Security Assurance Process for Service Component-Oriented Application Logic for Social Interaction in E-Commerce Banking Applications

PhD by Publication


Nabi, Faisal. 2021. Security Assurance Process for Service Component-Oriented Application Logic for Social Interaction in E-Commerce Banking Applications. PhD by Publication Doctor of Philosophy. University of Southern Queensland. https://doi.org/10.26192/q7q82
Title

Security Assurance Process for Service Component-Oriented Application Logic for Social Interaction in E-Commerce Banking Applications

TypePhD by Publication
Authors
AuthorNabi, Faisal
Supervisor
1. FirstProf Jianming Yong
2. SecondProf Xiaohui Tao
Institution of OriginUniversity of Southern Queensland
Qualification NameDoctor of Philosophy
Number of Pages145
Year2021
PublisherUniversity of Southern Queensland
Place of PublicationAustralia
Digital Object Identifier (DOI)https://doi.org/10.26192/q7q82
Abstract

Application logic in e-commerce refers to features and behaviours unique to the application. Each application has its own specific handling of user inputs, user behaviour and communication with third-party components, while the weakness of component business logic is unique, there are significant web vulnerabilities that are common, impaction, and can be readily exploited. Usually, a logic weakness exists when an intruder violates legitimate application-specific functionality, against the intentions of developers.

In this research, we will investigate and discuss design flaw / logical flaw that causes business logic attack in the service-component-oriented application, at the n-tier architecture. The purpose of this research is to explore the causes of application logical flaws in service component architectural- based applications. There is clearly a need for a methodology able to deal with the logical flaws that normally do not show attack patterns or signatures, which are thereby hard to discover through automated techniques. Recent techniques to secure component-oriented applications normally focus on technical vulnerability. This can rely on security analysis and detection tools for vulnerability identification. The auditors mostly follow such policies that are based on checking a limited list of security issues/ vulnerabilities. Therefore, we have observed that the technique of custom-developed business logic often falls short in its ability to discover vulnerabilities. We have also noticed a significant number of attacks recently classified as business logic attacks. Many security techniques have been introduced for service component-oriented architecture in recent years, but they are at the high level of service component-oriented architecture and do not address the middle-tier (business-tier) in component-oriented systems. The main focus is to research business logic vulnerability in the service component-oriented applications using security breach scenarios (case study) in the banking domain, also examining the re-usability of design specification in the component. Furthermore, this approach is supported by a taxonomy of logical vulnerability in service component e-commerce, this taxonomy is validated by the proposed model in Chapter 4 B and event attack modeling in service component architecture in Chapter 5. It has a close relationship between the proposed taxonomy and the projected scenario of event attack modeling. Keeping in view this research further moves toward the logical solution of application logic.

Therefore, we propose a secure design method as a security assurance methodology, which uses social e-commerce as a modeling tool to demonstrate the features of this methodology. This method will be validated through Integration using UML modeling and system assurance process. This will be further reflected in a security feature-based UML. Sec modeling as an example B2c ATM model, demonstrated in social interactions of e-commerce component-based-application security modeling.

KeywordsBusiness logic, Security Privacy, Modeling, Banking application
ANZSRC Field of Research 2020460499. Cybersecurity and privacy not elsewhere classified
Public Notes

File reproduced in accordance with the copyright policy of the publisher/author.

Byline AffiliationsSchool of Business
Permalink -

https://research.usq.edu.au/item/q7q82/security-assurance-process-for-service-component-oriented-application-logic-for-social-interaction-in-e-commerce-banking-applications

Download files


Published Version
Faisal Nabi - Thesis.pdf
License: CC BY-NC 4.0
File access level: Anyone

  • 44
    total views
  • 27
    total downloads
  • 1
    views this month
  • 1
    downloads this month

Export as

Related outputs

Process of Security Assurance Technique for Application Functional Logic in E-Commerce Systems
Nabi, Faisal, Yong, Jianming, Tao, Xiaohui, Malhi, Muhammad Saqib, Farhan, Muhammad and Mahmood, Umar. 2021. "Process of Security Assurance Technique for Application Functional Logic in E-Commerce Systems." Journal of Information Security. 12 (3), pp. 189-211. https://doi.org/10.4236/jis.2021.123010
Security aspects in modern service component‑oriented application logic for social e‑commerce systems
Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2021. "Security aspects in modern service component‑oriented application logic for social e‑commerce systems." Social Network Analysis and Mining. 11 (1). https://doi.org/10.1007/s13278-020-00717-9
Organizing Classification of Application Logic Attacks in Component-based E-Commerce Systems
Nabi, Faisal, Yong, Jianming, Tao, Xiaohui, Farhan, Muhammad and Naseem, Nauman. 2021. "Organizing Classification of Application Logic Attacks in Component-based E-Commerce Systems." Journal of Computer Science. 17 (11), pp. 1046-1057. https://doi.org/10.3844/JCSSP.2021.1046.1058
Concepts of Safety Critical Systems Unification Approach & Security Assurance Process
Nabi, Faisal, Yong, Jianming, Tao, Xiaohui, Malhi, Muhammad Saqib, Mahmood, Umar and Iqbal, Usman. 2020. "Concepts of Safety Critical Systems Unification Approach & Security Assurance Process." Journal of Information Security. 11 (4), pp. 292-303. https://doi.org/10.4236/jis.2020.114018
Classification of logical vulnerability based on group attack method
Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2021. "Classification of logical vulnerability based on group attack method." Journal of Ubiquitous Systems and Pervasive Networks. 14 (1), pp. 19-26. https://doi.org/10.5383/JUSPN.14.01.004
A security review of event-based application function and service component architecture
Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2020. "A security review of event-based application function and service component architecture." International Journal of Systems and Software Security and Protection. 11 (2), pp. 58-70. https://doi.org/10.4018/IJSSSP.2020070104
Classification of Logical Vulnerability Based on Group Attacking Method
Nabi, Faisal, Yong, Jianming and Tao, Xaiohui. 2020. "Classification of Logical Vulnerability Based on Group Attacking Method." 11th International Conference on Ambient Systems, Networks and Technologies (ANT 2020). Warsaw Poland 06 - 09 Apr 2020 Netherlands. https://doi.org/10.1016/j.procs.2020.03.109
Proposing a secure component-based-application logic and system’s integration testing approach
Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2019. "Proposing a secure component-based-application logic and system’s integration testing approach." International Journal of Information and Electronics Engineering. 11 (1), pp. 25-39. https://doi.org/10.6636/IJEIE.20190911(1).04
A novel approach for component based application logic event attack modeling
Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2020. "A novel approach for component based application logic event attack modeling." International Journal of Network Security. 22 (3), pp. 437-443.
Designing a Framework Method for Secure Business Application Logic Integrity in e-Commerce Systems
Nabi, Faisal. 2011. "Designing a Framework Method for Secure Business Application Logic Integrity in e-Commerce Systems." International Journal of Network Security. 12 (1), pp. 29-41.
Virtual Invisible Disk Design for Information System Security
Nabi, Faisal. 2009. "Virtual Invisible Disk Design for Information System Security." International Journal of Network Security. 8 (2), pp. 131-138.
Secure business application logic for e-commerce systems
Nabi, Faisal. 2005. "Secure business application logic for e-commerce systems." Computers and Security. 24 (3), pp. 208-217. https://doi.org/10.1016/j.cose.2004.08.008