Model Checking Electronic Commerce

The paper develops model checking techniques to examine NetBill and Digicash. We show how model checking can nd atomicity problems by analyzing simpliied versions of these protocols that retain crucial security problems. For our analysis we used the FDR model checker 13]. Note to reviewers: This is an extended abstract only. We anticipate that some of the work described in Section 5 will be completed by the time that the camera-ready copy of this paper is due (if it is accepted.) 1 Atomicity Properties Correctness is a prime concern for electronic commerce protocols. How can we show that a given protocol is safe for use? Here we show how to use model checking to test whether electronic commerce protocols satisfy some given atomicity properties. For verifying properties of protocols, model checking is a dramatic improvement over doing hand proofs, because it is mechanizable; it is a dramatic improvement over using state-of-the-art theorem provers because it is automatic, fast, and requires no human interaction. Moreover, we found a number of problems in proposed electronic commerce protocols using model checking. Model checking allows us to focus on just those aspects of the protocol necessary to guarantee desired properties. In doing so, we can gain a better understanding of why the protocol works and often can identify places of optimizing it. For this paper, we have chosen to check atomicity properties. In the 1995 USENIX Electronic Commerce Workshop, Camp, Sirbu, and Tygar argued that these properties are central property to electronic commerce protocols 1]. In an atomic protocol, an electronic purchase either aborts with no transfer of money and goods; or fully completes with money and goods exchanged. work is the opinion of the authors and does not necessarily represent the view of their employers, funding sponsors, or the US Government.