Presentation is loading. Please wait.

Presentation is loading. Please wait.

K. Jamroendararasame*, T. Matsuzaki, T. Suzuki, and T. Tokuda Department of Computer Science, Tokyo Institute of Technology, JAPAN Two Generators of Secure.

Published byJewel Evans Modified over 9 years ago

Similar presentations

Presentation on theme: "K. Jamroendararasame*, T. Matsuzaki, T. Suzuki, and T. Tokuda Department of Computer Science, Tokyo Institute of Technology, JAPAN Two Generators of Secure."— Presentation transcript:

1 K. Jamroendararasame*, T. Matsuzaki, T. Suzuki, and T. Tokuda Department of Computer Science, Tokyo Institute of Technology, JAPAN Two Generators of Secure Web-based Transaction Systems

2 Contents Motivations Software architectures for Web-based transaction systems Web transition diagrams Web-based transaction system generators T-Web system PF-Web system Evaluation Comparisons & Conclusion

3 Disadvantages of current approaches Manual consistency and security management Ad hoc construction of processing programs Complex logical structure processing programs No graphical view of overall system behavior

4 Non-programmers can generate typical Web-based transaction systems. Support of consistency management and standard level of Web security Goals

5 Purposes (1) A method to describe behavior of Web-based transaction systems graphically Web Transition Diagrams: Representation of overall behavior of Web- based transaction systems Based on pipe/filter software architecture

6 Purposes (2) Web-based transaction system generators: T-Web system : based on template method PF-Web system : based on functional composition method A method to generate Web-based transaction systems from graphical diagrams

7 Why two types of generators? For two types of target users T-Web system for non-programmers with : ability to understand overall system behavior, ability to compose Web transition diagrams, ability to differentiate types of processes PF-Web system for non-programmers with : ability to understand overall system behavior, ability to compose Web transition diagrams, ability to give a clear definition of input/output values of processes

8 Software architectures for Web-based transaction systems

9 Definitions Client-Server computing systems Web-based transaction systems Web application systems

10 Software architectures for Web-based transaction systems Processing on the client side scripting languages: JavaScript and VBScript compiled modules: Java applets and ActiveX controls Processing on the server side SSI (Server Side Includes) CGI (Common Gateway Interface) JavaServlet server side scripts: JSP, ASP, PHP, etc. components: EJB and COM+

11 Software architectures for Web-based transaction systems Processing on both client side and server side client side scripts with server side programs client-server programs communicating by general protocols RMI (Remote Method Invocation) We concentrate on CGI architecture.

12 Web Transition Diagrams

13 Overview Representation of overall behavior of Web-based transaction systems Based on Pipe/Filter architecture Filter Pipe Web page Web page Processing program CGI program, Java servlet, etc.

14 Definitions Fixed Web page node Output Web page node Processing node Database node Page transition link Data-flow link title name Nodes Links

15 Example: a Seminar Room Booking System Register Confirm1 Error1 USER_LIST {id,pw,em,pin} id pw em SubmitReset home ADD1 <!Blank parameter or id/em already exist> OK NG *****

16 T-Web system

17 T-Web system structure Step 1: Compose a Web transition diagram using the editor Step 2: Allow the generator to generate resulting files Step 3: Optionally revise Web pages using a Web page composer Step 4: Place all resulting files on a Web server and run the script to create all database tables

18 Template Method A template library for processing programs ~15 templates Templates for database manipulations and sending e-mails Automatically support a standard level of Web security For each processing node, users have to: Select a template from the template library, Specify template parameters No coding Reuse of processing program codes

19 Web transition diagram composition

20 List of output Web pages Web transition diagram composition

21

22 Template library Description Requirement Web transition diagram composition

23 List of database tables List of database fields List of output Web pages List of input parameters Web transition diagram composition

24

25

26 Generation of Web pages Register ID PW EM home Submit ****** an example of Web pages Register ID PW EM home

27 $dbname = “ # ” ; $table = “ # ” ; @field = (# ); &ReadParse(*in); # > if (&Blank_check(# )){ &connect($dbname); &exist_check($table, #, # ); if ($sth->rows ==0){ # Generation of processing programs and a script an example of templates $dbname = “ booking ” ; $table = “ USER_LIST ” ; @field = ( “ ID ”, “ PW ”, “ EM ”, “ PIN ” ); &ReadParse(*in); $ID = $in{ ‘ __ID ’ }; $PW = $in{ ‘ __PW ’ }; $EM = $in{ ‘ __EM ’ }; if (&Blank_check($ID,$EM,$PW)){ &connect($dbname); &exist_check($table, “ ID ”, “ EM ”, $ID,$EM); if ($sth->rows ==0){ $PIN = &PIN_generate($table); <- booking <- USER_LIST <- “ ID ”, “ PW ”, “ EM ”, “ PIN ” <- $ID = $in{'__ID'}; $PW = $in{ ‘ __PW ’ }; $EM = $in{ ‘ __EM ’ }; <- $ID,$EM,$PW <- “ ID ”, “ EM ” $ID,$EM <- $PIN = &PIN_generate($table); <- NULL

28 PF-Web system

29 PF-Web system structure Step 1: Compose a Web transition diagram using the Web transition diagram editor and compose a process description using a text editor Step 2: Allow the generator to generate resulting files Step 3: Optionally revise Web pages Step 4: Place all files on Web server PF-Web generator Web transition diagram editor Text editor Web page composer/Text editor Web transition diagram Process description Web page templates Web page templates CGI programs Web-based transaction system

30 Functional Composition Method Some predefined functions for processing programs ~11 functions Functions for parameter manipulations, database manipulations and sending e-mails In a process description, users have to: Specify behavior of processing programs using predefined functions instead of templates No coding

31 Web transition diagram composition

32

33 Pipe/Filter Relationship Processing Program X Web page A Web page B Pipe P A Pipe P B Filter F X Processing Program X Web page A Web page B1 Pipe P A Pipe P B1 Filter F X1 Web page B2 Pipe P B2 Filter F X2 Processing Program Web page Pipe Filter Database table 1 23

34 Pipe/Filter Relationship FOO BAR Pipe A Pipe B Filter X Filter Y FOO BAR INP Name INP (BAR) FOO BAR INP SOME_TABLE RESULT STATUS CMD RESULT STATUS A field corresponding to an input element A field corresponding to a visible parameter A field corresponding to a hidden parameter input fields output fields

35 Process description A set of equations and functions of all processing programs For each processing program, it describes all filters. For each filter, it describes: an output Web page of the filter, a condition which the filter can be activated, values of output fields in terms of input fields

36 process add1 { error1 if i.ID=="" || i.PW=="" || i.EM=="" || db_ntuples(db_select("*",i.USER_LIST, "WHERE ID=‘%s’",i.ID))>0 with { o.USER_LIST=i.USER_LIST } confirm1 otherwise { pin=generatePIN(i.ID, i.PW, i.EM) o.PIN=pin o.EM=i.EM o.USER_LIST=db_insert(i.USER_LIST, ”VALUES (’%s’,’%s’,’%s’,%d)”, i.ID, i.PW, i.EM, pin) } Process description example

37 confirm1 __#EM__ confirm1 (PIN) EMAIL Generation of Web pages

38 ... &readFormData; &openDB;... $v_prev=&db_select( "ID", $i_USER_LIST, "WHERE ID='%s'", $i_ID ); if ($i_ID eq "" || $i_PW eq "" || $i_EM eq "" || &db_ntuples( $v_prev ) > 0) { $o_USER_LIST = $i_USER_LIST;... &_gen_error1_page; } else { $v_pin=&generatePIN( $i_ID, $i_PW, $i_EM ); $o_EM = $i_EM; $o_PIN = $v_pin; $o_USER_LIST = &db_insert( $i_USER_LIST, "VALUES ('%s','%s','%s',%d)", $i_ID, $i_PW, $i_EM, $v_pin );... &_gen_confirm1_page; } &closeDB; exit; Generation of processing programs

39 sub _gen_confirm1_page { $OUT{'EM'}=$o_EM; $OUT{'PIN'}=$o_PIN; &genhtml(‘./roombooking/confirm1.html',%OUT); } sub _gen_error1_page { &genhtml(‘./roombooking/error1.html',%OUT); } sub readFormData { %VAR=&decodeFormData; $i_EM=$VAR{'EM'}; &checkscalar($i_EM,80); $i_PW=$VAR{'PW'}; &checkscalar($i_PW,40); $i_ID=$VAR{'ID'}; &checkscalar($i_ID,20); } Generation of processing programs

40 Evaluation

41 12 34 Last update: 3 start of session end of session program execution refused program execution allowed Consistency management 0 By adding some checking codes to detect un- updated input parameters

42 Security management Web security from common types of Web site attacks By adding some checking codes to processing programs and CGI libraries Examples of codes : for denying unacceptable amount of input parameters over-maximum-length input parameter for denying unacceptable format of input parameters HTML tags abnormal-formatted email addresses

43 Evaluation Consistency management and standard secure methods are provided. T-Web & PF-Web system can generate: typical Web-based transaction systems based on CGI architecture examples: Room booking systems Guest book systems Shopping cart systems No programming ability is necessary. Universality T-Web: depending on the number of templates PF-Web: depending on the composition of a process description

44 Results: a seminar room booking system

45

46

47

48

49 Comparisons & Conclusion

50 Comparisons Web page composersOur approaches Visual composition of Web pages Manual writing processing programs Manual management of consistency and security Visual composition of the whole system Automatic generation of processing programs from templates or a process description Automatic management of consistency and security

51 Comparisons Server side scripts & development tools (Ex. ASP + Microsoft’s Visual InterDev) Our approaches Easily producing of Web pages by server side scripts A site diagram representing relationship among Web pages and server side scripts Procedural programming General producing of Web pages No server side script A Web transition diagram representing relationship among Web pages, processing programs, and databases No procedural programming, but specifying templates with their parameters or composition of a process description

52 Comparisons T-Web systemPF-Web system Provides an editor for Web transition diagrams composition The generator generates processing programs from templates and template parameters. System proficiency is depending on the number of templates and users’ ability to select and specify template parameters. Provides an editor for Web transition diagrams composition The generator generates processing programs from a process description. System proficiency is depending on users’ ability to compose a process description.

53 Conclusion Web transition diagrams T-Web system & PF-Web system: compose Web transition diagrams generate Web-based transaction systems Future work: improvement of consistency and security level implementation of a generator for Web-based transaction systems based on other architectures

Download ppt "K. Jamroendararasame*, T. Matsuzaki, T. Suzuki, and T. Tokuda Department of Computer Science, Tokyo Institute of Technology, JAPAN Two Generators of Secure."

Similar presentations

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
1 OBJECTIVES To generate a web-based system enables to assemble model configurations. to submit these configurations on different.

1 OBJECTIVES To generate a web-based system enables to assemble model configurations. to submit these configurations on different.
DT228/3 Web Development WWW and Client server model.

DT228/3 Web Development WWW and Client server model.
® IBM Software Group © 2006 IBM Corporation Rational Software France Object-Oriented Analysis and Design with UML2 and Rational Software Modeler 04. Other.

® IBM Software Group © 2006 IBM Corporation Rational Software France Object-Oriented Analysis and Design with UML2 and Rational Software Modeler 04. Other.
Kyung Hee University 1 1 Application Layer. 2 Kyung Hee University Position of Application Layer.

Kyung Hee University 1 1 Application Layer. 2 Kyung Hee University Position of Application Layer.
B.Sc. Multimedia ComputingMedia Technologies Database Technologies.

B.Sc. Multimedia ComputingMedia Technologies Database Technologies.
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.

INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
Introduction to Web Database Processing

Introduction to Web Database Processing
Introduction to Web Application Architectures Web Application Architectures 18 th March 2005 Bogdan L. Vrusias

Introduction to Web Application Architectures Web Application Architectures 18 th March 2005 Bogdan L. Vrusias
DT211/3 Internet Development Application Internet Development Application.

DT211/3 Internet Development Application Internet Development Application.
Introduction to Web Interface Technology (CSE2030)

Introduction to Web Interface Technology (CSE2030)
Interpret Application Specifications

Interpret Application Specifications
1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.

1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.
Java Server Pages Russell Beale. What are Java Server Pages? Separates content from presentation Good to use when lots of HTML to be presented to user,

Java Server Pages Russell Beale. What are Java Server Pages? Separates content from presentation Good to use when lots of HTML to be presented to user,
1 Java Server Pages Can web pages be created specially for each user? What part does Java play?

1 Java Server Pages Can web pages be created specially for each user? What part does Java play?
M.Sc. Course, Dept. of Informatics and Telecommunications, University of Athens S.Hadjiefthymiades “Web Application Servers” Basics on WAS WAS are necessary.

M.Sc. Course, Dept. of Informatics and Telecommunications, University of Athens S.Hadjiefthymiades “Web Application Servers” Basics on WAS WAS are necessary.
Computer Science 101 Web Access to Databases Overview of Web Access to Databases.

Computer Science 101 Web Access to Databases Overview of Web Access to Databases.
Mgt 240 Lecture Website Construction: Software and Language Alternatives March 29, 2005.

Mgt 240 Lecture Website Construction: Software and Language Alternatives March 29, 2005.
2440: 141 Web Site Administration Web Server-Side Programming Professor: Enoch E. Damson.

2440: 141 Web Site Administration Web Server-Side Programming Professor: Enoch E. Damson.
Web Development & Design Foundations with XHTML Chapter 9 Key Concepts.

Web Development & Design Foundations with XHTML Chapter 9 Key Concepts.

Similar presentations

Ads by Google