Hao Chi Wong

Protecting Individuals' Interests in Electronic Commerce Protocols Degree Type: Ph.D. in Pure and Applied Logic
Advisor(s): Jeannette Wing
Graduated: August 2000

Abstract:

Commerce transactions are being increasingly conducted in cyberspace. We not only browse through on-line catalogs of products, but also shop, bank, and hold auctions on-line.

The general goal of this research is to answer questions such as: What electronic commerce protocols try to achieve? What they must achieve? And how they achieve it? My thesis in this dissertation is that 1) In electronic commerce transactions where participants have different interests to preserve, protection of individual interests is a concern of the participants, and should be guaranteed by the protocols; and 2) A protocol should protect a participant's interests whenever the participant behaves according to the protocol and trusted parties behave as trusted.

In this dissertation, we propose a formal definition of protection of individual interests and a framework in which protocols can be analyzed with respect to this property. Our definition is abstract and general, and can be instantiated to a wide range of electronic commerce protocols. In our framework, we model electronic commerce systems as state machines, make trust assumptions part of protocol specifications, and distinguish executions by deviation modes.

We specify and analyze three protocols using this framework. Our analysis uses standard mathematical techniques. We found protocol weaknesses that have not been found before.

Thesis Committee:
Jeannette Wing (Chair)
Marvin SIrbu
Doug Tygar
Nevin Heintze (Bell Labs)

Randy Bryant, Head, Computer Science Department
James Morris, Dean, School of Computer Science

Keywords:
Protocols, electronic commerce, security, correctness properties, formal methods, models, trust (assumptions), deviation modes, distributed systems