Rubicon: Bounded Verification of Web Applications

Jackson, Daniel; Near, Joseph Paul

Author(s)

Jackson, Daniel; Near, Joseph Paul

DownloadJackson_Rubicon bounded.pdf (285.6Kb)

OPEN_ACCESS_POLICY

Terms of use

Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/

Metadata

Show full item record

Abstract

Rubicon is a verifier for web applications. Specifications are written in an embedded domain-specific language and are checked fully automatically. Rubicon is designed to fit with current practices: its language is based on RSpec, a popular testing framework, and its analysis leverages the standard Ruby interpreter to perform symbolic execution (generating verification conditions that are checked by the Alloy Analyzer). Rubicon has been evaluated on five open-source applications; in one, a widely used customer relationship management system, a previously unknown security flaw was revealed.

Date issued

2012-11

URI

http://hdl.handle.net/1721.1/86919

Department

Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory; Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Journal

Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering (FSE '12)

Publisher

Association for Computing Machinery (ACM)

Citation

Joseph P. Near and Daniel Jackson. 2012. Rubicon: bounded verification of web applications. In Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering (FSE '12). ACM, New York, NY, USA, Article 60, 11 pages.

Version: Author's final manuscript

ISBN

9781450316149

Collections

MIT Open Access Articles

MIT Libraries homeDSpace@MIT