Correct Software in Web Applications and Web Services

The papers in this volume aim at obtaining a common understanding of the challenging research questions in web applications comprising web information systems, web services, and web interoperability; obtaining a common understanding of verification needs in web applications; achieving a common understanding of the available rigorous approaches to system development, and the cases in which they have succeeded; identifying how rigorous software engineering methods can be exploited to develop suitable web applications; and at developing a European-scale research agenda combining theory, methods and tools that would lead to suitable web applications with the potential to implement systems for computation in the public domain.

[1]  Nour Ali,et al.  Modeling Support for Mobile Ambients in Service Oriented Architecture , 2012, 2012 IEEE First International Conference on Mobile Services.

[2]  Shonali Krishnaswamy,et al.  Service Domains for Ambient Services: Concept and Experimentation , 2005, Mob. Networks Appl..

[3]  David A. Wagner,et al.  Intrusion detection via static analysis , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[4]  Esteban Zimányi,et al.  XEvolve: an XML schema evolution framework , 2011, SAC.

[5]  Boris Vleju A Client-Centric ASM-Based Approach to Identity Management in Cloud Computing , 2012, ER Workshops.

[6]  Amjad Nusayr,et al.  Extending AOP to Support Broad Runtime Monitoring Needs , 2009, SEKE.

[7]  Brian Shackel,et al.  Usability - Context, framework, definition, design and evaluation , 1991, Interact. Comput..

[8]  Bernhard Thalheim,et al.  Modeling Information Services on the Basis of ASM Semantics , 2003, Abstract State Machines.

[9]  Matjaz B. Juric,et al.  Business process execution language for web services , 2004 .

[10]  Martin Gogolla,et al.  Aspect-Oriented Monitoring of UML and OCL Constraints , 2007 .

[11]  Ling Huang,et al.  ANTIDOTE: understanding and defending against poisoning of anomaly detectors , 2009, IMC '09.

[12]  Luca Cardelli,et al.  Mobility and Security , 2000 .

[13]  Clodoaldo Robledo,et al.  Google Web Toolkit , 2012 .

[14]  Mads Dam Model Checking Mobile Processes , 1993, CONCUR.

[15]  Sergey Bratus,et al.  Security Applications of Formal Language Theory , 2013, IEEE Systems Journal.

[16]  Rolf Oppliger,et al.  Security of Microsoft's Identity Metasystem and CardSpace , 2011 .

[17]  Christof Fetzer,et al.  A Novel Approach to QoS Monitoring in the Cloud , 2011, 2011 First International Conference on Data Compression, Communications and Processing.

[18]  Will Venters,et al.  A critical review of cloud computing: researching desires and realities , 2012, J. Inf. Technol..

[19]  Jaap-Henk Hoepman,et al.  The Identity Crisis. Security, Privacy and Usability Issues in Identity Management , 2011, ArXiv.

[20]  Bernhard Thalheim,et al.  Visual SQL ? High-Quality ER-Based Query Treatment , 2003, ER.

[21]  Pinki Harsh Dhiman Shahnawaz Hussain Nida A Survey on Identity and Access Management in Cloud Computing , 2014 .

[22]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[23]  Paolo Arcaini,et al.  AsmetaSMV: A Way to Link High-Level ASM Models to Low-Level NuSMV Specifications , 2010, ASM.

[24]  Bernhard Thalheim,et al.  A formal model for the interoperability of service clouds , 2012, Service Oriented Computing and Applications.

[25]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[26]  Beth A. Schroeder On-Line Monitoring: A Tutorial , 1995, Computer.

[27]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[28]  Károly Bósa,et al.  Formal Modeling of Mobile Computing Systems Based on Ambient Abstract State Machines , 2011, SDKB.

[29]  Maurice Bruynooghe,et al.  Learning (k,l)-contextual tree languages for information extraction from web pages , 2008, Machine Learning.

[30]  Marcelo de Almeida Maia,et al.  Abstractions for Mobile Computation in ASM , 2000, International Conference on Internet Computing.

[31]  Chris J. Mitchell,et al.  Addressing privacy issues in CardSpace , 2007 .

[32]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[33]  Bernhard Thalheim,et al.  Personalisation of web information systems - A term rewriting approach , 2007, Data Knowl. Eng..

[34]  田中 譲 Meme media and meme market architectures : knowledge media for editing, distributing, and managing intellectual resources , 2003 .

[35]  Murali Mani,et al.  Taxonomy of XML schema languages using formal language theory , 2005, TOIT.

[36]  Kevin Fall,et al.  TCP/IP Illustrated: The Protocols v. 1 , 2009 .

[37]  Mariam Rady,et al.  Parameters for Service Level Agreements Generation in Cloud Computing - A Client-Centric Vision , 2012, ER Workshops.

[38]  James D. Mooney Bringing Portability to the Software Process , 2000 .

[39]  Bernhard Plattner,et al.  Monitoring Program Execution: A Survey. , 1981 .

[40]  Matthew Hennessy,et al.  A theory of processes with localities , 1992 .

[41]  Jim Sermersheim,et al.  Lightweight Directory Access Protocol (LDAP): The Protocol , 2006, RFC.

[42]  Bernhard Thalheim Visual SQL: Towards ER-Based Object-Relational Database Querying , 2008, ER.

[43]  Miroslaw Malek,et al.  A survey of online failure prediction methods , 2010, CSUR.

[44]  Christopher Krügel,et al.  Anomalous system call detection , 2006, TSEC.

[45]  Ying Zhang,et al.  Cloud calculus: Security verification in elastic cloud computing platform , 2012, 2012 International Conference on Collaboration Technologies and Systems (CTS).

[46]  Stephanie Forrest,et al.  Automated response using system-call delays , 2000 .

[47]  Dexter Kozen,et al.  Kleene algebra with tests , 1997, TOPL.

[48]  Marina Thottan,et al.  Anomaly detection in IP networks , 2003, IEEE Trans. Signal Process..

[49]  Egon Börger,et al.  Construction and analysis of ground models and their refinements as a foundation for validating computer-based systems , 2007, Formal Aspects of Computing.

[50]  Kirsten Winter,et al.  Model Checking for Abstract State Machines , 2008, J. Univers. Comput. Sci..

[51]  Cong Wang,et al.  Toward publicly auditable secure cloud data storage services , 2010, IEEE Network.

[52]  Patrick De Causmaecker,et al.  Mashups by orchestration and widget-based personal environments: Key challenges, solution strategies, and an application , 2012, Program.

[53]  Robert F. Stärk,et al.  A Logic for Abstract State Machines , 2001, J. Univers. Comput. Sci..

[54]  Ramin Yahyapour,et al.  Service Level Agreements for Cloud Computing , 2011 .

[55]  William Hunt What Is Google Apps for Business , 2013 .

[56]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[57]  Angelo Gargantini,et al.  Model-Driven Testing for Web Applications Using Abstract State Machines , 2012, ICWE Workshops.

[58]  David A. Wagner,et al.  Mimicry attacks on host-based intrusion detection systems , 2002, CCS '02.

[59]  Kevin J. Compton,et al.  Verifying -calculus Processes by Promela Translation , 2003 .

[60]  Salvatore J. Stolfo,et al.  Spectrogram: A Mixture-of-Markov-Chains Model for Anomaly Detection in Web Traffic , 2009, NDSS.

[61]  Egon Börger,et al.  Abstract State Machines. A Method for High-Level System Design and Analysis , 2003 .

[62]  Jonathan M. Spring,et al.  Monitoring Cloud Computing by Layer, Part 2 , 2011, IEEE Security & Privacy.

[63]  Rachna Dhamija,et al.  The Seven Flaws of Identity Management: Usability and Security Challenges , 2008, IEEE Security & Privacy.

[64]  E. Sturrus,et al.  Identity and access management in a cloud computing environment , 2011 .

[65]  Jim Melton,et al.  XML schema , 2003, SGMD.

[66]  Luca Cardelli,et al.  Anytime, anywhere: modal logics for mobile ambients , 2000, POPL '00.

[67]  Nicholas Nethercote,et al.  Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[68]  R. Sekar,et al.  A fast automaton-based method for detecting anomalous program behaviors , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[69]  Gadadhar Sahoo,et al.  Identity Management in Cloud Computing -A Review , 2012 .

[70]  Panagiotis Louridas Orchestrating Web Services with BPEL , 2008, IEEE Software.

[71]  Cesare Pautasso,et al.  Restful web services vs. "big"' web services: making the right architectural decision , 2008, WWW.

[72]  Andreas Blass,et al.  Abstract state machines capture parallel algorithms , 2003, TOCL.

[73]  Egon Börger,et al.  The ASM Refinement Method , 2003, Formal Aspects of Computing.

[74]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[75]  Angelo Gargantini,et al.  Encoding Abstract State Machines in PVS , 2000, Abstract State Machines.

[76]  Klaus-Dieter Schewe,et al.  Challenges in Cloud Computing , 2011, Scalable Comput. Pract. Exp..

[77]  Alfonso Valdes,et al.  Adaptive, Model-Based Monitoring for Cyber Attack Detection , 2000, Recent Advances in Intrusion Detection.

[78]  Bernhard Thalheim Towards a Theory of Conceptual Modelling , 2009, ER Workshops.

[79]  Gail-Joon Ahn,et al.  Privacy-Enhanced User-Centric Identity Management , 2009, 2009 IEEE International Conference on Communications.

[80]  James R. Cordy,et al.  Modelling methods for web application verification and testing: state of the art , 2009, Softw. Test. Verification Reliab..

[81]  Witold Charatonik,et al.  Finite-Control Mobile Ambients , 2002, ESOP.

[82]  Stuart E. Schechter,et al.  The Emperor's New Security Indicators , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[83]  Bernhard Thalheim,et al.  Composing Personalised Services on top of Abstract State Services , 2008, The Evolution of Conceptual Modeling.

[84]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[85]  Salvatore J. Stolfo,et al.  On the infeasibility of modeling polymorphic shellcode , 2009, Machine Learning.

[86]  Fabio Casati,et al.  Automated SLA Monitoring for Web Services , 2002, DSOM.

[87]  Egon Börger,et al.  Java and the Java Virtual Machine: Definition, Verification, Validation , 2001 .

[88]  Nikolai Tillmann,et al.  Using AsmL for Runtime Verification , 2003, Abstract State Machines.

[89]  Jeff Offutt Web Software Applications Quality Attributes , 2002 .

[90]  Luca Cardelli,et al.  Mobile Ambients , 1998, FoSSaCS.

[91]  Egon Börger,et al.  The WAM - Definition and Compiler Correctness , 1995, Logic Programming: Formal Methods and Practical Applications.

[92]  Matt Bishop,et al.  Virtual Machine Introspection: Observation or Interference? , 2008, IEEE Security & Privacy.

[93]  Giuseppe Del Castillo,et al.  The ASM Workbench - A Tool Environment for Computer-Aided Analysis and Validation of Abstract State Machine Models Tool Demonstration , 2001, TACAS.

[94]  Roozbeh Farahbod,et al.  Refactoring Abstract State Machine Models , 2012, ABZ.

[95]  Uwe Glässer,et al.  Model Checking CoreASM Specifications , 2007 .

[96]  Cornelia Pusch,et al.  Verification of Compiler Correctness for the WAM , 1996, TPHOLs.

[97]  Muhammad Ali Babar,et al.  Modeling Service Oriented Architectures of Mobile Applications by Extending SoaML with Ambients , 2009, 2009 35th Euromicro Conference on Software Engineering and Advanced Applications.

[98]  Parastoo Mohagheghi,et al.  Towards a Domain-Specific Language to Deploy Applications in the Clouds , 2012, CLOUD 2012.

[99]  Donald F. Ferguson,et al.  Web Services Addressing (WS- Addressing) , 2004 .

[100]  Yuri Gurevich,et al.  Sequential abstract-state machines capture sequential algorithms , 2000, TOCL.

[101]  Shunzheng Yu,et al.  A Dynamic Anomaly Detection Model for Web User Behavior Based on HsMM , 2006, 2006 10th International Conference on Computer Supported Cooperative Work in Design.

[102]  Prashant Pandey,et al.  Cloud computing , 2010, ICWET.

[103]  Bernhard Thalheim,et al.  Abstract State Services , 2008, ER Workshops.

[104]  Bernhard Thalheim,et al.  Updates, Schema Updates and Validation of XML Documents - Using Abstract State Machines with Automata-Defined States , 2009 .

[105]  Matthew Katzer,et al.  Office 365 , 2014, Apress.

[106]  Klaus-Dieter Schewe,et al.  A Customised ASM Thesis for Database Transformations , 2010, Acta Cybern..

[107]  Konrad Rieck,et al.  Machine learning for application layer intrusion detection , 2011 .

[108]  Gerhard Schellhorn,et al.  Verifikation abstrakter Zustandsmaschinen , 1999 .

[109]  Shun-Zheng Yu,et al.  A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors , 2009, TNET.

[110]  Tim Mather,et al.  Cloud Security and Privacy - An Enterprise Perspective on Risks and Compliance , 2009, Theory in practice.

[111]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[112]  Bernhard Thalheim,et al.  Reasoning About Web Information Systems Using Story Algebras , 2004, ADBIS.

[113]  Eric van der Vlist,et al.  Relax NG , 2003 .

[114]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[115]  Bernhard Thalheim,et al.  A theory of data-intensive software services , 2009, Service Oriented Computing and Applications.

[116]  Andreas Blass,et al.  Abstract state machines capture parallel algorithms: Correction and extension , 2006, TOCL.

[117]  Antonio Cisternino,et al.  Ambient Abstract State Machines with applications , 2012, J. Comput. Syst. Sci..

[118]  Angelo Gargantini,et al.  A Metamodel-based Language and a Simulation Engine for Abstract State Machines , 2008, J. Univers. Comput. Sci..

[119]  Vincenzo Gervasi An ASM Model of Concurrency in a Web Browser , 2012, ABZ.

[120]  Brice Morin,et al.  Models@Runtime to Support the Iterative and Continuous Design of Autonomic Reasoners , 2013, Models@run.time.

[121]  Victor Vianu,et al.  Validating streaming XML documents , 2002, PODS.

[122]  Marc Spielmann,et al.  Abstract state machines: verification problems and complexity , 2000 .

[123]  Sergio M. Savaresi,et al.  Unsupervised learning techniques for an intrusion detection system , 2004, SAC '04.

[124]  Marc Spielmann Model Checking Abstract State Machines and Beyond , 2000, Abstract State Machines.

[125]  Soo Mee Foo,et al.  Simple API for XML (SAX) , 2002 .

[126]  Salvatore J. Stolfo,et al.  Anagram: A Content Anomaly Detector Resistant to Mimicry Attack , 2006, RAID.

[127]  Sabin-Corneliu Buraga Document Object Model (DOM) - o cale de acces , 2001 .

[128]  Károly Bósa An Ambient ASM Model for Client-to-Client Interaction via Cloud Computing , 2013, ICSOFT.

[129]  John Bigham,et al.  Anomaly detection in the case of message oriented middleware , 2008, MidSec '08.

[130]  Amjad Nusayr,et al.  Using AOP for detailed runtime monitoring instrumentation , 2009, WODA '09.

[131]  Schahram Dustdar,et al.  Bootstrapping Performance and Dependability Attributes ofWeb Services , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[132]  Philipp Winter,et al.  On Detecting Abrupt Changes in Network Entropy Time Series , 2011, Communications and Multimedia Security.

[133]  Bernhard Thalheim,et al.  Conceptual modelling of web information systems , 2005, Data Knowl. Eng..

[134]  Jonathan M. Spring,et al.  Monitoring Cloud Computing by Layer, Part 1 , 2011, IEEE Security & Privacy.

[135]  Bernhard Thalheim,et al.  Term Rewriting for Web Information Systems - Termination and Church-Rosser Property , 2007, WISE.

[136]  Luca Cardelli,et al.  A spatial logic for concurrency (part I) , 2003, Inf. Comput..

[137]  Junliang Chen,et al.  Universal Identity Management Model Based on Anonymous Credentials , 2010, 2010 IEEE International Conference on Services Computing.

[138]  Jon Finke Identity Management , 2006, LISA.

[139]  Egon Börger,et al.  An Abstract Model for Process Mediation , 2005, ICFEM.

[140]  Mariam Rady Generating an Excerpt of a Service Level Agreement from a Formal Definition of Non-Functional Aspects Using OWL , 2014, J. Univers. Comput. Sci..

[141]  Anandha Kumar,et al.  Client Device Based Content Adaptation Using Rule Base , 2011 .

[142]  Christopher Krügel,et al.  Effective Anomaly Detection with Scarce Training Data , 2010, NDSS.

[143]  Boris Vleju Automatic Authentication to Cloud-Based Services , 2014, J. Univers. Comput. Sci..

[144]  Wenke Lee,et al.  McPAD: A multiple classifier system for accurate payload-based anomaly detection , 2009, Comput. Networks.

[145]  Nour Ali,et al.  Ambient-PRISMA: Ambients in mobile aspect-oriented software architecture , 2010, J. Syst. Softw..

[146]  Luca Cardelli,et al.  Equational properties of mobile ambients , 1999, Mathematical Structures in Computer Science.

[147]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[148]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[149]  Roxana-Maria Chelemen Modeling a Web Application for Cloud Content Adaptation with ASMs , 2013, 2013 International Conference on Cloud Computing and Big Data.

[150]  Philip S. Yu,et al.  A Context-Driven Content Adaptation Planner for Improving Mobile Internet Accessibility , 2008, 2008 IEEE International Conference on Web Services.

[151]  Jukka Manner,et al.  Dismantling intrusion prevention systems , 2012, SIGCOMM.

[152]  Christopher Krügel,et al.  Using Generalization and Characterization Techniques in the Anomaly-based Detection of Web Attacks , 2006, NDSS.

[153]  Yuri Gurevich,et al.  Evolving algebras 1993: Lipari guide , 1995, Specification and validation methods.