University of Illinois at Chicago
Rossetti_Daniele.pdf (450.17 kB)
Download file

Specifying and Enforcing Workflows in Ruby on Rails

Download (450.17 kB)
posted on 2013-10-24, 00:00 authored by Daniele Rossetti
Nowadays, Web applications are afflicted by numerous vulnerabilities and there ex- ist many attacks that exploit them to execute malicious tasks. In this thesis we focus on vulnerabilities related to workflows, which are sequences of steps that the user must per- form in order to complete some transaction. When the Web application fails to correctly enforce the workflows, undesired violations may be allowed. Currently, there is no system- atic methodology for enforcing workflows and the implementation is left to the developer, which may result in a weak application, vulnerable to attacks. In order to address this issue, we present the framework Workflower, which allows the developer to easily specify workflows and automatically enforce them. The framework allows the specification to be declarative and separated from the application logic, so that it is easier to understand and maintain. The specification is securely and automatically enforced in the application, so that any violation is prevented without requiring the developer to manually implement any defense. Additionally, it supports several features such as concurrent workflows, multiple instances workflows, automatic redirection and request resuming.



Zuck, Lenore D.


Computer Science

Degree Grantor

University of Illinois at Chicago

Degree Level

  • Masters

Committee Member

Natarajan, Venkatakrishnan Venkatesan Lanzi, Pier Luca

Submitted date



  • en

Issue date


Usage metrics


    No categories selected