Security aspects in modern service component-oriented application logic for social e-commerce systems

Abstract

Modern practices in social commerce are a subset of e-Commerce focusing on security framework protocols such as secure transactional protocols, cryptographic schemes, and sanitization criteria. It is assumed that these practices will ensure stable social media-based e-Commerce applications. The main concern in utilizing these practices focus on software component composition, and integration flaws, which are often overlooked in their business application logic. These problems can render the effect of modern information security concepts null and void. The weakest link in social media-based e-Commerce applications is the component’s logic subversion on its server side, which is caused by developers overlooking the design process. This paper addresses a unique issue in aspects of information security in application logic vulnerability called subversion attack, which can be classified as a design flaw. This kind of security flaw cannot be prevented by many traditional security mechanisms commonly used in modern e-Commerce systems. To address this issue, we propose the use of security assurance methodologies in service component-oriented applications to be utilized through threat modeling and a novel technique component fault detection model. This idea is further extended to the modeling component and its applications using a UML secure design approach. To validate the technique, the methods applied in this paper are verification and validation for security by design testing to avoid the business logic design flaw problem in rapidly built component-based social media e-Commerce applications.