Process of Security Assurance Technique for Application Functional Logic in E-Commerce Systems

Security practices such as Audits that often focus on penetration testing are performed to find flaws in some types of vulnerability & use tools, which have been tailored to resolve certain risks based on code errors, code conceptual assumptions bugs, etc. Most existing security practices in e-Commerce are dealt with as an auditing activity. They may have policies of security, which are enforced by auditors who enable a particular set of items to be reviewed, but also fail to find vulnerabilities, which have been established in compliance with application logic. In this paper, we will investigate the problem of business logic vulnerability in the component-based rapid development of e-commerce applications while reusing design specification of component. We propose secure application functional processing Logic Security technique for component-based e-commerce application, based on security requirement of e-business process and security assurance logical component behaviour specification approach to formulize and design a solution for business logic vulnerability phenomena.

Modeling and Analysis of Data Dependencies in Business Process for Data-Intensive Services

With the growing popularity of data-intensive services on the Internet, the traditional process-centric model for business process meets challenges due to the lack of abilities to describe data semantics and dependencies, resulting in the inflexibility of the design and implement for the processes. This paper proposes a novel data-aware business process model which is able to describe both explicit control flow and implicit data flow. Data model with dependencies which are formulated by Linear-time Temporal Logic(LTL) is presented, and their satisfiability is validated by an automaton-based model checking algorithm. Data dependencies are fully considered in modeling phase, which helps to improve the efficiency and reliability of programming during developing phase. Finally, a prototype system based on j BPM for data-aware workflow is designed using such model, and has been deployed to Beijing Kingfore heating management system to validate the flexibility, efficacy and convenience of our approach for massive coding and large-scale system management in reality.