Modeling and Verification of Online Shopping Business Processes by Considering Malicious Behavior Patterns

Wang Yang Yu, Chun Gang Yan, Zhi Jun Ding, Chang Jun Jiang, Mengchu Zhou

Research output: Contribution to journalArticlepeer-review

30 Scopus citations

Abstract

Recently, online shopping integrating third-party payment platforms (TPPs) introduces new security challenges due to complex interactions between Application Programming Interfaces (APIs) of Merchants and TPPs. Malicious clients may exploit security vulnerabilities by calling APIs in an arbitrary order or playing various roles. To deal with the security issue in the early stages of system development, this paper presents a formal method for modeling and verification of online shopping business processes with malicious behavior patterns considered based on Petri nets. We propose a formal model called E-commerce Business Process Net to model a normal online shopping business process that represent intended functions, and malicious behavior patterns representing a potential attack that violates the security goals at the requirement analysis phase. Then, we synthesize the normal business process and malicious behavior patterns by an incremental modeling method. According to the synthetic model, we analyze whether an online shopping business process is resistant to the known malicious behavior patterns. As a result, our approach can make the software design provably secured from the malicious attacks at process design time and, thus, reduces the difficulty and cost of modification for imperfect systems at the release phase. We demonstrate our approach through a case study.

Original languageEnglish (US)
Article number6960112
Pages (from-to)647-662
Number of pages16
JournalIEEE Transactions on Automation Science and Engineering
Volume13
Issue number2
DOIs
StatePublished - Apr 1 2016

All Science Journal Classification (ASJC) codes

  • Control and Systems Engineering
  • Electrical and Electronic Engineering

Keywords

  • Business process
  • e-commerce
  • online shopping
  • software design
  • trustworthiness
  • verification

Fingerprint

Dive into the research topics of 'Modeling and Verification of Online Shopping Business Processes by Considering Malicious Behavior Patterns'. Together they form a unique fingerprint.

Cite this