共查询到20条相似文献,搜索用时 609 毫秒
1.
Anneliese A. Andrews Jeff Offutt Curtis Dyreson Christopher J. Mallery Kshamta Jerath Roger Alexander 《Information and Software Technology》2010,52(1):52-66
Web applications are fast becoming more widespread, larger, more interactive, and more essential to the international use of computers. It is well understood that web applications must be highly dependable, and as a field we are just now beginning to understand how to model and test Web applications. One straightforward technique is to model Web applications as finite state machines. However, large numbers of input fields, input choices and the ability to enter values in any order combine to create a state space explosion problem. This paper evaluates a solution that uses constraints on the inputs to reduce the number of transitions, thus compressing the FSM. The paper presents an analysis of the potential savings of the compression technique and reports actual savings from two case studies. 相似文献
2.
The Semantic Web application framework extends Ruby on Rails to enable rapid development of integrated Semantic Web mash-ups. Web applications are mostly database driven. Developers design a database schema and then construct the application logic (which generates Web pages for user interaction) on top of the schema. These applications are centralized and rely on their own relational database, limiting the possibilities for data integration. Mash-ups (often called Web 2.0 applications) are an emerging Web development paradigm that combines functionality from different Web applications. 相似文献
3.
The verification of control-flow soundness is well understood as an important step before deploying business process models.
However, the control flow does not capture what the process activities actually do when they are executed. Semantic annotations
offer the opportunity to take this into account. Inspired by semantic Web service approaches such as OWL-S and WSMO, we consider
process models in which the individual activities are annotated with logical preconditions and effects, specified relative
to an ontology that axiomatizes the underlying business domain. Verification then addresses the overall process behavior,
arising from the interaction between control-flow and behavior of individual activities. To this end, we combine notions from
the workflow community with notions from the AI actions and change literature. We introduce a formal execution semantics for
annotated business processes. We point out four verification tasks that arise, concerning precondition/effect conflicts, reachability,
and executability. We examine the borderline between classes of processes that can, or cannot, be verified in polynomial time.
For precondition/effect conflicts, we show that the borderline is the same as that of the logic underlying the ontology axioms.
For reachability and executability, we identify a class of processes that can be verified in polynomial time by a fixpoint
algorithm which we design for that purpose. We show that this class of processes is maximal in the sense that, when generalizing
it in any of the most relevant directions, the validation tasks become computationally hard. 相似文献
4.
Roberto García Juan Manuel Gimeno Ferran Perdrix Rosa Gil Marta Oliva Juan Miguel López Afra Pascual Montserrat Sendín 《World Wide Web》2010,13(1-2):143-167
Semantic Web applications take off is being slower than expected, at least with respect to “real-world” applications and users. One of the main reasons for this lack of adoption is that most Semantic Web user interfaces are still immature from the usability and accessibility points of view. This is due to the novelty of these technologies, but this also motivates the exploration of alternative interaction paradigms, different from the “traditional” Web or Desktop applications ones. Our proposal is realized in the Rhizomer platform, which explores the possibilities of the object–action interaction paradigm at the Web scale. This paradigm is well suited for heterogeneous resource spaces such as those common in the Semantic Web. Resources, described by metadata, correspond to the objects in the paradigm. Semantic web services, which are dynamically associated to these objects, correspond to the actions. The platform is being put into practice in the context of a research project in order to build an open application for media distribution based on Semantic Web technologies. Moreover, its usability and accessibility have been evaluated in this real setting and compared to similar systems. 相似文献
5.
The MatSeek system is an ontology-based federated search interface to key materials science databases and analytical tools. By combining Semantic Web and Web 2.0 technologies, MatSeek provides materials scientists with a single Web interface that enables them to search across disparate databases containing crystal-structure data, ionic-conductivity data, and phase stability data; render 3D crystal-structure images; calculate bond lengths and angles; retrieve relevant scholarly references; and identify potential new materials with the structure and properties required to satisfy specific applications. The MatOnto ontology underlying MatSeek enables integration of data across disparate databases, and Web 2.0 technologies enable iterative searching across the databases. The results retrieved from searching the previous database are used as input to the query on the next database. By providing materials scientists with a single, integrated Web interface to the critical materials science databases and analytical tools, MatSeek represents a significant advance toward a full-fledged materials-informatics workbench. 相似文献
6.
二阶SQL注入攻击防御模型 总被引:1,自引:0,他引:1
随着互联网技术的快速发展,Web应用程序的使用也日趋广泛,其中基于数据库的Web应用程序己经广泛用于企业的各种业务系统中。然而由于开发人员水平和经验参差不齐,使得Web应用程序存在大量安全隐患。影响Web应用程序安全的因素有很多,其中SQL注入攻击是最常见且最易于实施的攻击,且SQL注入攻击被认为是危害最广的。因此,做好SQL注入攻击的防范工作对于保证Web应用程序的安全十分关键,如何更有效地防御SQL注入攻击成为重要的研究课题。SQL注入攻击利用结构化查询语言的语法进行攻击。传统的SQL注入攻击防御模型是从用户输入过滤和SQL语句语法比较的角度进行防御,当数据库中的恶意数据被拼接到动态SQL语句时,就会导致二阶SQL注入攻击。文章在前人研究的基础上提出了一种基于改进参数化的二阶SQL注入攻击防御模型。该模型主要包括输入过滤模块、索引替换模块、语法比较模块和参数化替换模块。实验表明,该模型对于二阶SQL注入攻击具有很好的防御能力。 相似文献
7.
In this paper, we describe a system, written in Haskell, for the automated verification of Web sites which can be used to specify (partial) correctness and completeness properties of a given Web site, and then automatically check whether these properties are actually fulfilled. It provides a rule-based, formal specification language which allows us to define syntactic/semantic conditions for the Web site by means of a user-friendly graphical interface as well as a verification facility for recognizing forbidden/incorrect patterns and incomplete/missing Web pages. 相似文献
8.
Miao Wan Arne J?nsson Cong Wang Lixiang Li Yixian Yang 《Knowledge and Information Systems》2011,33(1):89-115
Users of a Web site usually perform their interest-oriented actions by clicking or visiting Web pages, which are traced in access log files. Clustering Web user access patterns may capture common user interests to a Web site, and in turn, build user profiles for advanced Web applications, such as Web caching and prefetching. The conventional Web usage mining techniques for clustering Web user sessions can discover usage patterns directly, but cannot identify the latent factors or hidden relationships among users?? navigational behaviour. In this paper, we propose an approach based on a vector space model, called Random Indexing, to discover such intrinsic characteristics of Web users?? activities. The underlying factors are then utilised for clustering individual user navigational patterns and creating common user profiles. The clustering results will be used to predict and prefetch Web requests for grouped users. We demonstrate the usability and superiority of the proposed Web user clustering approach through experiments on a real Web log file. The clustering and prefetching tasks are evaluated by comparison with previous studies demonstrating better clustering performance and higher prefetching accuracy. 相似文献
9.
《国际计算机数学杂志》2012,89(11):2265-2278
Implemented by dynamic service composition and integration, Web application has significantly affected our daily life, such as e-commerce and e-government. However, the open and ever-changing environment makes Web users more vulnerable to the usability problem, i.e. unreachable pages and reduced responsiveness. Accordingly, there is a need to deliver reliable Web application with attributes that cover the correctness and reliability. For the efficient handling of failures, the compatibility verification of dynamic reconfiguration strategies is attached great importance since it can guarantee the robustness and high quality of Web-based software. This paper extends the classical finite state machine (FSM) to formalize the behaviour of Web application, namely the extended FSM for Web applications (EFSM4WA) model. This model is also suitable to formally describe the interaction behaviours of dynamic reconfiguration when Web application encountered failure. Then, the compatibility verification of dynamic reconfiguration is carried out in two phases. During the first phase, it adopts the trace projection approach to check the compatibility against the synchronized product model in a qualitative way, which will select a set of candidate Web applications. During the second phase, it takes performance into consideration to choose a high-reliability Web application in a quantitative way. Finally, a case study is demonstrated to show the applicability of our approach. 相似文献
10.
In this paper, we develop a framework for the automated verification of Web sites which can be used to specify integrity conditions for a given Web site, and then automatically check whether these conditions are fulfilled. First, we provide a rewriting-based, formal specification language which allows us to define syntactic as well as semantic properties of the Web site. Then, we formalize a verification technique which obtains the requirements not fulfilled by the Web site, and helps to repair the errors by finding out incomplete information and/or missing pages. Our methodology is based on a novel rewriting-based technique, called partial rewriting, in which the traditional pattern matching mechanism is replaced by tree simulation, a suitable technique for recognizing patterns inside semistructured documents. The framework has been implemented in the prototype Web verification system Verdi which is publicly available. 相似文献
11.
Dipl.-Wirtsch.-Inf. Maximilian Röglinger 《WIRTSCHAFTSINFORMATIK》2009,51(6):496-505
Web service compositions coordinate Web services of different enterprises. They are expected to constitute the foundation of service-oriented architectures, to improve business processes as well as to foster intra- and inter-organizational integration. Especially in inter-organizational contexts, quality of service referring to non-functional requirements and conformance to functional requirements are becoming vital properties. With Web service compositions being asynchronous and distributed systems, the latter property – which is also called correctness – can be shown best by verification. This paper examines from a system-theoretic perspective how correctness can be operationalized for Web service compositions. It also proposes a requirements framework for service-oriented modeling techniques so that correctness can be shown by verification and Web service compositions can be modeled intuitively. In order to show the framework’s principle applicability, an example approach is analyzed with respect to the corresponding requirements. 相似文献
12.
Florian Haftmann Donald Kossmann Eric Lo 《The VLDB Journal The International Journal on Very Large Data Bases》2007,16(1):145-164
Regression testing is an important software maintenance activity to ensure the integrity of a software after modification. However, most methods and tools developed for software testing today do not work well for database applications; these tools only work well if applications are stateless or tests can be designed in such a way that they do not alter the state. To execute tests for database applications efficiently, the challenge is to control the state of the database during testing and to order the test runs such that expensive database reset operations that bring the database into the right state need to be executed as seldom as possible. This work devises a regression testing framework for database applications so that test runs can be executed in parallel. The goal is to achieve linear speed-up and/or exploit the available resources as well as possible. This problem is challenging because parallel testing needs to consider both load balancing and controlling the state of the database. Experimental results show that test run execution can achieve linear speed-up by using the proposed framework. 相似文献
13.
14.
M. Alpuente D. Ballis M. Falaschi 《International Journal on Software Tools for Technology Transfer (STTT)》2006,8(6):565-585
In this paper, we develop a framework for the automated verification of Web sites, which can be used to specify integrity
conditions for a given Web site, and then automatically check whether these conditions are fulfilled. First, we provide a
rewriting-based, formal specification language which allows us to define syntactic as well as semantic properties of the Web
site. Then, we formalize a verification technique which detects both incorrect/forbidden patterns as well as lack of information,
that is, incomplete/missing Web pages inside the Web site. Useful information is gathered during the verification process
which can be used to repair the Web site. Our methodology is based on a novel rewriting-based technique, called partial rewriting, in which the traditional pattern matching mechanism is replaced by tree simulation, a suitable technique for recognizing patterns inside semistructured documents. The framework has been implemented in the
prototype GVerdi, which is publicly available. 相似文献
15.
Testing Web applications by modeling with FSMs 总被引:6,自引:0,他引:6
Anneliese A. Andrews Jeff Offutt Roger T. Alexander 《Software and Systems Modeling》2005,4(3):326-345
Researchers and practitioners are still trying to find effective ways to model and test Web applications. This paper proposes a system-level testing technique that combines test generation based on finite state machines with constraints. We use a hierarchical approach to model potentially large Web applications. The approach builds hierarchies of Finite State Machines (FSMs) that model subsystems of the Web applications, and then generates test requirements as subsequences of states in the FSMs. These subsequences are then combined and refined to form complete executable tests. The constraints are used to select a reduced set of inputs with the goal of reducing the state space explosion otherwise inherent in using FSMs. The paper illustrates the technique with a running example of a Web-based course student information system and introduces a prototype implementation to support the technique. 相似文献
16.
Formal methods and verification technique are often used to develop mission-critical systems. Cloud computing offers new computation models for applications and the new model can be used for formal verification. But formal verification tools and techniques may need to be updated to exploit the cloud architectures. Multi-Tenant Architecture (MTA) is a design architecture used in SaaS (Software-as-a-Service) where a tenant can customize its applications by integrating either services already stored in the SaaS database or newly supplied services. This paper proposes a new concept VaaS (Verification-as-a-Service), similar to SaaS, by leveraging the computing power offered by a cloud environment with automated provisioning, scalability, and service composition. A VaaS hosts verification software in a cloud environment, and these services can be called on demand, and can be composed to verify a software model. This paper presents a VaaS architecture with components, and ways that a VaaS can be used to verify models. Bigragh is selected as the modeling language for illustration as it can model mobile applications. A Bigraph models can be verified by first converting it to a state model, and the state model can be verified by model-checking tools. The VaaS services combination model and execution model are also presented. The algorithm of distributing VaaS services to a cloud is given and its efficiency is evaluated. A case study is used to demonstrate the feasibility of a VaaS. 相似文献
17.
H. Aschemann J. Minisini A. Rauh 《Journal of Computer and Systems Sciences International》2010,49(5):683-695
In this paper, we give an overview of interval arithmetic techniques for both the offline and online verification of robust
control strategies. Part 1 of the paper mainly addresses basic interval techniques focusing on offline applications while
the focus of Part 2 is their online application. For offline applications, we aim at computing the sets of all admissible
control strategies. Admissibility is defined in terms of constraints on, for example, the trajectories of the state variables,
the range of control inputs, and the frequency response or eigenvalue regions of linear closed-loop control systems. In contrast
to the offline application, the foremost requirement for online applications is the verification of the admissibility of at
least one control strategy and to determine a suitable approximate solution to a control task which is both feasible and optimal
in some specified sense. In addition to open-loop as well as closed-loop control, the problem of state and parameter estimation
is addressed. 相似文献
18.
《Applied Soft Computing》2008,8(2):839-848
For dealing with the adjacent input fuzzy sets having overlapping information, non-additive fuzzy rules are formulated by defining their consequent as the product of weighted input and a fuzzy measure. With the weighted input, need arises for the corresponding fuzzy measure. This is a new concept that facilitates the evolution of new fuzzy modeling. The fuzzy measures aggregate the information from the weighted inputs using the λ-measure. The output of these rules is in the form of the Choquet fuzzy integral. The underlying non-additive fuzzy model is investigated for identification of non-linear systems. The weighted input which is the additive S-norm of the inputs and their membership functions provides the strength of the rules and fuzzy densities required to compute fuzzy measures subject to q-measure are the unknown functions to be estimated. The use of q-measure is a powerful way of simplifying the computation of λ-measure that takes account of the interaction between the weighted inputs. Two applications; one real life application on signature verification and forgery detection, and another benchmark problem of a chemical plant illustrate the utility of the proposed approach. The results are compared with those existing in the literature. 相似文献
19.
20.
Desmet L. Verbaeten P. Joosen W. Piessens F. 《IEEE transactions on pattern analysis and machine intelligence》2008,34(1):50-64
Web applications are widely adopted and their correct functioning is mission critical for many businesses. At the same time, Web applications tend to be error prone and implementation vulnerabilities are readily and commonly exploited by attackers. The design of countermeasures that detect or prevent such vulnerabilities or protect against their exploitation is an important research challenge for the fields of software engineering and security engineering. In this paper, we focus on one specific type of implementation vulnerability, namely, broken dependencies on session data. This vulnerability can lead to a variety of erroneous behavior at runtime and can easily be triggered by a malicious user by applying attack techniques such as forceful browsing. This paper shows how to guarantee the absence of runtime errors due to broken dependencies on session data in Web applications. The proposed solution combines development-time program annotation, static verification, and runtime checking to provably protect against broken data dependencies. We have developed a prototype implementation of our approach, building on the JML annotation language and the existing static verification tool ESC/Java2, and we successfully applied our approach to a representative J2EE-based e-commerce application. We show that the annotation overhead is very small, that the performance of the fully automatic static verification is acceptable, and that the performance overhead of the runtime checking is limited. 相似文献