safe composition of web communication protocols n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Safe Composition of Web Communication Protocols PowerPoint Presentation
Download Presentation
Safe Composition of Web Communication Protocols

Loading in 2 Seconds...

play fullscreen
1 / 16

Safe Composition of Web Communication Protocols - PowerPoint PPT Presentation


  • 153 Views
  • Updated on

Safe Composition of Web Communication Protocols. Adam D. Bradley Azer Bestavros Assaf J. Kfoury artdodge,best,kfoury@cs.bu.edu. Introduction. Preliminaries HTTP Versions The Expect/Continue Feature: Is it “Safe”? Model-based Analysis Building Models from RFCs Verification Results

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Safe Composition of Web Communication Protocols


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Safe Composition of Web Communication Protocols Adam D. Bradley Azer Bestavros Assaf J. Kfoury artdodge,best,kfoury@cs.bu.edu 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

    2. Introduction • Preliminaries • HTTP Versions • The Expect/Continue Feature: Is it “Safe”? • Model-based Analysis • Building Models from RFCs • Verification Results • General Claims • Conclusions and Future Directions 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

    3. HTTP Versioning Problem • HTTP - informal docs, internet-drafts • HTTP/1.0 • RFC1945 • HTTP/1.1 • RFC2068 (1/97), superceded by RFC2616 (6/99) • “HTTP/1.1” does not uniquely identify semantics 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

    4. Expect/Continue • Clients can send entities in requests • POSTing a form, Image, PDF paper, Web Service invocation (SOAP etc.) • Don’t send entity if doing so accomplishes nothing • Authentication failure, server overload, failed predicate • “100 Continue” Interim Response • Server signals interest in request entity • Introduced in RFC2068 • “Expect: 100-continue” Request Header • Client signals it will wait for a 100 Continue message • Introduced in RFC2616 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

    5. Expect/Continue: Problems! • This changes the event model for HTTP! • What’s a proxy to do? (Pre-RFC2616) • Is “100 Continue” hop-by-hop? • Defeats most obvious use: Bandwidth-starved client • Is “100 Continue” end-to-end? • Deadlock-prone [Mogul97] • Is it either/both? (Choose either at whim?) • Confuses (deceives) downstream agents? 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

    6. The “Fix” • RFC2616 added Expect: 100-continue • Defined Expect/Continue as Hop-by-Hop • Rules for graceful interoperability with RFC2068 Problem solved… or IS it? 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

    7. Formal Modeling • SPIN • Finite-State Model Checker • Strength: Find deadlocks, livelocks, LTL violations • Gerard Holzmann - Bell Labs • Freely Downloadable • Promela • C-like code for non-deterministic state machines • Useful constructs for communication modeling • The Challenge: • Translate prosaic RFCs into Reactive State Machines 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

    8. Promela/SPIN Models • Clients • client-1945, -2068, -2616 • Servers • server-1945, -2068, -2616, -2616-may • Proxies • proxy-1945 • proxy-2068-e2e, -2068-hbh, -2068-hybrid • proxy-2616, -2616-fixed • Code available via web: http://cs-people.bu.edu/artdodge/research/httpverify/ 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

    9. Client-Server Results • Write Deadlock: C1.1 - S1.1 • Resembles a DoS attack • Benevolent Peers! • Rare in practice • Large S/R buffers • Otherwise, all cases verify 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

    10. Client-Proxies-Server Results • Experiment with proxy-2068-hybrid • Use -e2e, -hbh to explore reasons for failures • All Deadlock-Prone Cases: • RFC1945 Server or Proxy upstream of a 1.1 Proxy • Included an RFC2068 Proxy downstream somewhere • 2068-e2e behavior induces problems • 2068-hybrid aggravates it (deception) • Interaction of RFC2068 and RFC2616 rules can fail • Experiments 2.8, 4.3, 4.6, 4.12, 4.13 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

    11. Example proxy-2616-fixed handles this correctly 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

    12. Example Problem: Imperfect knowledge beyond first hop 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

    13. Generalizing: Reductions • Tested all CS, CPS, CPPS • Longer chain = greater computational cost • Each CS: seconds • Each CPS: minutes • Each CPPS: hours • Each CPPPS: days • How do we argue about C(P*)S? • Reduction Rules • Failure Patterns 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

    14. Reduction Rules, Failure Patterns • e.g.: “A sequence of proxy-2616 agents behaves (causally) exactly as a single proxy-2616 would.” • Our 8 reductions can reduce any arbitrarily long C(P*)S to one of 53 finite-length models (see [3]) • Gives rise to two failure patterns: • p/c-2068  proxy-1.1  p/s-1945 • c-1.1  (p-1.1 )* p-2068  p/s-1945 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

    15. Conclusions and Future Work • Modeling informs standards writers • Do modeling/verification at design/draft time • Force semantic disambiguation • Formalize goal of “interoperability” as requiring verifiable reductions/reducibility • Automatically Identifying Reductions • Ideas from I/O automata [Lynch 89, etc] • Backend tools for Flow Calculus • Language-level safety of net protocols and programs 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

    16. Questions? • Supported in part by: • NSF awards ANI-9986397, ANI-0095988, CCR-9988529, ITR-0113193 • U.S. Dept of Education GAANN Fellowship 7th International Workshop on Web Content Caching and Distribution (WCW 2002)