Computer Science Department
School of Computer Science, Carnegie Mellon University
Protecting Individuals' Interests in Electronic Commerce Protocols
Hao Chi Wong
The general goal of this research is to answer questions such as: What electronic commerce protocols try to achieve? What they must achieve? And how they achieve it? My thesis in this dissertation is that 1) In electronic commerce transactions where participants have different interests to preserve, protection of individual interests is a concern of the participants, and should be guaranteed by the protocols; and 2) A protocol should protect a participant's interests whenever the participant behaves according to the protocol and trusted parties behave as trusted.
In this dissertation, we propose a formal definition of protection of individual interests and a framework in which protocols can be analyzed with respect to this property. Our definition is abstract and general, and can be instantiated to a wide range of electronic commerce protocols. In our framework, we model electronic commerce systems as state machines, make trust assumptions part of protocol specifications, and distinguish executions by deviation modes.
We specify and analyze three protocols using this framework. Our analysis uses standard mathematical techniques. We found protocol weaknesses that have not been found before.