Computer Science Department
School of Computer Science, Carnegie Mellon University


Protecting Individuals' Interests in Electronic Commerce Protocols

Hao Chi Wong

August 2000

Ph.D. Thesis

Keywords: Protocols, electronic commerce, security, correctness properties, formal methods, models, trust (assumptions), deviation modes, distributed systems

Commerce transactions are being increasingly conducted in cyberspace. We not only browse through on-line catalogs of products, but also shop, bank, and hold auctions on-line.

The general goal of this research is to answer questions such as: What electronic commerce protocols try to achieve? What they must achieve? And how they achieve it? My thesis in this dissertation is that 1) In electronic commerce transactions where participants have different interests to preserve, protection of individual interests is a concern of the participants, and should be guaranteed by the protocols; and 2) A protocol should protect a participant's interests whenever the participant behaves according to the protocol and trusted parties behave as trusted.

In this dissertation, we propose a formal definition of protection of individual interests and a framework in which protocols can be analyzed with respect to this property. Our definition is abstract and general, and can be instantiated to a wide range of electronic commerce protocols. In our framework, we model electronic commerce systems as state machines, make trust assumptions part of protocol specifications, and distinguish executions by deviation modes.

We specify and analyze three protocols using this framework. Our analysis uses standard mathematical techniques. We found protocol weaknesses that have not been found before.

159 pages

Return to: SCS Technical Report Collection
School of Computer Science homepage

This page maintained by