Abstract
Modern practices in social commerce are a subset of e-Commerce focusing on security framework protocols such as secure transactional protocols, cryptographic schemes, and sanitization criteria. It is assumed that these practices will ensure stable social media-based e-Commerce applications. The main concern in utilizing these practices focus on software component composition, and integration flaws, which are often overlooked in their business application logic. These problems can render the effect of modern information security concepts null and void. The weakest link in social media-based e-Commerce applications is the component’s logic subversion on its server side, which is caused by developers overlooking the design process. This paper addresses a unique issue in aspects of information security in application logic vulnerability called subversion attack, which can be classified as a design flaw. This kind of security flaw cannot be prevented by many traditional security mechanisms commonly used in modern e-Commerce systems. To address this issue, we propose the use of security assurance methodologies in service component-oriented applications to be utilized through threat modeling and a novel technique component fault detection model. This idea is further extended to the modeling component and its applications using a UML secure design approach. To validate the technique, the methods applied in this paper are verification and validation for security by design testing to avoid the business logic design flaw problem in rapidly built component-based social media e-Commerce applications.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abdulrahman A, Mansour A, Noura A (2017) A model for evaluating the security and usability of e-banking platforms. Computing 99:519–535. https://doi.org/10.1007/s00607-017-0546-9
Agirre A, Parra J, Armentia A, Estévez E, Marcos M (2016) QoS aware middleware support for dynamically reconfigurable component based IoT applications. Int J Distribut Sensor Netw 3:17. https://doi.org/10.1155/2016/2702789
Agirre A, Armentia A, Estévez E, Marcos M (2018) A component-based approach for securing indoor home care applications. Sensors 18(1):46. https://doi.org/10.3390/s18010046
Alalwan AA, Dwivedi YK, Rana NP, Algharabat RS (2018) Examining factors influencing jordanian customers’ intentions and adoption of internet banking: extending UTAUT2 with risk. J Retail Consum Serv 40:125–138. https://doi.org/10.1016/j.jretconser.2017.08.026
Elio G, Karim D, Benjamin G, Eric D, Claude G (2014) A security risk assessment model for business process deployment in the cloud. In: 2014 IEEE international conference on services computing, pp 307–314. https://doi.org/10.1109/scc.2014.48
Ghassan B, Achim H, RafaelValencia G, Jun S, Asif G (2020) Towards an assessment framework of reuse: a knowledge-level analysis approach. Complex Intell Syst 6:87–95
Jiang H, Zhou R, Zhang L et al (2018) Sentence level topic models for associated topics extraction. World Wide Web. https://doi.org/10.1007/s11280-018-0639-1
Jones A, Ashenden D (2005) Risk management for computer security: protecting your network and information assets 1, St edn. Elsevier, Amsterdam, pp 46–57
Laukkanen P, Sinkkonen S, Laukkanen T (2018) Consumer resistance to internet banking: postpones, opponents and rejectors. Int J Bank Mark 26(6):440–455
Lindström B, Andler SF, Offutt J, Pettersson P, Sundmark D (2015) Mutating aspect-oriented models to test cross-cutting concerns. In: 2015 IEEE eighth international conference on software testing, verification and validation workshops (ICSTW). https://doi.org/10.1109/icstw.2015.7107456
Nabi F (2005) Secure business application logic for e-commerce systems. Elsevier J Comput Secur 24(3):208–217
Nabi F, Nabi M (2017) A process of security assurance properties unification for application logic. Int J Electron Inform Eng 6(1):40–48
Nabi F, Yong J, Tao X (2019a) A novel approach for component based application logic event attack modelling. Int J Netw Secur 22(3):437–443
Nabi F, Yong J, Tao X (2019b) Proposing a secure component-based-application logic and system’s integration testing approach. Int J Inform Electron Eng 11(1):25–39
Nabi F, Yong J, Tao X (2020) Classification of logical vulnerability based on group attacking method. In: 11th international conference on ambient systems, networks and technologies (ANT 2020), Warsaw Poland
Nabi F, Yong J, Tao X (2021) Classification of logical vulnerability based on group attack method. J Ubiquit Syst Pervas Netw 14(1):19–26
Raed SA, Nripendra PR (2020) Social commerce in emerging markets and its impact on online community engagement. Information. https://doi.org/10.1007/s10796-020-10041-4
Rodríguez M, Zalama E, González I (2016) Improving the interoperability in the digital home through the automatic generation of software adapters. RIAI Rev Iberoam Autom Inform Ind 13:363–369
Seinturier L, Merle P, Rouvoy R, Romero D, Schiavoni V, Stefani J-B (2017) A component-based middleware platform for reconfigurable service-oriented architectures. Softw Pract Exp 42:559–583
Wang H, Wang Y, Taleb T, Jiang X (2020) Special issue on security and privacy in network computing. World Wide Web 23(2):951–957
Xhafa F, Barolli L, Papajorgji P (2010) Complex intelligent systems and their applications. Springer optimization and its applications, vol 41. Springer, New York
Yaghmaie A (2017) How to characterise pure and applied science. Int Stud Philos Sci 31(2):133–149
Yin RK (2016) Case study research design and methods. Canad J Prog Evaluat 1:1. https://doi.org/10.3138/cjpe.30.1.108
Zhang T, Zheng L, Wang Y, Shen Y, Xi N, Ma J, Yong J (2018) Trustworthy service composition with secure data transmission in sensor networks. World Wide Web 21:185–200
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Nabi, F., Tao, X. & Yong, J. Security aspects in modern service component-oriented application logic for social e-commerce systems. Soc. Netw. Anal. Min. 11, 22 (2021). https://doi.org/10.1007/s13278-020-00717-9
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s13278-020-00717-9