Message and Data Formats - An expressive formal model of the web infrastructure

We now provide some more details about data and message formats that are needed for the formal treatment of the web model.

A.4.1. URLs

Definition 28. A URL is a term of the form

hURL, protocol , host, path, parameters, fragmenti

with the subterms protocol ∈ {P, S} (for plain HTTP and secure HTTPS), host ∈ Doms, path ∈ S, parameters ∈

The fragment part of a URL can be omitted when writing the URL. Its value is then defined to be ⊥.

Example 4. For the URL u = hURL, a, b, c, di, we have that u.protocol = a. If, in the algorithm described later, we write u.path := e then u = hURL, a, b, c, ei afterwards.

A.4.2. Origins

Definition 29. An origin is a term of the form hhost , protocol i with host ∈ Doms and protocol ∈ {P, S}. We write Origins for the set of all origins.

Example 5. For example, hFOO, Si is the HTTPS origin for the domain FOO, while hBAR, Pi is the HTTP origin for the domain BAR.

A.4.3. Cookies

Definition 30. A cookie is a term of the form hname, content i where name ∈

T

N, and content is a

term of the form hvalue, secure, session, httpOnlyi where value ∈

T

N, secure, session, httpOnly ∈

{>, ⊥}. We write Cookies for the set of all cookies and Cookiesν for the set of all cookies where names and values are defined over

T

N(V ).

If the secure attribute of a cookie is set, the browser will not transfer this cookie over unencrypted HTTP connections. If the session flag is set, this cookie will be deleted as soon as the browser is closed. The httpOnly attribute controls whether JavaScript has access to this cookie.

Cookies of the form described here are contained in HTTP(S) requests and in the browser state. In HTTP(S) responses, only the components name and value are transferred as a pairing of the form hname, valuei.

A.4.4. HTTP Messages

Definition 31. An HTTP request is a term of the form shown in (A.1). An HTTP response is a term of the form shown in (A.2).

hHTTPReq, nonce, method , host, path, parameters, headers, bodyi (A.1)

hHTTPResp, nonce, status, headers, bodyi (A.2)

The components are defined as follows:

– nonce ∈

N

serves to map each response to the corresponding request, – method ∈ Methods is one of the HTTP methods,

– path ∈ S is a string indicating the requested resource at the server side,

– status ∈ S is the HTTP status code (i.e., a number between 100 and 505, as defined by the HTTP standard),

– parameters ∈S ×

T

N contains URL parameters,

– headers ∈

S ×

T

N contains request/response headers, and

– body ∈

T

N represents the request/response body.

We write HTTPRequests/HTTPResponses for the set of all HTTP requests or responses, respectively.

The following request/response headers are created or understood by our browser model presented later:

– hOrigin, oi where o is an origin or3 (the “null” origin), – hSet-Cookie, ci where c is a sequence of cookies,

– hCookie, ci where c ∈ S ×

T

N (in this header, only names and values of cookies are

transferred),

– hLocation, li where l ∈ URLs,

– hReferer, ri where r ∈ URLs,

– hStrict-Transport-Security, >i,

– hAuthorization, husername, password ii where username, password ∈ S, – hReferrerPolicy, pi where p ∈ {noreferrer, origin}, and

– hUpgrade, websocketi.

Example 6 (HTTP Request and Response).

r :=hHTTPReq, n1, POST, example.com, /show, hhindex, 1ii,

[Origin : hexample.com, Si], hfoo, barii (A.3)

s :=hHTTPResp, n1, 200, hhSet-Cookie, hhSID, hn2, ⊥, ⊥, >iiiii, hsomescript, xii (A.4)

An HTTP POST request for the URL http://example.com/show?index=1 is shown in (A.3), with an Origin header and a body that contains hfoo, bari. A possible response is shown in (A.4), which contains an httpOnly cookie with name SID and value n2 as well as the string

representation somescript of the script script−1(somescript) (which should be an element of

Encrypted HTTP Messages

For HTTPS, requests are encrypted using the public key of the server. Such a request contains an (ephemeral) symmetric key chosen by the client that issued the request. The server is supported

to encrypt the response using the symmetric key.

Definition 32. An encrypted HTTP request is of the form enca(hm, k0i, k), where k ∈ terms,

k0 ∈

N

, and m ∈ HTTPRequests. The corresponding encrypted HTTP response would be of the form encs(m0, k0), where m0 ∈ HTTPResponses. We call the sets of all encrypted HTTP requests

and responses HTTPSRequests or HTTPSResponses, respectively.

We say that an HTTP(S) response matches or corresponds to an HTTP(S) request if both terms contain the same nonce.

Example 7.

enca(hr, k0i, pub(kexample.com)) (A.5)

encs(s, k0) (A.6)

The term (A.5) shows an encrypted request (with r as in (A.3)). It is encrypted using the public key pub(kexample.com). The term (A.6) is a response (with s as in (A.4)). It is encrypted

symmetrically using the (symmetric) key k0 that was sent in the request (A.5).

A.4.5. DNS Messages

Definition 33. A DNS request is a term of the form hDNSResolve, domain, noncei where domain ∈ Doms, nonce ∈

_N

. We call the set of all DNS requests DNSRequests.

Definition 34. A DNS response is a term of the form hDNSResolved, domain, result , noncei with domain ∈ Doms, result ∈ IPs, nonce ∈

N

. We call the set of all DNS responses DNSResponses. DNS servers are supposed to include the nonce they received in a DNS request in the DNS response that they send back so that the party which issued the request can match it with the request.

A.4.6. WebSocket Messages

Definition 35. A WebSocket Message is a term of the form hWS MSG, nonce, datai where nonce ∈

N

and data ∈

T

_N.

Definition 36. An Encrypted WebSocket Message is a term of the form encs(m, k) where m is a

A.4.7. WebRTC Messages

Definition 37. A WebRTC Offer or WebRTC Answer is a term of the form

hRTC OFFER, nonce, idp, ia, pubkey, addr i

where nonce, pubkey ∈

N

, addr ∈ IPs, and ia and data ∈

T

N. We use the identifier RTC OFFER

for both offer and answer documents.

Definition 38. A WebRTC Message is a term of the form enca(hRTC MSG, nonce, datai, k,) where

nonce, k ∈

N

and data ∈

T

In document An expressive formal model of the web infrastructure (Page 132-136)