K. Jamroendararasame*, T. Matsuzaki, T. Suzuki, and T. Tokuda Department of Computer Science, Tokyo Institute of Technology, JAPAN Two Generators of Secure.

Slides:

Advertisements

Similar presentations

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?

Advertisements

1 OBJECTIVES To generate a web-based system enables to assemble model configurations. to submit these configurations on different.

DT228/3 Web Development WWW and Client server model.

® IBM Software Group © 2006 IBM Corporation Rational Software France Object-Oriented Analysis and Design with UML2 and Rational Software Modeler 04. Other.

Kyung Hee University 1 1 Application Layer. 2 Kyung Hee University Position of Application Layer.

B.Sc. Multimedia ComputingMedia Technologies Database Technologies.

INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.

Introduction to Web Database Processing

Introduction to Web Application Architectures Web Application Architectures 18 th March 2005 Bogdan L. Vrusias

DT211/3 Internet Development Application Internet Development Application.

Introduction to Web Interface Technology (CSE2030)

Interpret Application Specifications

1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.

Java Server Pages Russell Beale. What are Java Server Pages? Separates content from presentation Good to use when lots of HTML to be presented to user,

1 Java Server Pages Can web pages be created specially for each user? What part does Java play?

M.Sc. Course, Dept. of Informatics and Telecommunications, University of Athens S.Hadjiefthymiades “Web Application Servers” Basics on WAS WAS are necessary.

Computer Science 101 Web Access to Databases Overview of Web Access to Databases.

Mgt 240 Lecture Website Construction: Software and Language Alternatives March 29, 2005.

2440: 141 Web Site Administration Web Server-Side Programming Professor: Enoch E. Damson.

Web Development & Design Foundations with XHTML Chapter 9 Key Concepts.

TIBCO Designer TIBCO BusinessWorks is a scalable, extensible, and easy to use integration platform that allows you to develop, deploy, and run integration.

Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 13 Slide 1 Application architectures.

1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.

4-Sep-15 HTML Forms Mrs. Goins Web Design Class. Parts of a Web Form A Form is an area that can contain Form Control/Elements. Each piece of information.

1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)

JavaScript and The Document Object Model MMIS 656 Web Design Technologies Acknowledgements: 1.Notes from David Shrader, NSU GSCIS 2.Some material adapted.

CSCI 6962: Server-side Design and Programming Course Introduction and Overview.

Architecture Of ASP.NET. What is ASP?  Server-side scripting technology.  Files containing HTML and scripting code.  Access via HTTP requests.  Scripting.

Beyond DHTML So far we have seen and used: CGI programs (using Perl ) and SSI on server side Java Script, VB Script, CSS and DOM on client side. For some.

Introduction to ASP.NET. Prehistory of ASP.NET Original Internet – text based WWW – static graphical content  HTML (client-side) Need for interactive.

1 HTML and CGI Scripting CSC8304 – Computing Environments for Bioinformatics - Lecture 10.

1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.

© 2011 Delmar, Cengage Learning Chapter 9 Collecting Data with Forms.

Chapter 16 The World Wide Web Chapter Goals Compare and contrast the Internet and the World Wide Web Describe general Web processing Describe several.

Basics of Web Databases With the advent of Web database technology, Web pages are no longer static, but dynamic with connection to a back-end database.

3/8/00asp00 1 Active Server Pages from Microsoft Nancy McCracken Northeast Parallel Architectures Center at Syracuse.

Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.

Chapter 17 - Deploying Java Applications on the Web1 Chapter 17 Deploying Java Applications on the Web.

10 Adding Interactivity to a Web Site Section 10.1 Define scripting Summarize interactivity design guidelines Identify scripting languages Compare common.

JSP Java Server Pages Softsmith Infotech.

NASRULLAH KHAN.  Lecturer : Nasrullah   Website :

9 Chapter Nine Compiled Web Server Programs. 9 Chapter Objectives Learn about Common Gateway Interface (CGI) Create CGI programs that generate dynamic.

HTML. Principle of Programming  Interface with PC 2 English Japanese Chinese Machine Code Compiler / Interpreter C++ Perl Assembler Machine Code.

Lecturer: Prof. Piero Fraternali, Teaching Assistant: Alessandro Bozzon, Advanced Web Technologies: Struts–

JavaScript, Fourth Edition Chapter 5 Validating Form Data with JavaScript.

Chapter 8 Collecting Data with Forms. Chapter 8 Lessons Introduction 1.Plan and create a form 2.Edit and format a form 3.Work with form objects 4.Test.

Introduction to JavaServer Pages. 2 JSP and Servlet Limitations of servlet  It’s inaccessible to non-programmers JSP is a complement to servlet  focuses.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

Introducing ASP.NET 2.0. Internet Technologies WWW Architecture Web Server Client Server Request Response Network HTTP TCP/IP PC/Mac/Unix + Browser (IE,

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

1 MSCS 237 Overview of web technologies (A specific type of distributed systems)

Overview of Form and Javascript fundamentals. Brief matching exercise 1. This is the software that allows a user to access and view HTML documents 2.

How I spend my money Software architecture course Mohan, Maxim.

Interactive Web Tehcnologies Teppo Räisänen LIIKE/OAMK 2011.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 JSP Application Models.

NASRULLAH KHAN.  Lecturer : Nasrullah   Website :

 Web pages originally static  Page is delivered exactly as stored on server  Same information displayed for all users, from all contexts  Dynamic.

ASP-2-1 SERVER AND CLIENT SIDE SCRITPING Colorado Technical University IT420 Tim Peterson.

10 Copyright © 2004, Oracle. All rights reserved. Building ADF View Components.

Introduction to UML and Rational Rose UML - Unified Modeling Language Rational Rose 98 - a GUI tool to systematically develop software through the following.

A Presentation Presentation On JSP On JSP & Online Shopping Cart Online Shopping Cart.

XP Creating Web Pages with Microsoft Office

Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 13 Computer Programs and Programming Languages.

Java Server Pages Can web pages be created specially for each user?

CX Introduction to Web Programming

WWW and HTTP King Fahd University of Petroleum & Minerals

Chapter 27 WWW and HTTP.

Web Application Development Using PHP

Presentation transcript:

K. Jamroendararasame*, T. Matsuzaki, T. Suzuki, and T. Tokuda Department of Computer Science, Tokyo Institute of Technology, JAPAN Two Generators of Secure Web-based Transaction Systems

Contents Motivations Software architectures for Web-based transaction systems Web transition diagrams Web-based transaction system generators T-Web system PF-Web system Evaluation Comparisons & Conclusion

Disadvantages of current approaches Manual consistency and security management Ad hoc construction of processing programs Complex logical structure processing programs No graphical view of overall system behavior

Non-programmers can generate typical Web-based transaction systems. Support of consistency management and standard level of Web security Goals

Purposes (1) A method to describe behavior of Web-based transaction systems graphically Web Transition Diagrams: Representation of overall behavior of Web- based transaction systems Based on pipe/filter software architecture

Purposes (2) Web-based transaction system generators: T-Web system : based on template method PF-Web system : based on functional composition method A method to generate Web-based transaction systems from graphical diagrams

Why two types of generators? For two types of target users T-Web system for non-programmers with : ability to understand overall system behavior, ability to compose Web transition diagrams, ability to differentiate types of processes PF-Web system for non-programmers with : ability to understand overall system behavior, ability to compose Web transition diagrams, ability to give a clear definition of input/output values of processes

Software architectures for Web-based transaction systems

Definitions Client-Server computing systems Web-based transaction systems Web application systems

Software architectures for Web-based transaction systems Processing on the client side scripting languages: JavaScript and VBScript compiled modules: Java applets and ActiveX controls Processing on the server side SSI (Server Side Includes) CGI (Common Gateway Interface) JavaServlet server side scripts: JSP, ASP, PHP, etc. components: EJB and COM+

Software architectures for Web-based transaction systems Processing on both client side and server side client side scripts with server side programs client-server programs communicating by general protocols RMI (Remote Method Invocation) We concentrate on CGI architecture.

Web Transition Diagrams

Overview Representation of overall behavior of Web-based transaction systems Based on Pipe/Filter architecture Filter Pipe Web page Web page Processing program CGI program, Java servlet, etc.

Definitions Fixed Web page node Output Web page node Processing node Database node Page transition link Data-flow link title name Nodes Links

Example: a Seminar Room Booking System Register Confirm1 Error1 USER_LIST {id,pw,em,pin} id pw em SubmitReset home ADD1 <!Blank parameter or id/em already exist> OK NG *****

T-Web system

T-Web system structure Step 1: Compose a Web transition diagram using the editor Step 2: Allow the generator to generate resulting files Step 3: Optionally revise Web pages using a Web page composer Step 4: Place all resulting files on a Web server and run the script to create all database tables

Template Method A template library for processing programs ~15 templates Templates for database manipulations and sending s Automatically support a standard level of Web security For each processing node, users have to: Select a template from the template library, Specify template parameters No coding Reuse of processing program codes

Web transition diagram composition

List of output Web pages Web transition diagram composition

Template library Description Requirement Web transition diagram composition

List of database tables List of database fields List of output Web pages List of input parameters Web transition diagram composition

Generation of Web pages Register ID PW EM home Submit ****** an example of Web pages Register ID PW EM home

$dbname = “ # ” ; $table = “ # ” = (# ); &ReadParse(*in); # > if (&Blank_check(# )){ &connect($dbname); &exist_check($table, #, # ); if ($sth->rows ==0){ # Generation of processing programs and a script an example of templates $dbname = “ booking ” ; $table = “ USER_LIST ” = ( “ ID ”, “ PW ”, “ EM ”, “ PIN ” ); &ReadParse(*in); $ID = $in{ ‘ __ID ’ }; $PW = $in{ ‘ __PW ’ }; $EM = $in{ ‘ __EM ’ }; if (&Blank_check($ID,$EM,$PW)){ &connect($dbname); &exist_check($table, “ ID ”, “ EM ”, $ID,$EM); if ($sth->rows ==0){ $PIN = &PIN_generate($table); <- booking <- USER_LIST <- “ ID ”, “ PW ”, “ EM ”, “ PIN ” <- $ID = $in{'__ID'}; $PW = $in{ ‘ __PW ’ }; $EM = $in{ ‘ __EM ’ }; <- $ID,$EM,$PW <- “ ID ”, “ EM ” $ID,$EM <- $PIN = &PIN_generate($table); <- NULL

PF-Web system

PF-Web system structure Step 1: Compose a Web transition diagram using the Web transition diagram editor and compose a process description using a text editor Step 2: Allow the generator to generate resulting files Step 3: Optionally revise Web pages Step 4: Place all files on Web server PF-Web generator Web transition diagram editor Text editor Web page composer/Text editor Web transition diagram Process description Web page templates Web page templates CGI programs Web-based transaction system

Functional Composition Method Some predefined functions for processing programs ~11 functions Functions for parameter manipulations, database manipulations and sending s In a process description, users have to: Specify behavior of processing programs using predefined functions instead of templates No coding

Web transition diagram composition

Pipe/Filter Relationship Processing Program X Web page A Web page B Pipe P A Pipe P B Filter F X Processing Program X Web page A Web page B1 Pipe P A Pipe P B1 Filter F X1 Web page B2 Pipe P B2 Filter F X2 Processing Program Web page Pipe Filter Database table 1 23

Pipe/Filter Relationship FOO BAR Pipe A Pipe B Filter X Filter Y FOO BAR INP Name INP (BAR) FOO BAR INP SOME_TABLE RESULT STATUS CMD RESULT STATUS A field corresponding to an input element A field corresponding to a visible parameter A field corresponding to a hidden parameter input fields output fields

Process description A set of equations and functions of all processing programs For each processing program, it describes all filters. For each filter, it describes: an output Web page of the filter, a condition which the filter can be activated, values of output fields in terms of input fields

process add1 { error1 if i.ID=="" || i.PW=="" || i.EM=="" || db_ntuples(db_select("*",i.USER_LIST, "WHERE ID=‘%s’",i.ID))>0 with { o.USER_LIST=i.USER_LIST } confirm1 otherwise { pin=generatePIN(i.ID, i.PW, i.EM) o.PIN=pin o.EM=i.EM o.USER_LIST=db_insert(i.USER_LIST, ”VALUES (’%s’,’%s’,’%s’,%d)”, i.ID, i.PW, i.EM, pin) } Process description example

confirm1 __#EM__ confirm1 (PIN) Generation of Web pages

... &readFormData; &openDB;... $v_prev=&db_select( "ID", $i_USER_LIST, "WHERE ID='%s'", $i_ID ); if ($i_ID eq "" || $i_PW eq "" || $i_EM eq "" || &db_ntuples( $v_prev ) > 0) { $o_USER_LIST = $i_USER_LIST;... &_gen_error1_page; } else { $v_pin=&generatePIN( $i_ID, $i_PW, $i_EM ); $o_EM = $i_EM; $o_PIN = $v_pin; $o_USER_LIST = &db_insert( $i_USER_LIST, "VALUES ('%s','%s','%s',%d)", $i_ID, $i_PW, $i_EM, $v_pin );... &_gen_confirm1_page; } &closeDB; exit; Generation of processing programs

sub _gen_confirm1_page { $OUT{'EM'}=$o_EM; $OUT{'PIN'}=$o_PIN; &genhtml(‘./roombooking/confirm1.html',%OUT); } sub _gen_error1_page { &genhtml(‘./roombooking/error1.html',%OUT); } sub readFormData { %VAR=&decodeFormData; $i_EM=$VAR{'EM'}; &checkscalar($i_EM,80); $i_PW=$VAR{'PW'}; &checkscalar($i_PW,40); $i_ID=$VAR{'ID'}; &checkscalar($i_ID,20); } Generation of processing programs

Evaluation

12 34 Last update: 3 start of session end of session program execution refused program execution allowed Consistency management 0 By adding some checking codes to detect un- updated input parameters

Security management Web security from common types of Web site attacks By adding some checking codes to processing programs and CGI libraries Examples of codes : for denying unacceptable amount of input parameters over-maximum-length input parameter for denying unacceptable format of input parameters HTML tags abnormal-formatted addresses

Evaluation Consistency management and standard secure methods are provided. T-Web & PF-Web system can generate: typical Web-based transaction systems based on CGI architecture examples: Room booking systems Guest book systems Shopping cart systems No programming ability is necessary. Universality T-Web: depending on the number of templates PF-Web: depending on the composition of a process description

Results: a seminar room booking system

Comparisons & Conclusion

Comparisons Web page composersOur approaches Visual composition of Web pages Manual writing processing programs Manual management of consistency and security Visual composition of the whole system Automatic generation of processing programs from templates or a process description Automatic management of consistency and security

Comparisons Server side scripts & development tools (Ex. ASP + Microsoft’s Visual InterDev) Our approaches Easily producing of Web pages by server side scripts A site diagram representing relationship among Web pages and server side scripts Procedural programming General producing of Web pages No server side script A Web transition diagram representing relationship among Web pages, processing programs, and databases No procedural programming, but specifying templates with their parameters or composition of a process description

Comparisons T-Web systemPF-Web system Provides an editor for Web transition diagrams composition The generator generates processing programs from templates and template parameters. System proficiency is depending on the number of templates and users’ ability to select and specify template parameters. Provides an editor for Web transition diagrams composition The generator generates processing programs from a process description. System proficiency is depending on users’ ability to compose a process description.

Conclusion Web transition diagrams T-Web system & PF-Web system: compose Web transition diagrams generate Web-based transaction systems Future work: improvement of consistency and security level implementation of a generator for Web-based transaction systems based on other architectures