TU Darmstadt / ULB / TUbiblio

Systematic Black-Box Analysis of Collaborative Web Applications

Billes, Marina ; Møller, Anders ; Pradel, Michael (2017)
Systematic Black-Box Analysis of Collaborative Web Applications.
Barcelona, Spain
doi: 10.1145/3062341.3062363
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Web applications, such as collaborative editors that allow multiple clients to concurrently interact on a shared resource, are difficult to implement correctly. Existing techniques for analyzing concurrent software do not scale to such complex systems or do not consider multiple interacting clients. This paper presents Simian, the first fully automated technique for systematically analyzing multi-client web applications. Naively exploring all possible interactions between a set of clients of such applications is practically infeasible. Simian scales to real-world applications by using a twophase black-box approach. The first phase systematically explores the application with a single client to infer potential conflicts between client events. The second phase synthesizes multi-client interactions targeted at triggering misbehavior that may result from the potential conflicts, and reports an inconsistency if the clients do not converge to a consistent state. We evaluate the analysis on three widely used systems, Google Docs, Firepad, and ownCloud Documents, where it reports a variety of inconsistencies, such as incorrect formatting and misplaced text fragments. Moreover, we find that the two-phase approach runs 10x faster than exhaustive exploration, making systematic analysis feasible.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2017
Autor(en): Billes, Marina ; Møller, Anders ; Pradel, Michael
Art des Eintrags: Bibliographie
Titel: Systematic Black-Box Analysis of Collaborative Web Applications
Sprache: Englisch
Publikationsjahr: Juni 2017
Verlag: ACM New York, NY, USA
Buchtitel: PLDI '17 ACM SIGPLAN Conference on Programming Language Design and Implementation
Veranstaltungsort: Barcelona, Spain
DOI: 10.1145/3062341.3062363
Kurzbeschreibung (Abstract):

Web applications, such as collaborative editors that allow multiple clients to concurrently interact on a shared resource, are difficult to implement correctly. Existing techniques for analyzing concurrent software do not scale to such complex systems or do not consider multiple interacting clients. This paper presents Simian, the first fully automated technique for systematically analyzing multi-client web applications. Naively exploring all possible interactions between a set of clients of such applications is practically infeasible. Simian scales to real-world applications by using a twophase black-box approach. The first phase systematically explores the application with a single client to infer potential conflicts between client events. The second phase synthesizes multi-client interactions targeted at triggering misbehavior that may result from the potential conflicts, and reports an inconsistency if the clients do not converge to a consistent state. We evaluate the analysis on three widely used systems, Google Docs, Firepad, and ownCloud Documents, where it reports a variety of inconsistencies, such as incorrect formatting and misplaced text fragments. Moreover, we find that the two-phase approach runs 10x faster than exhaustive exploration, making systematic analysis feasible.

Freie Schlagworte: Testing, collaborative editing, dynamic analysis
ID-Nummer: TUD-CS-2017-0214
Fachbereich(e)/-gebiet(e): Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
Hinterlegungsdatum: 07 Aug 2017 14:04
Letzte Änderung: 22 Jan 2019 09:30
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen