Abstract
With the rapid development of network and mobile terminal, online trading has become more and more widespread. However, E-commerce transaction systems aren’t completely strong due to the openness of network. Some points of a system is vulnerable in the real world and thus they can be utilized by attackers and cheaters. We focus on E-commerce transaction systems with attacks, and propose a kind of Petri nets called VET-net (Vulnerable E-commerce Transaction nets) to model them. A VET-net considers both normal actions belonging to the related system and malicious actions ones such as tampering with a data. Based on VET-net, this paper proposes the concepts of vulnerable points and vulnerable levels in order to describe the cause and levels of vulnerability. And then it uses the dynamic sling method to locate the vulnerable points. A real example is used to illustrate the effectiveness and rationality of our concepts and method.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Lowis, L., Accorsi, R.: Vulnerability analysis in SOA-based business processes. J. IEEE Trans. Serv. Comput. 4, 230–242 (2011)
Georgiadis, C.K., Pimenidis, E.: Web services enabling virtual enterprise transactions. In: Proceedings IADIS International Conference on e-Commerce, Barcelona, Spain, pp. 297–302 (2006)
Wang, R., Chen, S., Wang, X. F., et al.: How to shop for free online-security analysis of cashier-as-a-service based web stores. In: 2011 IEEE Symposium on Security and Privacy, pp. 465–480. IEEE Press, New York (2011)
Du, Y.Y., Jiang, C.J., Zhou, M.C.: A Petri net-based model for verification of obligations and accountability in cooperative systems. J. IEEE Trans. Syst. Man Cybern. A Syst. Hum. 39, 299–308 (2009)
Yu, W.Y., Yan, C.G., Ding, Z.J., Jiang, C.J., Zhou, M.C.: Modeling and validating e-commerce business process based on Petri nets. J. IEEE Trans. Syst. Man Cybern. A Syst. Hum. 44, 327–341 (2014)
Vesely, W.E., Goldberg, F.F., Roberts, N.H., Roberts, N.H.: Fault Tree Handbook. Nuclear Regulatory Commission, Washington DC (1981)
Schneier, B.: Attack trees. Dr. Dobb’s J. 24, 21–29 (1999)
Saini, V., Duan, Q., Paruchuri, V.: Threat modeling using attack trees. J. Comput. Sci. Coll. 23, 124–131 (2008)
Ravi, S.N., Prabhu, B.S.: Modified approach for prioritization of failures in a system failure mode and effects analysis. J. Int. J. Qual. Reliab. Manage. 18, 324–336 (2001)
Roseti, L., Serra, M., Bassi, A., et al.: Failure mode and effects analysis to reduce risks of errors in the good manufacturing practice production of engineered cartilage for autologous chondrocyte implantation. J. Curr. Pharm. Anal. 12, 43–54 (2016)
Krsul, I.V.: Software vulnerability analysis. Ph.D. thesis, West Lafayette, IN, USA, Major Professor-Eugene H. Spafford (1998)
Dianxiang, X., Kendall, E.N.: Threat-driven modeling and verification of secure software using aspect-oriented Petri nets. J. IEEE Trans. Softw. Eng. 32, 265–278 (2006)
Murata, T.: Petri nets: properties, analysis and applications. J. Proc. IEEE 1989(77), 541–580 (1989)
Sun, H., Fu, X., Xie, S., Jiang, Y., Guan, G., Wang, B.: A novel slicing method for thin supercapacitor. J. Adv. Mater., Online press (2016)
Peterson, J.L.: Petri nets. J. ACM Comput. Surv. (CSUR) 9, 223–252 (1997)
Weiser, M.: Program slicing. J. IEEE Trans. Soft. Eng. 10, 352–357 (1984)
Yu, W., Ding, Z., Fang, X.: Dynamic slicing of Petri nets based on structural dependency graph and its application in system analysis. Asian J. Control 17, 1403–1414 (2015)
Peterson, J.: Petri Net Theory and the Modeling of Systems. Prentice Hall, Upper Saddle River (1981)
Pinchinat, S., Acher, M., Vojtisek, D.: Towards synthesis of attack trees for supporting computer-aided risk analysis. In: Canal, C., Idani, A. (eds.) SEFM 2014. LNCS, vol. 8938, pp. 363–375. Springer, Heidelberg (2015). doi:10.1007/978-3-319-15201-1_24
Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006). doi:10.1007/11734727_17
Rakow, A.: Slicing Petri nets with an application to workflow verification. In: Geffert, V., Karhumäki, J., Bertoni, A., Preneel, B., Návrat, P., Bieliková, M. (eds.) SOFSEM 2008. LNCS, vol. 4910, pp. 436–447. Springer, Heidelberg (2008). doi:10.1007/978-3-540-77566-9_38
Llorens, M., Oliver, J., Silva, J., Tamarit, S., Vidal, G.: Dynamic slicing techniques for Petri nets. J. Elec. Notes Theor. Comput. Sci. 223, 153–165 (2008)
Acknowledgments
This paper is partially supported by the National Natural Science Foundation of China under grant Nos. 91218301 and 61572360.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Wang, M., Liu, G., Yan, C., Jiang, C. (2016). Modeling and Vulnerable Points Analysis for E-commerce Transaction System with a Known Attack. In: Wang, G., Ray, I., Alcaraz Calero, J., Thampi, S. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2016. Lecture Notes in Computer Science(), vol 10066. Springer, Cham. https://doi.org/10.1007/978-3-319-49148-6_35
Download citation
DOI: https://doi.org/10.1007/978-3-319-49148-6_35
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49147-9
Online ISBN: 978-3-319-49148-6
eBook Packages: Computer ScienceComputer Science (R0)