A Dynamic Data Slice Approach to the Vulnerability Analysis of E-Commerce Systems.

The e-commerce business process net (EBPN) is a novel formal model for describing an e-commerce system and its interactive parts, such as shoppers, merchants, and the third-party payment platforms. Vulnerability analysis has a great impact on the trustworthiness of EBPN, which is an issue stemming from data inconsistency problems. Data inconsistency problems affect the consistency of the EBPN transaction analysis. The underlying causes of inconsistent data are closely related to concurrent operations, such as control flow and data flow. However, most of the existing detection methods have difficulties characterizing the vulnerabilities and interactions of control and data flows. In this paper, we propose a new method based on the dynamic data slice (DDS) that considers both transaction consistency and data state consistency. First, by analyzing control flow characteristics of EBPN, we obtain the dynamic slice. This dynamic slice is based on all paths of the EBPN reachability graph. Second, we perform the data inconsistency analysis by considering both transaction consistency and data-state consistency. Based on these, we construct a DDS to characterize the behavioral logic and the data-dependence information. The DDS acquires the dynamic data firing sequence. Based on that sequence and a given data marking, we can construct the DDSs for several types of EBPNs. Constructing the DDS can be completed in polynomial time. The DDS is designed to characterize the behavioral logic and data-dependence information. Based on these, we design a method to judge the data constraints. This method satisfies the EBPN need for transaction consistency by considering both the control and data states. In addition, according to the data-dependence information, we can lock the vulnerable regions caused by abnormal trading data in the system. Finally, we give a method to compute the vulnerability level. [ABSTRACT FROM AUTHOR]