Security aspects in modern service component‑oriented application logic for social e‑commerce systems

Nabi, Faisal and Yong, Jianming and Tao, Xiaohui ORCID: https://orcid.org/0000-0002-0020-077X (2021) Security aspects in modern service component‑oriented application logic for social e‑commerce systems. Social Network Analysis and Mining, 11 (1):22. ISSN 1869-5450


Abstract

Modern practices in social commerce are a subset of e-Commerce focusing on security framework protocols such as secure transactional protocols, cryptographic schemes, and sanitization criteria. It is assumed that these practices will ensure stable social media-based e-Commerce applications. The main concern in utilizing these practices focus on software component composition, and integration flaws, which are often overlooked in their business application logic. These problems can render the effect of modern information security concepts null and void. The weakest link in social media-based e-Commerce applications is the component’s logic subversion on its server side, which is caused by developers overlooking the design process. This paper addresses a unique issue in aspects of information security in application logic vulnerability called subversion attack, which can be classified as a design flaw. This kind of security flaw cannot be prevented by many traditional security mechanisms commonly used in modern e-Commerce systems. To address this issue, we propose the use of security assurance methodologies in service component-oriented applications to be utilized through threat modeling and a novel technique component fault detection model. This idea is further extended to the modeling component and its applications using a UML secure design approach. To validate the technique, the methods applied in this paper are verification and validation for security by design testing to avoid the business logic design flaw problem in rapidly built component-based social media e-Commerce applications.


Statistics for USQ ePrint 41502
Statistics for this ePrint Item
Item Type: Article (Commonwealth Reporting Category C)
Refereed: Yes
Item Status: Live Archive
Additional Information: Permanent restricted access to Published version, in accordance with the copyright policy of the publisher.
Faculty/School / Institute/Centre: Current - Faculty of Business, Education, Law and Arts - School of Business (18 Jan 2021 -)
Faculty/School / Institute/Centre: Current - Faculty of Health, Engineering and Sciences - School of Sciences (6 Sep 2019 -)
Date Deposited: 02 Mar 2021 00:15
Last Modified: 02 Mar 2021 00:15
Uncontrolled Keywords: design flaws, subversion attack, social media-based e-commerce system, service component architecture, assurance & security, UML-based modelling, business logic attacks
Fields of Research (2008): 08 Information and Computing Sciences > 0803 Computer Software > 080303 Computer System Security
Fields of Research (2020): 46 INFORMATION AND COMPUTING SCIENCES > 4604 Cybersecurity and privacy > 460406 Software and application security
Identification Number or DOI: https://doi.org/10.1007/s13278-020-00717-9
URI: http://eprints.usq.edu.au/id/eprint/41502

Actions (login required)

View Item Archive Repository Staff Only