Rossetti_Daniele.pdf (450.17 kB)
Download file

Specifying and Enforcing Workflows in Ruby on Rails

Download (450.17 kB)
thesis
posted on 24.10.2013, 00:00 by Daniele Rossetti
Nowadays, Web applications are afflicted by numerous vulnerabilities and there ex- ist many attacks that exploit them to execute malicious tasks. In this thesis we focus on vulnerabilities related to workflows, which are sequences of steps that the user must per- form in order to complete some transaction. When the Web application fails to correctly enforce the workflows, undesired violations may be allowed. Currently, there is no system- atic methodology for enforcing workflows and the implementation is left to the developer, which may result in a weak application, vulnerable to attacks. In order to address this issue, we present the framework Workflower, which allows the developer to easily specify workflows and automatically enforce them. The framework allows the specification to be declarative and separated from the application logic, so that it is easier to understand and maintain. The specification is securely and automatically enforced in the application, so that any violation is prevented without requiring the developer to manually implement any defense. Additionally, it supports several features such as concurrent workflows, multiple instances workflows, automatic redirection and request resuming.

History

Advisor

Zuck, Lenore D.

Department

Computer Science

Degree Grantor

University of Illinois at Chicago

Degree Level

Masters

Committee Member

Natarajan, Venkatakrishnan Venkatesan Lanzi, Pier Luca

Submitted date

2013-08

Language

en

Issue date

24/10/2013

Usage metrics

Categories

Exports