1 / 16

Safe Composition of Web Communication Protocols

Safe Composition of Web Communication Protocols. Adam D. Bradley Azer Bestavros Assaf J. Kfoury artdodge,best,kfoury@cs.bu.edu. Introduction. Preliminaries HTTP Versions The Expect/Continue Feature: Is it “Safe”? Model-based Analysis Building Models from RFCs Verification Results

max
Download Presentation

Safe Composition of Web Communication Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Safe Composition of Web Communication Protocols Adam D. Bradley Azer Bestavros Assaf J. Kfoury artdodge,best,kfoury@cs.bu.edu 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

  2. Introduction • Preliminaries • HTTP Versions • The Expect/Continue Feature: Is it “Safe”? • Model-based Analysis • Building Models from RFCs • Verification Results • General Claims • Conclusions and Future Directions 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

  3. HTTP Versioning Problem • HTTP - informal docs, internet-drafts • HTTP/1.0 • RFC1945 • HTTP/1.1 • RFC2068 (1/97), superceded by RFC2616 (6/99) • “HTTP/1.1” does not uniquely identify semantics 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

  4. Expect/Continue • Clients can send entities in requests • POSTing a form, Image, PDF paper, Web Service invocation (SOAP etc.) • Don’t send entity if doing so accomplishes nothing • Authentication failure, server overload, failed predicate • “100 Continue” Interim Response • Server signals interest in request entity • Introduced in RFC2068 • “Expect: 100-continue” Request Header • Client signals it will wait for a 100 Continue message • Introduced in RFC2616 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

  5. Expect/Continue: Problems! • This changes the event model for HTTP! • What’s a proxy to do? (Pre-RFC2616) • Is “100 Continue” hop-by-hop? • Defeats most obvious use: Bandwidth-starved client • Is “100 Continue” end-to-end? • Deadlock-prone [Mogul97] • Is it either/both? (Choose either at whim?) • Confuses (deceives) downstream agents? 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

  6. The “Fix” • RFC2616 added Expect: 100-continue • Defined Expect/Continue as Hop-by-Hop • Rules for graceful interoperability with RFC2068 Problem solved… or IS it? 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

  7. Formal Modeling • SPIN • Finite-State Model Checker • Strength: Find deadlocks, livelocks, LTL violations • Gerard Holzmann - Bell Labs • Freely Downloadable • Promela • C-like code for non-deterministic state machines • Useful constructs for communication modeling • The Challenge: • Translate prosaic RFCs into Reactive State Machines 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

  8. Promela/SPIN Models • Clients • client-1945, -2068, -2616 • Servers • server-1945, -2068, -2616, -2616-may • Proxies • proxy-1945 • proxy-2068-e2e, -2068-hbh, -2068-hybrid • proxy-2616, -2616-fixed • Code available via web: http://cs-people.bu.edu/artdodge/research/httpverify/ 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

  9. Client-Server Results • Write Deadlock: C1.1 - S1.1 • Resembles a DoS attack • Benevolent Peers! • Rare in practice • Large S/R buffers • Otherwise, all cases verify 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

  10. Client-Proxies-Server Results • Experiment with proxy-2068-hybrid • Use -e2e, -hbh to explore reasons for failures • All Deadlock-Prone Cases: • RFC1945 Server or Proxy upstream of a 1.1 Proxy • Included an RFC2068 Proxy downstream somewhere • 2068-e2e behavior induces problems • 2068-hybrid aggravates it (deception) • Interaction of RFC2068 and RFC2616 rules can fail • Experiments 2.8, 4.3, 4.6, 4.12, 4.13 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

  11. Example proxy-2616-fixed handles this correctly 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

  12. Example Problem: Imperfect knowledge beyond first hop 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

  13. Generalizing: Reductions • Tested all CS, CPS, CPPS • Longer chain = greater computational cost • Each CS: seconds • Each CPS: minutes • Each CPPS: hours • Each CPPPS: days • How do we argue about C(P*)S? • Reduction Rules • Failure Patterns 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

  14. Reduction Rules, Failure Patterns • e.g.: “A sequence of proxy-2616 agents behaves (causally) exactly as a single proxy-2616 would.” • Our 8 reductions can reduce any arbitrarily long C(P*)S to one of 53 finite-length models (see [3]) • Gives rise to two failure patterns: • p/c-2068  proxy-1.1  p/s-1945 • c-1.1  (p-1.1 )* p-2068  p/s-1945 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

  15. Conclusions and Future Work • Modeling informs standards writers • Do modeling/verification at design/draft time • Force semantic disambiguation • Formalize goal of “interoperability” as requiring verifiable reductions/reducibility • Automatically Identifying Reductions • Ideas from I/O automata [Lynch 89, etc] • Backend tools for Flow Calculus • Language-level safety of net protocols and programs 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

  16. Questions? • Supported in part by: • NSF awards ANI-9986397, ANI-0095988, CCR-9988529, ITR-0113193 • U.S. Dept of Education GAANN Fellowship 7th International Workshop on Web Content Caching and Distribution (WCW 2002)

More Related