advantages and disadvantages. In this paper we propose a unified framework for monitoring and recovery that provides a clear separation between data collection and analysis, a common management infrastructure, and a common recovery system. Separating monitoring from recovery allows the framework to integrate different monitoring approaches seamlessly through a plug-in approach. The common management infrastructure allows us to dynamically manage the multiple monitoring approaches being used, while the common recovery approach allows us to activate advanced recovery techniques both on process instances and process definitions.","PeriodicalId":391739,"journal":{"name":"TAV-WEB '08","volume":"87 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127792157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Empirical studies of a decentralized regression test selection framework for web services web服务去中心化回归测试选择框架的实证研究
TAV-WEB '08 Pub Date : 2008-07-21 DOI: 10.1145/1390832.1390834
Michael Ruth, S. Tu
{"title":"Empirical studies of a decentralized regression test selection framework for web services","authors":"Michael Ruth, S. Tu","doi":"10.1145/1390832.1390834","DOIUrl":"https://doi.org/10.1145/1390832.1390834","url":null,"abstract":"As Web services grow in popularity and use, it is becoming more important for organizations to verify their evolving services to ensure that they are providing a desired level of confidence and one of the most common ways to perform this verification is regression testing. Safe regression test selection techniques are often employed in conjunction with regression testing to reduce the associated costs of testing without reducing the level of confidence provided. In a previous work, a framework which automates the safe regression test selection and regression testing processes was developed in a decentralized, end-to-end manner. This paper reports an empirical study of the framework designed to compare the cost of performing the proposed approach and running the selected tests with the cost of running all tests without performing a selection step. The results indicate that the framework can be effective in reducing the costs of performing regression test selection.","PeriodicalId":391739,"journal":{"name":"TAV-WEB '08","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115006036","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
SAFELI: SQL injection scanner using symbolic execution 使用符号执行的SQL注入扫描器
TAV-WEB '08 Pub Date : 2008-07-21 DOI: 10.1145/1390832.1390838
Xiang Fu, K. Qian
{"title":"SAFELI: SQL injection scanner using symbolic execution","authors":"Xiang Fu, K. Qian","doi":"10.1145/1390832.1390838","DOIUrl":"https://doi.org/10.1145/1390832.1390838","url":null,"abstract":"This paper presents the current progress, main algorithm, and the open problems of a tool set called \"SAFELI,\" for detecting SQL Injection vulnerabilities resident in Web applications. SAFELI instruments the bytecode of Java Web applications and utilizes symbolic execution to statically inspect security vulnerabilities. At each location that submits SQL query, an equation is constructed to find out the initial values of Web controls that lead to the breach of database security. The equation is solved by a hybrid string solver where the solution obtained is used to construct test cases. SQL injection attacks are replayed by SAFELI to designers, step by step. We also raise open problems on more powerful string solver techniques that work at the semantics level.","PeriodicalId":391739,"journal":{"name":"TAV-WEB '08","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128674825","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 58
Policy expression and checking in XACML, WS-Policies, and the jABC XACML、WS-Policies和jABC中的策略表达式和检查
TAV-WEB '08 Pub Date : 2008-07-21 DOI: 10.1145/1390832.1390836
M. Karusseit, T. Margaria, Holger Willebrandt
{"title":"Policy expression and checking in XACML, WS-Policies, and the jABC","authors":"M. Karusseit, T. Margaria, Holger Willebrandt","doi":"10.1145/1390832.1390836","DOIUrl":"https://doi.org/10.1145/1390832.1390836","url":null,"abstract":"Web-based access to sensitive and confidential data is realized today via different approaches, using a variety of methods to specify and combine access control policies. In an optic of change management and evolution, a structured and flexible model is needed to handle dynamicity, particularly when handling rights in systems with many users which hold different roles. Furthermore the validation of security constraints is an important key to warrant the reliability of control mechanisms.\u0000 This paper compares the temporal logic-based approach for modeling access control used by the jABC framework with two popular XML-based description languages (XACML and WS-Policy), which are quasi-standards for policy expression in Web applications. Its usage is illustrated here on the example of the web-based Online Conference Service (OCS). The respective functionalities are described and examined in consideration of their ability to validate and enforce the needed policies.","PeriodicalId":391739,"journal":{"name":"TAV-WEB '08","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127774128","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Client and server verification for web services using interface grammars 使用接口语法对web服务进行客户端和服务器验证
TAV-WEB '08 Pub Date : 2008-07-21 DOI: 10.1145/1390832.1390839
G. Hughes, T. Bultan, Muath Alkhalaf
{"title":"Client and server verification for web services using interface grammars","authors":"G. Hughes, T. Bultan, Muath Alkhalaf","doi":"10.1145/1390832.1390839","DOIUrl":"https://doi.org/10.1145/1390832.1390839","url":null,"abstract":"Web services provide a promising framework for developing interoperable software components that interact with each other across organizational boundaries. For this framework to be successful, the client and the server for a service have to interact with each other based on the published service interface specification. If either the client or the server deviate from the interface specification, the client-server interaction will lead to errors. We present a framework for checking interface conformance for web services. Given an interface specification, we automatically generate web service server stubs (for client verification) and drivers (for server verification) and then use these stubs and drivers to check the conformance of the client and server to the interface specification. We implemented this framework by using interface grammars as the interface specification language. We developed an interface compiler that automatically generates a stub or a driver from a given interface grammar. We conducted a case study by applying these techniques to the Amazon E-Commerce Service.","PeriodicalId":391739,"journal":{"name":"TAV-WEB '08","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115946674","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Multiple-implementation testing for XACML implementations XACML实现的多实现测试
TAV-WEB '08 Pub Date : 2008-07-21 DOI: 10.1145/1390832.1390837
Nuo Li, JeeHyun Hwang, Tao Xie
{"title":"Multiple-implementation testing for XACML implementations","authors":"Nuo Li, JeeHyun Hwang, Tao Xie","doi":"10.1145/1390832.1390837","DOIUrl":"https://doi.org/10.1145/1390832.1390837","url":null,"abstract":"Many Web applications enhance their security via access-control systems. XACML is a standardized policy language, which has been widely used in access-control systems. In an XACML-based access-control system, policies, requests, and responses are written in XACML. An XACML implementation implements XACML functionalities to validate XACML requests against XACML policies. To ensure the quality of an XACML-based access-control system, we need an effective means to test whether the XACML implementation correctly implements XACML functionalities. The test inputs of an XACML implementation are XACML policies and requests. The test outputs are XACML responses. This paper proposes an approach to detect defects in XACML implementations via observing the behaviors of different XACML implementations for the same test inputs. As XACML has been widely used, we can collect different XACML implementations, and test them with the same XACML polices and requests to observe whether the different implementations produce different responses. Based on the analysis of different responses, we can detect defects in different XACML implementations. We show the feasibility of the proposed approach with a preliminary study on three XACML implementations.","PeriodicalId":391739,"journal":{"name":"TAV-WEB '08","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131110255","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 37
Hybrid test of web applications with webtest 使用webtest对web应用程序进行混合测试
TAV-WEB '08 Pub Date : 2008-07-21 DOI: 10.1145/1390832.1390833
Harald Raffelt, T. Margaria, B. Steffen, Maik Merten
{"title":"Hybrid test of web applications with webtest","authors":"Harald Raffelt, T. Margaria, B. Steffen, Maik Merten","doi":"10.1145/1390832.1390833","DOIUrl":"https://doi.org/10.1145/1390832.1390833","url":null,"abstract":"In this paper, we present hybrid testing, a method that combines replay-testing (static testing) with automata learning techniques that generate models of black box systems (dynamic testing). This combination helps bridging the gap towards model based testing also for legacy systems. Webtest is an implementation of hybrid testing that builds on top of preexisting technology such as the LearnLib, a framework for automata learning, and the jABC, a framework for model-driven and service-oriented design, that we use here for modelling, executing, and managing test suites for and models of the web applications under analysis. In particular we intend to move towards Rich Internet Applications (RIAs), that include e.g. advanced client side capabilities and access to heavy resources (e.g. database access) over the Web.","PeriodicalId":391739,"journal":{"name":"TAV-WEB '08","volume":"226 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121035155","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 35
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信