Security Assurance Process for Service Component-Oriented Application Logic for Social Interaction in E-Commerce Banking Applications

Security Assurance Process for Service Component-Oriented Application Logic for Social Interaction in E-Commerce Banking Applications

Application logic in e-commerce refers to features and behaviours unique to the application. Each application has its own specific handling of user inputs, user behaviour and communication with third-party components, while the weakness of component business logic is unique, there are significant web vulnerabilities that are common, impaction, and can be readily exploited. Usually, a logic weakness exists when an intruder violates legitimate application-specific functionality, against the intentions of developers.

In this research, we will investigate and discuss design flaw / logical flaw that causes business logic attack in the service-component-oriented application, at the n-tier architecture. The purpose of this research is to explore the causes of application logical flaws in service component architectural- based applications. There is clearly a need for a methodology able to deal with the logical flaws that normally do not show attack patterns or signatures, which are thereby hard to discover through automated techniques. Recent techniques to secure component-oriented applications normally focus on technical vulnerability. This can rely on security analysis and detection tools for vulnerability identification. The auditors mostly follow such policies that are based on checking a limited list of security issues/ vulnerabilities. Therefore, we have observed that the technique of custom-developed business logic often falls short in its ability to discover vulnerabilities. We have also noticed a significant number of attacks recently classified as business logic attacks. Many security techniques have been introduced for service component-oriented architecture in recent years, but they are at the high level of service component-oriented architecture and do not address the middle-tier (business-tier) in component-oriented systems. The main focus is to research business logic vulnerability in the service component-oriented applications using security breach scenarios (case study) in the banking domain, also examining the re-usability of design specification in the component. Furthermore, this approach is supported by a taxonomy of logical vulnerability in service component e-commerce, this taxonomy is validated by the proposed model in Chapter 4 B and event attack modeling in service component architecture in Chapter 5. It has a close relationship between the proposed taxonomy and the projected scenario of event attack modeling. Keeping in view this research further moves toward the logical solution of application logic.

Therefore, we propose a secure design method as a security assurance methodology, which uses social e-commerce as a modeling tool to demonstrate the features of this methodology. This method will be validated through Integration using UML modeling and system assurance process. This will be further reflected in a security feature-based UML. Sec modeling as an example B2c ATM model, demonstrated in social interactions of e-commerce component-based-application security modeling.

File reproduced in accordance with the copyright policy of the publisher/author.