Eliminating navigation errors in web applications via model checking and runtime enforcement of navigation state machines

Sylvain Hallé, Taylor Ettema, Chris Bunch, Tevfik Bultan
2010 Proceedings of the IEEE/ACM international conference on Automated software engineering - ASE '10  
The enforcement of navigation constraints in web applications is challenging and error prone due to the unrestricted use of navigation functions in web browsers. This often leads to navigation errors, producing cryptic messages and exposing information that can be exploited by malicious users. We propose a runtime enforcement mechanism that restricts the control flow of a web application to a state machine model specified by the developer, and use model checking to verify temporal properties on
more » ... poral properties on these state machines. Our experiments, performed on three real-world applications, show that 1) our runtime enforcement mechanism incurs negligible overhead under normal circumstances, and can even reduce server processing time in handling unexpected requests; 2) by combining runtime enforcement with model checking, navigation correctness can be efficiently guaranteed in large web applications.
doi:10.1145/1858996.1859044 dblp:conf/kbse/HalleEBB10 fatcat:54h343ym3bgzxajbjkdjo5cmhe