Download presentation
Presentation is loading. Please wait.
Published byAlessandra Beales Modified over 9 years ago
1
Computer Science Computer Science Department Boston University 14 August, 2002 7th International Workshop on Web Content Caching and Distribution (WCW 2002) Safe Composition of Web Communication Protocols Adam D. Bradley Azer Bestavros Assaf J. Kfoury artdodge,best,kfoury@cs.bu.edu
2
Computer Science 14 August, 2002 7th International Workshop on Web Content Caching and Distribution (WCW 2002)2 Introduction Preliminaries HTTP Versions The Expect/Continue Feature: Is it “Safe”? Model-based Analysis Building Models from RFCs Verification Results General Claims Conclusions and Future Directions
3
Computer Science 14 August, 2002 7th International Workshop on Web Content Caching and Distribution (WCW 2002)3 HTTP Versioning Problem HTTP - informal docs, internet-drafts HTTP/1.0 RFC1945 HTTP/1.1 RFC2068 (1/97), superceded by RFC2616 (6/99) “HTTP/1.1” does not uniquely identify semantics
4
Computer Science 14 August, 2002 7th International Workshop on Web Content Caching and Distribution (WCW 2002)4 Expect/Continue Clients can send entities in requests POSTing a form, Image, PDF paper, Web Service invocation (SOAP etc.) Don’t send entity if doing so accomplishes nothing Authentication failure, server overload, failed predicate “ 100 Continue ” Interim Response Server signals interest in request entity Introduced in RFC2068 “ Expect: 100-continue ” Request Header Client signals it will wait for a 100 Continue message Introduced in RFC2616
5
Computer Science 14 August, 2002 7th International Workshop on Web Content Caching and Distribution (WCW 2002)5 Expect/Continue: Problems! This changes the event model for HTTP! What’s a proxy to do? (Pre-RFC2616) Is “ 100 Continue ” hop-by-hop? Defeats most obvious use: Bandwidth-starved client Is “ 100 Continue ” end-to-end? Deadlock-prone [Mogul97] Is it either/both? (Choose either at whim?) Confuses (deceives) downstream agents?
6
Computer Science 14 August, 2002 7th International Workshop on Web Content Caching and Distribution (WCW 2002)6 The “Fix” RFC2616 added Expect: 100-continue Defined Expect/Continue as Hop-by-Hop Rules for graceful interoperability with RFC2068 Problem solved… or IS it?
7
Computer Science 14 August, 2002 7th International Workshop on Web Content Caching and Distribution (WCW 2002)7 Formal Modeling SPIN Finite-State Model Checker Strength: Find deadlocks, livelocks, LTL violations Gerard Holzmann - Bell Labs Freely Downloadable Promela C-like code for non-deterministic state machines Useful constructs for communication modeling The Challenge: Translate prosaic RFCs into Reactive State Machines
8
Computer Science 14 August, 2002 7th International Workshop on Web Content Caching and Distribution (WCW 2002)8 Promela/SPIN Models Clients client-1945, -2068, -2616 Servers server-1945, -2068, -2616, -2616-may Proxies proxy-1945 proxy-2068-e2e, -2068-hbh, -2068-hybrid proxy-2616, -2616-fixed Code available via web: http://cs-people.bu.edu/artdodge/research/httpverify/
9
Computer Science 14 August, 2002 7th International Workshop on Web Content Caching and Distribution (WCW 2002)9 Client-Server Results Write Deadlock: C1.1 - S1.1 Resembles a DoS attack Benevolent Peers! Rare in practice Large S/R buffers Otherwise, all cases verify
10
Computer Science 14 August, 2002 7th International Workshop on Web Content Caching and Distribution (WCW 2002)10 Client-Proxies-Server Results Experiment with proxy-2068-hybrid Use -e2e, -hbh to explore reasons for failures All Deadlock-Prone Cases: RFC1945 Server or Proxy upstream of a 1.1 Proxy Included an RFC2068 Proxy downstream somewhere 2068-e2e behavior induces problems 2068-hybrid aggravates it (deception) Interaction of RFC2068 and RFC2616 rules can fail Experiments 2.8, 4.3, 4.6, 4.12, 4.13
11
Computer Science 14 August, 2002 7th International Workshop on Web Content Caching and Distribution (WCW 2002)11 Example proxy-2616-fixed handles this correctly
12
Computer Science 14 August, 2002 7th International Workshop on Web Content Caching and Distribution (WCW 2002)12 Example Problem: Imperfect knowledge beyond first hop
13
Computer Science 14 August, 2002 7th International Workshop on Web Content Caching and Distribution (WCW 2002)13 Generalizing: Reductions Tested all CS, CPS, CPPS Longer chain = greater computational cost Each CS: seconds Each CPS: minutes Each CPPS: hours Each CPPPS: days How do we argue about C(P*)S? Reduction Rules Failure Patterns
14
Computer Science 14 August, 2002 7th International Workshop on Web Content Caching and Distribution (WCW 2002)14 Reduction Rules, Failure Patterns e.g.: “A sequence of proxy-2616 agents behaves (causally) exactly as a single proxy-2616 would.” Our 8 reductions can reduce any arbitrarily long C(P*)S to one of 53 finite-length models (see [3]) Gives rise to two failure patterns: p/c-2068 proxy-1.1 p/s-1945 c-1.1 (p-1.1 )* p-2068 p/s-1945
15
Computer Science 14 August, 2002 7th International Workshop on Web Content Caching and Distribution (WCW 2002)15 Conclusions and Future Work Modeling informs standards writers Do modeling/verification at design/draft time Force semantic disambiguation Formalize goal of “interoperability” as requiring verifiable reductions/reducibility Automatically Identifying Reductions Ideas from I/O automata [Lynch 89, etc] Backend tools for Flow Calculus Language-level safety of net protocols and programs
16
Computer Science 14 August, 2002 7th International Workshop on Web Content Caching and Distribution (WCW 2002)16 Supported in part by: NSF awards ANI-9986397, ANI-0095988, CCR-9988529, ITR-0113193 U.S. Dept of Education GAANN Fellowship Questions?
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.