University of Leicester
Browse
- No file added yet -

Modeling and Analyzing Logic Vulnerabilities of E-Commerce Systems at the Design Phase

Download (1.4 MB)
journal contribution
posted on 2023-09-21, 09:03 authored by W Yu, L Liu, X Wang, O Bagdasar, J Panneerselvam
E-commerce systems have become tremendously popular and important for modern business processes in the world of the digital economy. E-commerce business processes rely on the distributed and concurrent interaction process among Web applications of participants, such as clients, merchants, third-party payment platforms (TPPs), and bank systems. Such complex business interactions bridge the gap of trustiness among participants and introduce new security challenges in the form of logical vulnerabilities, which are prevalent in the business process at the application level. The most pressing challenge is to guarantee security throughout the checkout process at the conceptual design phase such that the logic errors can be detected before the actual implementation. Maintenance and repair of implemented e-commerce systems can be extremely costly. To this end, this article proposes a novel modeling and analyzing methodology for multiparticipants and multisessions e-commerce interaction processes based on colored Petri nets (CPNs). First, we define a novel model that can efficiently depict the key properties of e-commerce business interaction processes. Second, several modeling principles are formulated based on the design specification of e-commerce systems. Finally, the concept of Transaction-Logical Consistency is defined to analyze and verify the logical vulnerabilities of e-commerce systems. Through a discussed case study, we demonstrate the feasibility and applicability of the proposed methodology and its efficiency in detecting problems those can potentially lead to logical vulnerabilities.

History

Author affiliation

School of Informatics, University of Leicester

Version

  • AM (Accepted Manuscript)

Published in

IEEE Transactions on Systems, Man, and Cybernetics: Systems

Pagination

1 - 13

Publisher

Institute of Electrical and Electronics Engineers (IEEE)

issn

2168-2216

eissn

2168-2232

Copyright date

2023

Available date

2023-09-21

Language

en

Usage metrics

    University of Leicester Publications

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC