Modeling and Analyzing Logic Vulnerabilities of E-Commerce Systems at the Design Phase

E-commerce systems have become tremendously popular and important for modern business processes in the world of the digital economy. E-commerce business processes rely on the distributed and concurrent interaction process among Web applications of participants, such as clients, merchants, third-party payment platforms (TPPs), and bank systems. Such complex business interactions bridge the gap of trustiness among participants and introduce new security challenges in the form of logical vulnerabilities, which are prevalent in the business process at the application level. The most pressing challenge is to guarantee security throughout the checkout process at the conceptual design phase such that the logic errors can be detected before the actual implementation. Maintenance and repair of implemented e-commerce systems can be extremely costly. To this end, this article proposes a novel modeling and analyzing methodology for multiparticipants and multisessions e-commerce interaction processes based on colored Petri nets (CPNs). First, we define a novel model that can efficiently depict the key properties of e-commerce business interaction processes. Second, several modeling principles are formulated based on the design specification of e-commerce systems. Finally, the concept of Transaction-Logical Consistency is defined to analyze and verify the logical vulnerabilities of e-commerce systems. Through a discussed case study, we demonstrate the feasibility and applicability of the proposed methodology and its efficiency in detecting problems those can potentially lead to logical vulnerabilities.