The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.01 - Jan.-March (2014 vol.7)
pp: 68-81
Nuno Laranjeiro , University of Coimbra, Coimbra
Marco Vieira , University of Coimbra, Coimbra
Henrique Madeira , University of Coimbra, Coimbra
ABSTRACT
Developing robust web services is a difficult task. Field studies show that a large number of web services are deployed with robustness problems (i.e., presenting unexpected behaviors in the presence of invalid inputs). Although several techniques for the identification of robustness problems have been proposed in the past, there is no practical approach to automatically fix those problems. This paper proposes a mechanism that automatically fixes robustness problems in web services. The approach consists of using robustness testing to detect robustness issues and then mitigate those issues by applying inputs verification based on well-defined parameter domains, including domain dependencies between different parameters. This integrated and fully automated methodology has been used to improve three different implementations of the TPC-App web services and several services publicly available on the Internet. Results show that the proposed approach can be easily used to improve the robustness of web services code.
INDEX TERMS
Robustness, Web services, Testing, XML, Computer bugs, Security,testing and debugging, Code tuning, interoperability, reliability
CITATION
Nuno Laranjeiro, Marco Vieira, Henrique Madeira, "A Technique for Deploying Robust Web Services", IEEE Transactions on Services Computing, vol.7, no. 1, pp. 68-81, Jan.-March 2014, doi:10.1109/TSC.2012.39
REFERENCES
[1] Apache Commons, "Apache Commons Math," http://commons. apache.orgmath/, 2010.
[2] A. Avizienis, "The Methodology of N-Version Programming," Software Fault Tolerance, pp. 23-46, 1995.
[3] M.D. Barros, J. Shiau, C. Shang, K. Gidewall, H. Shi, and J. Forsmann, "Web Services Wind Tunnel: On Performance Testing Large-Scale Stateful Web Services," Proc. IEEE/IFIP Int'l Conf. Dependable Systems and Networks (DSN '08), pp. 612-617, June 2008.
[4] V. Bergmann, "Databene Benerator," http://databene.orgdatabene-benerator, 2010.
[5] E. Bernard, "JSR 303: Bean Validation," http://jcp.org/en/jsrdetail?id=303, 2010.
[6] T. Bray, J. Paoli, C.M. Sperberg-McQueen, E. Maler, and F. Yergeau, "Extensible Markup Language (XML) 1.0," http://www.w3.orgXML/, 2000.
[7] S. Christey and R. Martin, "Vulnerability Type Distributions in CVE," Mitre Report, http://cwe.mitre.org/documents vuln-trends.html , 2007.
[8] Atlassian, "Clover—Code Coverage Analysis," http://www. atlassian.com/softwareclover /, 2010.
[9] F. Curbera, M. Duftler, R. Khalaf, W. Nagy, N. Mukhi, and S. Weerawarana, "Unraveling the Web Services Web: An Introduction to SOAP, WSDL, and UDDI," IEEE Internet Computing, vol. 6, no. 2, pp. 86-93, Mar./Apr. 2002.
[10] M. Doliner, "Cobertura," http:/cobertura.sourceforge.net/, 2010.
[11] C. Fetzer and Z. Xiao, "HEALERS: A Toolkit for Enhancing the Robustness and Security of Existing Applications," Proc. IEEE/IFIP Int'l Conf. Dependable Systems and Networks, pp. 317-322, June 2003.
[12] E. Gamma et al., Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, 1994.
[13] Ghosh, M. Schmid, and F. Hill, "Wrapping Windows NT Software for Robustness," Proc. 25th Ann. Int'l Symp. Fault-Tolerant Computing, pp. 344-347, 1999.
[14] M. Hsueh, T.K. Tsai, and R.K. Iyer, "Fault Injection Techniques and Tools," Computer, vol. 30, no. 4, pp. 75-82, Apr. 1997.
[15] Sun Microsystems Inc., "JAX-WS Reference Implementation," https:/jax-ws.dev.java.net/, 2010.
[16] Red Hat Middleware, "JBoss Application Server," http://www.jboss.orgjbossas/, 2010.
[17] M. Kalyanakrishnam, Z. Kalbarczyk, and R. Iyer, "Failure Data Analysis of a LAN of Windows NT Based Computers," Proc. Symp. Reliable Distributed Database Systems, pp. 178-187, 1999.
[18] G. Kiczales et al., "Aspect-Oriented Programming," Proc. 11th European Conf. Object-Oriented Programming, 1997.
[19] P. Koopman and J. DeVale, "Comparing the Robustness of POSIX Operating Systems," Proc. 29th Ann. Int'l Symp. Fault-Tolerant Computing, 1999.
[20] N. Laranjeiro, S. Canelas, and M. Vieira, "wsrbench: An On-Line Tool for Robustness Benchmarking," Proc. IEEE Int'l Conf. Services Computing, 2008.
[21] N. Laranjeiro, M. Vieira, and H. Madeira, "Improving Web Services Robustness," Proc. IEEE Int'l Conf. Web Services, 2009.
[22] N. Laranjeiro and M. Vieira, "Robustness Improvement Tool for Web Services," http://eden.dei.uc.pt/∼cnl/papers 2012-tsc- robustness-edel.zip, 2010.
[23] I. Lee and R.K. Iyer, "Software Dependability in the Tandem GUARDIAN System," IEEE Trans. Software Eng., vol. 21, no. 5, pp. 455-467, May 1995.
[24] Handbook of Software Reliability Engineering, M.R. Lyu, ed., McGraw-Hill, 1996.
[25] A. Mukherjee and D. Siewiorek, "Measuring Software Dependability by Robustness Benchmarking," Trans. Software Eng., vol. 23, no. 6, pp. 366-378, 1997.
[26] B. Pandit, V. Popescu, and V. Smith, "Service Modeling Language, Version 1.1," W3C Recommendation, http://www.w3.org/TRsml/, 2009.
[27] Planet Source Code, "Homepage," http:/www.planet-source-code.com/, 2010.
[28] P. Popov, L. Strigini, S. Riddle, and A. Romanovsky, "Protective Wrapping of OTS Components," Proc. Fourth ICSE Workshop Component-Based Software Eng.: Component Certification and System Prediction, 2001.
[29] M. Rodríguez, F. Salles, J.C. Fabre, and J. Arlat, "MAFALDA: Microkernel Assessment by Fault Injection and Design Aid," Proc. Third European Dependable Computing Conf. Dependable Computing, pp. 143-160, 1999.
[30] V. Santiago, A.S.M.D. Amaral, N.L. Vijaykumar, M.D.F. Mattiello-Francisco, E. Martins, and O.C. Lopes, "A Practical Approach for Automated Test Case Generation Using Statecharts," Proc. 30th Ann. Int'l Computer Software and Applications Conf., pp. 183-188, 2006.
[31] R. Siblini and N. Mansour, "Testing Web Services," Proc. ACS/IEEE Third Int'l Conf. Computer Systems and Applications, p. 135, 2005.
[32] SmartBear, "SoapUI," http:/www.soapui.org/, 2010.
[33] M. Susskraut and C. Fetzer, "Robustness and Security Hardening of COTS Software Libraries," Proc. IEEE/IFIP 37th Ann. Int'l Conf. Dependable Systems and Networks, pp. 61-71, 2007.
[34] Oracle, "JAXB Reference Implementation," http:/jaxb.java.net/, 2011.
[35] J. Walnes, "XStream," http:/xstream.codehaus.org/, 2011.
[36] The Eclipse Foundation, "The AspectJ Project," http://www. eclipse.orgaspectj/, 2008.
[37] Transaction Processing Performance Council, "TPC-App Benchmark," http://www.tpc.orgtpc_app/, 2005.
[38] Transaction Processing Performance Council, "Homepage," http:/www.tpc.org, 2010.
[39] M. Vieira, N. Laranjeiro, and H. Madeira, "Assessing Robustness of Web-Services Infrastructures," Proc. IEEE/IFIP 37th Ann. Int'l Conf. Dependable Systems and Networks, pp. 131-136, 2007.
[40] E. van der Vlist, Schematron, p. 51, O'Reilly, 2007.
[41] W3C, "W3C XML Schema," http://www.w3.org/XMLSchema, 2010.
[42] E. Weyuker, "Testing Component-Based Software: A Cautionary Tale," IEEE Software, vol. 15, no. 5, pp. 54-59, Sept./Oct. 1998.
[43] W. Xu, J. Offutt, and J. Luo, "Testing Web Services by XML Perturbation," Proc. IEEE 16th Int'l Symp. Software Reliability Eng., p. 10, 2005.
[44] W3C, "XQuery 1.0 and XPath 2.0 Functions and Operators," http://www.w3.org/TRxquery-operators/, 2010.
[45] R. Wieringa, "A Survey of Structured and Object-Oriented Software Specification Methods and Techniques," ACM Computing Survey, vol. 30, no. 4, pp. 459-527, Dec. 1998.
[46] K.M. Senthil Kumar, A.S. Das, and S. Padmanabhuni, "WS-I Basic Profile: A Practitioner's View," Proc. IEEE Int'l Conf. Web Services, pp. 17-24, 2004.
[47] T.W. Williams, M.R. Mercer, J.P. Mucha, and R. Kapur, "Code Coverage, What Does It Mean in Terms of Quality?" Proc. Ann. Reliability and Maintainability Symp., pp. 420-424, 2001.
[48] N. Laranjeiro, R. Oliveira, and M. Vieira, "Applying Text Classification Algorithms in Web Services Robustness Testing," Proc. IEEE 29th Int'l Symp. Reliable Distributed Systems, 2010.
62 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool