Unlike other programming frameworks, Ruby On Rails defines even its most basic operations in libraries, so that every addition and every assignment of a particular value to a variable imports code from a library. This led the researchers to rewrite the libraries so that the operations defined in them would be able to describe their own behaviour in a logical language.
This turned the Rails interpreter, which converts high-level Rails programs into machine-readable code, into a static analysis tool that is able to describe how data flows through the program to produce a line-by-line description.
Next, the researchers developed the Space debugging tool to evaluate a web app's data-access procedures, and identified seven ways in which web applications typically control access to data, whether public, internal or accessible only to premium users. They then built a simple logical model for each of the seven methods that describes what operations a user can perform on what data, under what circumstances.
If the web application in question does not adhere to the logic model, then it means that there is a security flaw in the program, and when given 50 popular web apps to analyse, Space was able to detect 23 new security flaws that had never been diagnosed before. Better still, it took no more than 64 seconds to analyse each program.
The researchers, Daniel Jackson, professor in the Department of Electrical Engineering and Computer Science at MIT and Joseph Near, who graduated from MIT last spring and is now doing a post-doctorate at the University of California at Berkeley, will be presenting their results at the International Conference on Software Engineering (ICSE) in Austin, Texas from 14-22 May 2016.