{"id":171460,"date":"2015-05-06T15:39:12","date_gmt":"2015-05-06T15:39:12","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/project\/certification-of-symbolic-transaction\/"},"modified":"2019-08-19T10:32:13","modified_gmt":"2019-08-19T17:32:13","slug":"certification-of-symbolic-transaction","status":"publish","type":"msr-project","link":"https:\/\/www.microsoft.com\/en-us\/research\/project\/certification-of-symbolic-transaction\/","title":{"rendered":"Certification of Symbolic Transaction"},"content":{"rendered":"<div class=\"asset-content\">Logic flaws are prevalent in multiparty cloud services, which cause serious consequences, e.g., an attacker can make purchases without paying, or gets into other people\u2019s accounts without password. For decades, researchers have been advocating formal verification as a solution, but in the real world developers face many major hurdles to do it. We introduce a technology that significantly lowers these hurdles, and show its effectiveness in real-world deployments.<\/div>\n<p><!-- .asset-content --><\/p>\n<div id=\"en-usprojectscstdefault\" class=\"page-content\">\n<h1>Online services enhanced by CST<\/h1>\n<p>(Note: SymT-caching is an important mechanism in CST. For the demo purpose only, you can <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" href=\"http:\/\/protoagnostic.cloudapp.net\/Home\/CacheConfig\" target=\"_blank\" rel=\"noopener noreferrer\">check and change the setting for caching.<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> Disabling it forces the system to go through the entire verification procedure for every transaction.)<\/p>\n<p><b>Source Code<br \/>\n<\/b><a href=\"#en-usprojectscstsource-code\" target=\"_new\" rel=\"noopener noreferrer\">Click here for source code of these implemented systems and some vPrograms of successful transactions<\/a>.<br \/>\n(Note: CST was named DSV previously. All the source files still refer to it as DSV.)<\/p>\n<p><b>Online shopping &#8212; Amazon Simple Pay and PayPal Standard<\/b><br \/>\n* <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" href=\"https:\/\/www.youtube.com\/watch?feature=player_detailpage&v=dryxWuJoW_Y\" target=\"_blank\" rel=\"noopener noreferrer\">Video demo 1 (using PayPal)<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" href=\"https:\/\/www.youtube.com\/watch?feature=player_detailpage&v=zgmzXaKo1qw\" target=\"_blank\" rel=\"noopener noreferrer\">Video demo 2 (using Amazon)<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><br \/>\n* <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" href=\"http:\/\/protoagnostic.cloudapp.net:8000\/default.aspx\" target=\"_blank\" rel=\"noopener noreferrer\">Click here to try or test it<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>. If you don&#8217;t want to create your own accounts, we have existing ones.<br \/>\n+ username\/password for the shopping site: johndoe.test.789@gmail.com\/QWer7890<br \/>\n+ username\/password for Amazon Payments: johndoe.test.789@gmail.com\/QWer7890<br \/>\n+ username\/password for PayPal: johndoe.test.789@gmail.com\/QWer7890<\/p>\n<p><b>Third-party authentication &#8212; <\/b><b>OpenID 2.0<\/b><br \/>\n* <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" href=\"https:\/\/www.youtube.com\/watch?feature=player_detailpage&v=6Or5jOSDFGU\" target=\"_blank\" rel=\"noopener noreferrer\">Video demo<br \/>\n<\/a>* <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" href=\"http:\/\/protoagnostic.cloudapp.net:8101\/\" target=\"_blank\" rel=\"noopener noreferrer\">Click here to try or test it<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>.<br \/>\n+ In the OpenID box, enter our IdP&#8217;s URL &#8220;http:\/\/protoagnostic.cloudapp.net:8100\/&#8221; and click Login. (After idling for hours, the IdP might need to be woken up, so this step might need to be done twice.)<br \/>\n+ If you haven&#8217;t logged into the OpenID Provider, you will be asked for username and password. Try username &#8220;bob&#8221; and password &#8220;test&#8221;.<\/p>\n<p><b>Live Connect SDK for authentication<br \/>\n<\/b>* <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" href=\"http:\/\/protoagnostic.cloudapp.net:8400\/default.html\" target=\"_blank\" rel=\"noopener noreferrer\">Click here to try or test it<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>.<br \/>\n+ Any Microsoft Live account works. You can try johndoe.test.789@hotmail.com with password QWer7890.<\/p>\n<p><b>Third-party authentication &#8212; <\/b><b>Facebook OAuth<\/b><br \/>\n* <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" href=\"https:\/\/www.youtube.com\/watch?feature=player_detailpage&v=gni_JW34gR4\" target=\"_blank\" rel=\"noopener noreferrer\">Video demo<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><br \/>\n* <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" href=\"http:\/\/protoagnostic.cloudapp.net:8201\/\" target=\"_blank\" rel=\"noopener noreferrer\">Click here to try or test it<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>.<br \/>\n+ Any Facebook account works.\u00a0You can\u00a0sign in Facebook as johndoe.test.789@gmail.com with password QWer7890.<\/p>\n<p><b>A gambling system with four independent services<br \/>\n<\/b>* <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" href=\"https:\/\/www.youtube.com\/watch?feature=player_detailpage&v=LF9rriUhPJ4\" target=\"_blank\" rel=\"noopener noreferrer\">Video demo<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><br \/>\n* <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" href=\"http:\/\/protoagnostic.cloudapp.net:8300\/\" target=\"_blank\" rel=\"noopener noreferrer\">Click here to try or test it<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>.<br \/>\n+ username\/password for Amazon Payments: johndoe.test.789@gmail.com\/QWer7890<\/p>\n<p>You can inspect the web traffic to better understand CST. A nice proxy to use is <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" rel=\"noopener noreferrer\" target=\"_blank\" href=\"http:\/\/fiddler2.com\/get-fiddler\">Fiddler2<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>. (Note: The SymT field was previously called &#8220;symval&#8221; and &#8220;path_digest&#8221;, as a result of our terminology change over time.)<\/p>\n<\/div>\n<div id=\"en-usprojectscstsource-code\" class=\"page-content\">\n<p><b>vPrograms for some approved transactions<br \/>\n<\/b>+ An approved purchase transaction using Amazon Simple Pay on NopCommerce: <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" rel=\"noopener noreferrer\" target=\"_blank\" href=\"http:\/\/protoagnostic.cloudapp.net\/MT-Programs\/AmazonSimplePay_MT.cs.txt\">the vProgram<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><br \/>\n+ An approved purchase transaction using PayPal Standard on NopCommerce: <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" rel=\"noopener noreferrer\" target=\"_blank\" href=\"http:\/\/protoagnostic.cloudapp.net\/MT-Programs\/PayPalStandard_MT.cs.txt\">the vProgram<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><br \/>\n+ An approved sign-on transaction using OpenID of DotNetOpenAuth: <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" rel=\"noopener noreferrer\" target=\"_blank\" href=\"http:\/\/protoagnostic.cloudapp.net\/MT-Programs\/OpenID_MT.cs.txt\">the vProgram<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><br \/>\n+ An approved sign-on transaction using Facebook&#8217;s OAuth: <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" rel=\"noopener noreferrer\" target=\"_blank\" href=\"http:\/\/protoagnostic.cloudapp.net\/MT-Programs\/OAuth_MT.cs.txt\">the vProgram<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><br \/>\n+ An approved gambling transaction: <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" rel=\"noopener noreferrer\" target=\"_blank\" href=\"http:\/\/protoagnostic.cloudapp.net\/MT-Programs\/Gambling_MT.cs.txt\">the vProgram<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><\/p>\n<p>(Note that CST was previously named DSV. Some projects still use the term DSV.)<br \/>\n+ <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" rel=\"noopener noreferrer\" target=\"_blank\" href=\"https:\/\/github.com\/Anonsubmission\/DSV\">Source code of all projects<span class=\"sr-only\"> (opens in new tab)<\/span><\/a><br \/>\n+ <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" rel=\"noopener noreferrer\" target=\"_blank\" href=\"https:\/\/github.com\/Anonsubmission\/DSV\/tree\/master\/liveIDSDK\">Source code of LiveID OAuth Sign-on SDK <span class=\"sr-only\"> (opens in new tab)<\/span><\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Logic flaws are prevalent in multiparty cloud services, which cause serious consequences, e.g., an attacker can make purchases without paying, or gets into other people\u2019s accounts without password. For decades, researchers have been advocating formal verification as a solution, but in the real world developers face many major hurdles to do it. We introduce a [&hellip;]<\/p>\n","protected":false},"featured_media":0,"template":"","meta":{"msr-url-field":"","msr-podcast-episode":"","msrModifiedDate":"","msrModifiedDateEnabled":false,"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"research-area":[13560,13558],"msr-locale":[268875],"msr-impact-theme":[],"msr-pillar":[],"class_list":["post-171460","msr-project","type-msr-project","status-publish","hentry","msr-research-area-programming-languages-software-engineering","msr-research-area-security-privacy-cryptography","msr-locale-en_us","msr-archive-status-active"],"msr_project_start":"5\/6\/2015","related-publications":[168033],"related-downloads":[],"related-videos":[],"related-groups":[],"related-events":[],"related-opportunities":[],"related-posts":[],"related-articles":[],"tab-content":[],"slides":[],"related-researchers":[{"type":"user_nicename","display_name":"Shuo Chen","user_id":33637,"people_section":"Group 1","alias":"shuochen"}],"msr_research_lab":[],"msr_impact_theme":[],"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/171460","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/types\/msr-project"}],"version-history":[{"count":1,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/171460\/revisions"}],"predecessor-version":[{"id":604230,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/171460\/revisions\/604230"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media?parent=171460"}],"wp:term":[{"taxonomy":"msr-research-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/research-area?post=171460"},{"taxonomy":"msr-locale","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-locale?post=171460"},{"taxonomy":"msr-impact-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-impact-theme?post=171460"},{"taxonomy":"msr-pillar","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-pillar?post=171460"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}