Di Wu,Yabo Dong,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11563952_52

2005-01-01

Abstract:The fast development of E-Commerce and information technology brings much higher requirements for enterprise informationization. Because of the differences in platforms, development languages and standards etc, enterprise application integration (EAI) has become the important form of enterprise informationization to support complex business processes. Web services have emerged as the next generation of integration technology which provides the power to support interoperability. However EAI doesn’t just present new interoperability challenges; it also presents serious privacy and security challenges. This paper presents security architecture of Web Services based EAI which uses distributed Single Sign On authentication and distributed Role-based Access Control authorization. The basic concept and prototype system of the security architecture are described in detail.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

邓锦红,陈德人,苏斐琦

DOI: https://doi.org/10.3785/j.issn.1008-973X.2003.02.005

2003-01-01

Abstract:Security is an important element in the design of e-business sites. However, performance is the price to be paid for it. To learn how the mechanisms and protocols used to support security may impact system performance, an analysis of the security mechanisms such as TLS and SET protocol is provided. After identifying the dominant factor, i.e. bottleneck, Some auxiliary methods can be used to improve the performance of it. Dynamic load balancing, proxy servers and caches can be used for security at the network level; a combination of firewall and the single Sign-on technology can also be used at this level. For security at the server level, the use of cryptographic accelerator cards, more and faster processors, and the use of faster cryptographic algorithms can substantially reduce the time spent in the most expensive cryptographic operations so that performance is increased. In addition, an improved model based on Distributed Calculating environment and DES Cipher algorithm can effectively reduce the impact of security mechanisms on system performance.

Xuesong QUE,Yuming Yao,Shanping LI,Ming GUO,Xiaoqiang Dong

DOI: https://doi.org/10.3969/j.issn.1000-3428.2001.01.010

2001-01-01

Abstract:This paper presents the design and implementation of a Web-based 3-tiered computer aided quality (CAQ) System OL-CAQ, as a sub-system of a CIMS system OL-CIMS. The cons and pros of those tranditional Client/Server architectures vs. 3-tiered Client/Server architectures are also presented, and the implementation of the Web-based 3-tiered OL-CAQ system is outlighted.

Zhiqiang Dai,Xin Guo

DOI: https://doi.org/10.1155/2022/3023298

2022-08-08

Mobile Information Systems

Abstract:The Internet of Things (IoT) can combine a wide range of information space with physical space and use related technologies to provide effective information interaction between objects. Nowadays, a large amount of Internet data transmitted by E-commerce communication data is vulnerable to interference, intrusion, and other attacks, posing a major threat and challenge to data security. Based on the IoT data analysis platform Hadoop, starting from the data, the problems faced by the E-commerce information security are analyzed and the E-commerce security is improved. Through the comparison of Delphi method, fuzzy comprehensive evaluation method, weighted linear evaluation method, grey cluster analysis method, analytic hierarchy process, and using the complex fuzzy evaluation method of the vague set theory, the security weights of the first and second levels are calculated according to the vague entropy value of each index attribute. It provides a useful reference for E-commerce informatization security evaluation methods. The first-level and second-level comprehensive evaluations of the vague set are used to detect and analyze E-commerce network security, transaction security, data security, and physical security. The weight of each indicator occupies a total of 100% and the final risk status is close to 0. Therefore, it can be concluded that the risk status of the E-commerce information security is “safe”.

computer science, information systems,telecommunications

Kuo-Sui Lin

DOI: https://doi.org/10.11648/j.ajomis.20170201.12

2017-01-04

Abstract:Over the past decade, e-commerce creates exciting new opportunities for business but also brings new web application vulnerabilities and transaction security risks. A stream of news of phishing attacks, website spoofing, payment card skimming (credit /debit cards), fraud in online transactions, malware attack (malicious code attack of viruses, worms, Trojans, and bots), hacker/cracker infiltration, vandalism, identity theft and data breaches of payment card or bank details are increasingly reported. Web application security risk management, therefore, is essential for secure e-commerce online transactions, including order processing, payment transaction, banking and clearing processing. Therefore, the main purpose of this study was to propose a web application security risk management methodology to perform e-commerce web application security risk management, helping organizations understand and improve their e-commerce web application security risks. In order to achieve this purpose, the goal of this study has been two-fold: (1) How will organizations measure threat likelihood, impact consequence and severity of their e-commerce web application security risk? (2) What management methodology is required to prompt the e-commerce web application security vulnerabilities measurement and improvement? Using OWASP Top Ten Vulnerabilities as target items, the proposed management methodology is disciplined in a PDCA based ISO/IEC 27005 iterative process activities, integrating Common Criteria attack potential ratings as threat likelihood scales and the FIPS 199 impact categories as impact consequence scales to categorize severity of every e-commerce web application vulnerabilities. Following the proposed management procedure, all the critical e-commerce web application vulnerabilities can be reviewed, analyzed, prioritized and remedied effectively and efficiently, moving on again in a continuous cycle.

Computer Science,Business

Yu Zhiwei,Tang Rengzhong,Jia Dongjiao,Ye Fanbo

DOI: https://doi.org/10.3321/j.issn:1004-132X.2007.04.021

2007-01-01

Abstract:To identify the security requirements of information systems, a business process-based security requirement analysis method was presented. Focused on the business process security, the related assets which affect the business process security were identified by security tree model. The security requirements of assets were identified by risk packet and risk transferring model, and then the security requirements list was formed after coverage analysis. Finally, a case was studied to illustrate the proposed method.

Aashish Sharma,William Yurcik

DOI: https://doi.org/10.48550/arXiv.cs/0608034

2006-08-06

Cryptography and Security

Abstract:Technical security is only part of E-Commerce security operations; human usability and security perception play major and sometimes dominating factors. For instance, slick websites with impressive security icons but no real technical security are often perceived by users to be trustworthy (and thus more profitable) than plain vanilla websites that use powerful encryption for transmission and server protection. We study one important type of E-Commerce transaction website, E-Tax Filing, that is exposed to large populations. We assess a large number of international (5), Federal (USA), and state E-Tax filing websites (38) for both technical security protection and human perception of security. As a result of this assessment, we identify security best practices across these E-Tax Filing websites and recommend additional security techniques that have not been found in current use by E-Tax Filing websites.

Hui Guan,Weiru Chen,Lin Liu,Hongji Yang

2012-01-01

Abstract:Risk assessment has been getting increased attention as the new vulnerabilities and threats are emerging on daily basis. The popularity and complexity of web application present challenges to the security implementation for web engineering. It is well known that the earlier to perform risk assessment for software, the less cost needed to mitigate the security risks. However, quantitative estimation of security in the earlier stage of software development life cycle is largely missing. In this paper, we propose a quantitative approach to perform risk assessment at design stage for web application which is based on multiple security vectors of asset, threat and vulnerability. An environment-driven method is proposed to elicit threats to the system. In the end, the risk assessment methodology is applied on a customer goods case study.

Yongzhen Li,Gaolong Wang

DOI: https://doi.org/10.1109/ISAIEE57420.2022.00089

2022-12-01

Abstract:With the rapid development of the internet in China, we are dealing with web sites all the time, but with this comes the increasing vulnerability of various web applications. The vulnerability of web applications can be used to steal information, account theft and fraud, threatening the security of web applications. Therefore, the security detection of web applications is particularly important. This paper introduces the background of today's web application scanning technology, analyses the importance of securing web sites, and focuses on the history and future development trends of web application vulnerability scanning at home and abroad. The system is based on the OWASP Top 10 vulnerabilities of SQL injection and XSS, which have a large impact. By analysing the risks and principles of these two vulnerabilities, a scanning system is designed to run on the Windows platform.

Computer Science

Ying-Chiang Cho,Jen-Yi Pan

DOI: https://doi.org/10.1371/journal.pone.0117180

IF: 3.7

2015-03-13

PLoS ONE

Abstract:Internet application technologies, such as cloud computing and cloud storage, have increasingly changed people's lives. Websites contain vast amounts of personal privacy information. In order to protect this information, network security technologies, such as database protection and data encryption, attract many researchers. The most serious problems concerning web vulnerability are e-mail address and network database leakages. These leakages have many causes. For example, malicious users can steal database contents, taking advantage of mistakes made by programmers and administrators. In order to mitigate this type of abuse, a website information disclosure assessment system is proposed in this study. This system utilizes a series of technologies, such as web crawler algorithms, SQL injection attack detection, and web vulnerability mining, to assess a website's information disclosure. Thirty websites, randomly sampled from the top 50 world colleges, were used to collect leakage information. This testing showed the importance of increasing the security and privacy of website information for academic websites.

multidisciplinary sciences

Yue Zhang,Wang Zhao

DOI: https://doi.org/10.1109/icngn59831.2023.10396667

2023-01-01

Abstract:The rapid development of information technology has greatly improved the level of enterprise informatization. However, while providing a variety of services to users, there may also be security issues such as data breaches, denial of service attacks, and extortion attempts. To address the aforementioned issues and enhance the security of information systems, multiple security devices have implemented protective measures. However, relying solely on the configuration and construction of security facilities cannot fundamentally resolve network security issues. Therefore, an important challenge currently faced is how to quantitatively assess, evaluate, and guide security personnel to optimize the configuration of the network security system. This is a significant matter that requires careful consideration.Currently, most existing quantitative security evaluation schemes focus on assessing security risks, but the entire security protection system has not been utilized as an evaluation criterion, and its protective effectiveness has not been quantitatively evaluated. Simultaneously, establishing quantitative connections between security impact factors and the security protection system, linking the protection effectiveness of individual security devices to overall security protection effectiveness, and then optimizing and improving the protection effectiveness have become critical bottlenecks in measuring the protection effectiveness of the network security protection system.

Biresh Kumar,Sharmistha Roy,Kamred Udham Singh,Saroj Kumar Pandey,Ankit Kumar,Anurag Sinha,Shubham Shukla,Mohd Asif Shah,Adil Rasool

DOI: https://doi.org/10.1109/access.2023.3247003

IF: 3.9

2023-01-01

IEEE Access

Abstract:Measurement of e-commerce usability based on static quantities variable is state-of-the-art because of the adoption of sequential tracing of the next phase in the categorical data. The global COVID-19 outbreak has completely disrupted society and drastically altered daily life. The concept refers to an electronic commerce network that appears with thorough, understandable conviction, demand, and rapid confirmation as a replacement for the economical market’s “brick-and-mortar” model, which replaces how we do everything, including business strategy, and provides a better understanding with the interpretation of e-commerce features. This study was supervised to analyze usability assessments using statistical methods and security assessments using online e-commerce security scanner tools to investigate e-business standards that consider the caliber of e-services in e-commerce websites across Asian nations. The method was developed to optimize complex systems based on multiple criteria. The initial (supplied) weights are used to determine the compromise ranking list and compromise solution. This paper examines the usability of e-commerce in rural areas using a new data set from the Jharkhand region. On the e-commerce websites of Jharkhand, India, usability is commonly considered in conjunction with learnability, memorability, effectiveness, engagement, efficiency, and completeness. Using a user-oriented questionnaire testing method, this survey attempts to close the gaps mentioned above. Then, across each column, divide each value by the column-wise sum that is created using their corresponding value, whichever produces a new matrix B. Finally, determine the row-wise sum of matrix B representing the ( $3 imes1$ ) matrix. Using model trees and bagging, this study addresses classification-related issues. This regression technique is useful for problems involving classification. The model is trained using secondary data from the MBTI 16 personality factors affecting personality category.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shudan Lin,Shijian Luo,Xiaoxia Ding

DOI: https://doi.org/10.1109/ccis.2012.6664293

2012-01-01

Abstract:The objective of this paper is to improve the safety of Internet product interface and the user's sense of security on Internet by means of design, thus enhancing user's reliability of the data security in cloud and promoting the development of cloud. Taking online payment product interface as an example, through comparison of process design, color, form, logo and etc. of payment interface on domestic mainstream platforms, a set of interface design suggestions on rules and methods conveying a sense of security semantics are made. Based on the rules and methods summarized, the main interface of a domestic payment product was redesigned, and the prototype was evaluated by user test to verify the availability and effectiveness of such suggestion on security sensation design.

谭敏,范强,杨卫平,刘连臣

DOI: https://doi.org/10.3969/j.issn.1671-1815.2008.08.025

2008-01-01

Abstract:In view of the weakness of performance assessment on public security of china, a scientific and reasonable performance assessment system on public security of china was brought forward. The object-oriented analysis and design idea are introduced in the online information system for performance assessment on public security of china. The system requirement and UML model of the system design are provided.

姚建刚,肖辉耀,章建,蒋毅,姚鹏,孙广强

DOI: https://doi.org/10.3969/j.issn.1003-8930.2009.01.011

2009-01-01

Abstract:In order to assess the electric equipment operation security condition effectively and adapt to the trends of heavy capacity,high voltage,structure diversification,seal and condition-based maintenance,based on the fuzzy theory and group AHP,this paper proposes the assessment model,and establishes the whole electric equipment operation security condition assessment system(EEOSCAS),Furthermores a system design based on J2EE and web2.0 is proposed.It is a meaningful research both in theory and practice.

Yan Chen

2014-01-01

Abstract:With the development of computer,network and communication technology,e-commerce has become an indispensable part of people's life. At the same time,safety problems have become the core problem of the electronic commerce. This design is the simulation of realizing the online safety payment system of electronic toll ticket system,aiming to complete the payment process simulation of security communication based on SSL protocol in the bank server and client.

YANG Jun,PAN Qi-ming,JIN Wei

2012-01-01

Abstract:Objective:Regulations and requirements of application security and quality assurance will merged into software module design,and then guide and develop the medical equipment detect and risk assessment.Methods:We compiled software by C/S architecture,SQL Server 2000 database,Delphi 7 and windows operating system.Results:It could provide guarantee by the software which is integrated by maintenance,measurement and quality control.Conclusion:The development and application of medical equipment information management system promote the management,construction and improve the security.

王雪平,徐寿怀,张根度,荆金华

DOI: https://doi.org/10.3321/j.issn:1000-436x.2001.08.012

2001-01-01

Abstract:Our secure electronic commerce system, which has been successfully embedded into the popular Netscape Browser and Server on the Internet, is presented in the paper. We focus our attentions in this paper on the secure requirements related to infrastructure, the system architecture,the system function, and the key tech- niques. And we discuss secure mechanism related to electronic commercs system in detail.

Kezhong Liu,Juan Ma,Chunhui Zhou,Y. Wen

DOI: https://doi.org/10.1109/ISBIM.2008.168

2008-12-19

Abstract:With the rapid development of e-commerce, security issues are arising from people's attention. The security of the transaction is the core and key issues of the development of e-commerce. This paper about the security issues of e-commerce activities put forward solution strategy from two aspects that are technology and system, so as to improve the environment for the development of E-commerce and promote the further development of E-commerce.

Computer Science,Business