A Formal Security Modeling and Analysis in B2B e-commerce

Despite the flourishing research on formal modeling and analysis of privacy and authentication issues in E-commerce, little research concentrates on the possible security risk due to business logic specification. In E-commerce systems, an aspect of this logic is to promise fairness. As the feature ensuring parties conduct their business to their mutual moral standards, fairness is one of the paramount features for E-commerce payment systems. In this case study of the AARN payment system, we apply form-oriented analysis to formally model the simple business logic behind this way of arranging payment. The model solves a fair exchange issue for security purposes at the business logic level, which changes further design and implementation for the payment system. It is the first time that Data Type Interchange Model diagram and other models in form-oriented analysis method have been applied in security analysis. This form-oriented analysis method helps designers not only on security analysis, but also on understanding and communication between business experts and software designers.