Petri net-based methods for analyzing structural security in e-commerce business processes

被引:14
作者
Yu, Wangyang [1 ,2 ,3 ]
Ding, Zhijun [4 ]
Liu, Lu [5 ]
Wang, Xiaoming [1 ,2 ,3 ]
Crossley, Richard David [5 ]
机构
[1] Minist Educ, Key Lab Modern Teaching Technol, Xian 710062, Peoples R China
[2] Engn Lab Teaching Informat Technol Shaanxi Prov, Xian 710119, Peoples R China
[3] Shaanxi Normal Univ, Sch Comp Sci, Xian 710119, Peoples R China
[4] Tongji Univ, Dept Comp Sci, Shanghai 201804, Peoples R China
[5] Univ Derby, Dept Elect Comp & Math, Derby DE221 GB, England
来源
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE | 2020年 / 109卷
基金
中国国家自然科学基金;
关键词
Petri net; E-commerce; Business process; Structural security; CORRECTNESS;
D O I
10.1016/j.future.2018.04.090
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
The rapid development of e-commerce worldwide, means more e-commerce business processes adopting the structure of multiple participants; these include shopper clients, merchant and third-party payment platforms (TPPs), banks, and so on. It is a distributed and complex system, where communications among these participants rely on the web services and Application Programming Interfaces (APIs) such as Cashier-as-a-Service or CaaS. This introduces new security challenges due to complex interactions among multiple participants, and any design flaws in procedure structures may result in serious security issues. We study the structural security issues based on Petri nets, and a framework for analyzing structural security in e-commerce business process is proposed. Petri net-based modeling and analysis methods are also provided. Given the specifications of e-commerce business processes, the proposed methods can help designers analyze structural security issues of an e-commerce business process. (C) 2018 Elsevier B.V. All rights reserved.
引用
收藏
页码:611 / 620
页数:10
相关论文
共 29 条
[1]  
[Anonymous], [No title captured]
[2]  
[Anonymous], [No title captured]
[3]  
[Anonymous], [No title captured]
[4]   Modular Verification of Security Protocol Code by Typing [J].
Bhargavan, Karthikeyan ;
Fournet, Cedric ;
Gordon, Andrew D. .
POPL'10: PROCEEDINGS OF THE 37TH ANNUAL ACM SIGPLAN-SIGACT SYMPOSIUM ON PRINCIPLES OF PROGRAMMING LANGUAGES, 2010, :445-456
[5]   Process diagnostics using trace alignment: Opportunities, issues, and challenges [J].
Bose, R. P. Jagadeesh Chandra ;
van der Aalst, Wil M. P. .
INFORMATION SYSTEMS, 2012, 37 (02) :117-141
[6]  
Brucker AD, 2013, LECT NOTES BUS INF P, V132, P662
[7]  
Depaire B, 2013, LECT NOTES BUS INF P, V132, P701
[8]   A Petri Net Approach to Mediation-Aided Composition of Web Services [J].
Du, Yanhua ;
Li, Xitong ;
Xiong, PengCheng .
IEEE TRANSACTIONS ON AUTOMATION SCIENCE AND ENGINEERING, 2012, 9 (02) :429-435
[9]   A Petri-net-based correctness analysis of Internet stock trading systems [J].
Du, YuYue ;
Jiang, ChangJun ;
Zhou, MengChu .
IEEE TRANSACTIONS ON SYSTEMS MAN AND CYBERNETICS PART C-APPLICATIONS AND REVIEWS, 2008, 38 (01) :93-99
[10]   A Petri Net-Based Model for Verification of Obligations and Accountability in Cooperative Systems [J].
Du, YuYue ;
Jiang, ChangJun ;
Zhou, MengChu .
IEEE TRANSACTIONS ON SYSTEMS MAN AND CYBERNETICS PART A-SYSTEMS AND HUMANS, 2009, 39 (02) :299-308
123