K. Jamroendararasame*, T. Matsuzaki, T. Suzuki, and T. Tokuda

Department of Computer Science, Tokyo Institute of Technology, JAPAN

Two Generators of SecureTwo Generators of SecureWeb-based Transaction SystemsWeb-based Transaction Systems

ContentsContents

Motivations Software architectures for Web-based

transaction systems Web transition diagrams Web-based transaction system generators

T-Web system PF-Web system

Evaluation Comparisons & Conclusion

Disadvantages of current approachesDisadvantages of current approaches

Manual consistency and security management

Ad hoc construction of processing programs

Complex logical structure processing programs

No graphical view of overall system behavior

Non-programmers can generate typical Web-based transaction systems.

Support of consistency management and standard level of Web security

GoalsGoals

Purposes (1)Purposes (1)

A method to describe behavior of Web-based

transaction systems graphically

Web Transition Diagrams: Representation of overall behavior of Web-

based transaction systems Based on pipe/filter software architecture

Purposes (2)Purposes (2)

Web-based transaction system generators: T-Web system : based on template method PF-Web system : based on functional

composition method

A method to generate Web-based transaction

systems from graphical diagrams

Why two types of generators?Why two types of generators?

For two types of target users T-Web system for non-programmers with :

ability to understand overall system behavior, ability to compose Web transition diagrams, ability to differentiate types of processes

PF-Web system for non-programmers with : ability to understand overall system behavior, ability to compose Web transition diagrams, ability to give a clear definition of input/output

values of processes

Software architectures for Software architectures for Web-based transaction systemsWeb-based transaction systems

DefinitionsDefinitions

Client-Server computing systems

Web-based transaction systems

Web application systems

Software architectures forSoftware architectures forWeb-based transaction systemsWeb-based transaction systems

Processing on the client side scripting languages: JavaScript 　 and VBScript compiled modules: Java applets and ActiveX controls

Processing on the server side SSI (Server Side Includes) CGI (Common Gateway Interface) JavaServlet server side scripts: JSP, ASP, PHP, etc. components: EJB and COM+

Software architectures for Software architectures for Web-based transaction systemsWeb-based transaction systems

Processing on both client side and server side client side scripts with server side programs client-server programs communicating by general

protocols RMI (Remote Method Invocation)

We concentrate on CGI architecture.

Web Transition DiagramsWeb Transition Diagrams

OverviewOverview

Representation of overall behavior of Web-based transaction systems

Based on Pipe/Filter architecture

FilterPipe Pipe

Webpage

Webpage

Processing program

• CGI program,• Java servlet,• etc.

DefinitionsDefinitions

Fixed Web page node Output Web page node

Processing node Database node

Page transition link

Data-flow link

title title

namename

Nodes Links

Example: Example: a Seminar Room Booking Systema Seminar Room Booking System

Register

Confirm1

Error1

USER_LIST

{id,pw,em,pin}

idpwem

Submit Reset

home

ADD1

<id,pw,em> <!Blank parameteror id/em already exist>

OK

NG*****

T-Web systemT-Web system

T-Web system structureT-Web system structure

Step 1: Compose a Web transition diagram using the editorStep 2: Allow the generator to generate resulting filesStep 3: Optionally revise Web pages using a Web page composerStep 4: Place all resulting files on a Web server and run the script to

create all database tables

Template MethodTemplate Method

A template library for processing programs ~15 templates

Templates for database manipulations and sending e-mails Automatically support a standard level of Web security

For each processing node, users have to: Select a template from the template library, Specify template parameters

No coding Reuse of processing program codes

Web transition diagram compositionWeb transition diagram composition

List of output Web pages

Web transition diagram compositionWeb transition diagram composition

Web transition diagram compositionWeb transition diagram composition

Template library

DescriptionRequirement

Web transition diagram compositionWeb transition diagram composition

List of database tables

List of database fieldsList of output Web pages

List of input parameters

Web transition diagram compositionWeb transition diagram composition

Web transition diagram compositionWeb transition diagram composition

Web transition diagram compositionWeb transition diagram composition

Generation of Web pagesGeneration of Web pages

<HTML> <BODY>

</BODY></HTML>

Register

IDPWEM

homeSubmit

******

an example of Web pages

<TITLE>Register</TITLE> <FORM ACTION = "/cgi-bin/ADD1.cgi" METHOD = "POST">ID<INPUT TYPE = “text” NAME=“__ID”>PW<INPUT TYPE = “password” NAME=“__PW”>EM<INPUT TYPE = “text” NAME=“__EM”><INPUT TYPE = “submit” VALUE=“Submit”></FORM><A HREF = “Top.html”>home</A>

$dbname = “#<DB_NAME#>”; $table = “#<TABLE_NAME#>”;@field = (#<“FIELD_NAME”#>); &ReadParse(*in);#<<$PARAMETER_NAME = $in{'__PARAMETER_NAME'};#>>

if (&Blank_check(#<$PARAMETER_FOR_BLANK#>)){&connect($dbname); &exist_check($table, #<“PARAMETER_FOR_MATCH”#>, #<$PARAMETER_FOR_MATCH#>);

if ($sth->rows ==0){#<$ID_FIELDNAME = &PIN_generate($table);#>#<$DATE_FIELDNAME = &Date();#>

Generation of processing programs Generation of processing programs and a scriptand a script

an example of templates

$dbname = “booking”;$table = “USER_LIST”;@field = (“ID”, “PW”, “EM”, “PIN”); &ReadParse(*in);$ID = $in{‘__ID’};$PW = $in{‘__PW’};$EM = $in{‘__EM’};if (&Blank_check($ID,$EM,$PW)){&connect($dbname); &exist_check($table, “ID”, “EM” , $ID,$EM);if ($sth->rows ==0){$PIN = &PIN_generate($table);

<- booking<- USER_LIST

<- “ID”, “PW”, “EM”, “PIN”

<- $ID = $in{'__ID'}; $PW = $in{‘__PW’}; $EM = $in{‘__EM’};<- $ID,$EM,$PW

<- “ID”, “EM” $ID,$EM

<- $PIN = &PIN_generate($table);<- NULL

PF-Web systemPF-Web system

PF-Web system structurePF-Web system structure

Step 1: Compose a Web transition diagram using the Web transition diagram editor and compose a process description using a text editor

Step 2: Allow the generator to generate resulting filesStep 3: Optionally revise Web pagesStep 4: Place all files on Web server

PF-Web generator

Web transition diagram editor Text editor

Web page composer/Text editor

Web transition diagram

Process description

Web page templates

Web page templates CGI programs

Web-based transaction system

Functional Composition MethodFunctional Composition Method

Some predefined functions for processing programs

~11 functions Functions for parameter manipulations, database

manipulations and sending e-mails In a process description, users have to:

Specify behavior of processing programs using predefined functions instead of templates

No coding

Web transition diagram compositionWeb transition diagram composition

Web transition diagram compositionWeb transition diagram composition

Pipe/Filter RelationshipPipe/Filter Relationship

ProcessingProgram X

Web pageA

Web pageB

Pipe PA Pipe PBFilter

FX

ProcessingProgram X

Web pageA

Web pageB1

Pipe PA Pipe PB1FilterFX1

Web pageB2

Pipe PB2FilterFX2

ProcessingProgram

Web page Web page

Pipe PipeFilter

Database table

Database table

1 2 3

Pipe/Filter RelationshipPipe/Filter Relationship

FOO

BAR

Pipe A Pipe B

Filter X Filter YFOO

BAR

INP

Name

INP<FOO>(BAR)

FOO

BAR

INP

SOME_TABLE SOME_TABLE

SOME_TABLE

RESULT

STATUS

CMD

RESULT

STATUS

A field corresponding to an input element

A field corresponding to a visible parameter

A field corresponding to a hidden parameter

input fields output fields

Process descriptionProcess description

A set of equations and functions of all processing programs

For each processing program, it describes all filters.

For each filter, it describes: an output Web page of the filter, a condition which the filter can be activated, values of output fields in terms of input fields

process add1 {

error1 if i.ID=="" || i.PW=="" || i.EM=="" || db_ntuples(db_select("*",i.USER_LIST, "WHERE ID=‘%s’",i.ID))>0 with { o.USER_LIST=i.USER_LIST }

confirm1 otherwise { pin=generatePIN(i.ID, i.PW, i.EM) o.PIN=pin o.EM=i.EM o.USER_LIST=db_insert(i.USER_LIST, 　　　　” VALUES (’%s’,’%s’,’%s’,%d)”, i.ID, i.PW, i.EM, pin) }

}

Process description exampleProcess description example

<HTML><HEAD><TITLE>confirm1</TITLE></HEAD><BODY>__#EM__<FORM ACTION=“EMAIL1.cgi“ METHOD=POST><INPUT TYPE=HIDDEN NAME=“PIN” VALUE=“__PIN__”><INPUT TYPE=HIDDEN NAME=“EM” VALUE=“__EM__”><INPUT TYPE=SUBMIT VALUE=“EMAIL”></FORM></BODY></HTML>

confirm1

<EM>(PIN)

EMAIL

Generation of Web pagesGeneration of Web pages

...&readFormData;&openDB; ...$v_prev=&db_select( "ID", $i_USER_LIST, "WHERE ID='%s'", $i_ID );if ($i_ID eq "" || $i_PW eq "" || $i_EM eq "" || &db_ntuples( $v_prev ) > 0) {

$o_USER_LIST = $i_USER_LIST; ...&_gen_error1_page;

}else {

$v_pin=&generatePIN( $i_ID, $i_PW, $i_EM );

$o_EM = $i_EM;$o_PIN = $v_pin;$o_USER_LIST = &db_insert( $i_USER_LIST, "VALUES ('%s','%s','%s',%d)",

$i_ID, $i_PW, $i_EM, $v_pin ); ...&_gen_confirm1_page;

}&closeDB;exit;

Generation of processing programs Generation of processing programs

sub _gen_confirm1_page {$OUT{'EM'}=$o_EM;$OUT{'PIN'}=$o_PIN;&genhtml(‘./roombooking/confirm1.html',%OUT);

}

sub _gen_error1_page {&genhtml(‘./roombooking/error1.html',%OUT);

}

sub readFormData {%VAR=&decodeFormData;$i_EM=$VAR{'EM'};&checkscalar($i_EM,80);$i_PW=$VAR{'PW'};&checkscalar($i_PW,40);$i_ID=$VAR{'ID'};&checkscalar($i_ID,20);

}

Generation of processing programs Generation of processing programs

EvaluationEvaluation

1 2 3 4

Last update: 3

start of session

end of session

program execution refused program execution allowed

ConsistencyConsistency managementmanagement

0

By adding some checking codes to detect un-updated input parameters

Security managementSecurity management

Web security from common types of Web site attacks

By adding some checking codes to processing programs and CGI libraries

Examples of codes: for denying unacceptable amount of input parameters

over-maximum-length input parameter for denying unacceptable format of input parameters

HTML tags abnormal-formatted email addresses

EvaluationEvaluation

Consistency management and standard secure methods are provided.

T-Web & PF-Web system can generate: typical Web-based transaction systems based on CGI

architecture examples:

Room booking systems Guest book systems Shopping cart systems

No programming ability is necessary. Universality

T-Web: depending on the number of templates PF-Web: depending on the composition of a process description

Results: Results: a seminar room booking systema seminar room booking system

Results: Results: a seminar room booking systema seminar room booking system

Results: Results: a seminar room booking systema seminar room booking system

Results: Results: a seminar room booking systema seminar room booking system

Results: Results: a seminar room booking systema seminar room booking system

Comparisons & ConclusionComparisons & Conclusion

ComparisonsComparisons

Web page composers Our approaches

Visual composition of Web pages Manual writing processing programs Manual management of consistency and security

Visual composition of the whole system Automatic generation of processing programs from templates or a process description Automatic management of consistency and security

ComparisonsComparisons

Server side scripts & development tools

(Ex. ASP + Microsoft’s Visual InterDev)

Our approaches

Easily producing of Web pages by server side scripts A site diagram representing relationship among Web pages and server side scripts Procedural programming

General producing of Web pages No server side script A Web transition diagram representing relationship among Web pages, processing programs, and databases No procedural programming, but specifying templates with their parameters or composition of a process description

ComparisonsComparisons

T-Web system PF-Web system

Provides an editor for Web transition diagrams compositionThe generator generates processing programs from templates and template parameters. System proficiency is depending on the number of templates and users’ ability to select and specify template parameters.

Provides an editor for Web transition diagrams composition The generator generates processing programs from a process description. System proficiency is depending on users’ ability to compose a process description.

ConclusionConclusion

Web transition diagrams T-Web system & PF-Web system:

compose Web transition diagrams generate Web-based transaction systems

Future work: improvement of consistency and security level implementation of a generator for Web-based

transaction systems based on other architectures