A Formal Methodology to Specify E-commerce Systems

Electronic commerce is an important application that has evolved significantly recently. It gives companies the possibility of reaching an unprecedented number of clients at very low cost. However, electronic commerce systems are complex and difficult to be correctly designed. Currently, most approaches are ad-hoc, and frequently lead to expensive, unreliable systems that may take a long time to implement. In this work we propose a methodology that uses formal-method techniques, specifically symbolic model checking, to design electronic commerce applications and to automatically verify that these designs satisfy properties such as atomicity, isolation, and consistency. Using the proposed methodology, the designer is able to identify errors early in the design process and correct them before they propagate to later stages. Thus, it is possible to generate more reliable applications, developed faster and at low costs. In order to demonstrate the applicability and feasibility of the technique, we have modeled and verified a virtual store in which multiple buyers compete for product items. The model verified has more than 1023 states and verification has been completed in few minutes. For instance, the verification process pointed out a concurrency control error which allowed the same item to be sold twice.

[1]  Andrew B. Whinston,et al.  E-Process Design and Assurance Using Model Checking , 2000, Computer.

[2]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[3]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[4]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[5]  George S. Avrunin,et al.  Property specification patterns for finite-state verification , 1998, FMSP '98.

[6]  Javier López,et al.  Efficient detection of failure modes in electronic commerce protocols , 1999, Proceedings. Tenth International Workshop on Database and Expert Systems Applications. DEXA 99.

[7]  Shiyong Lu,et al.  Model checking the secure electronic transaction (SET) protocol , 1999, MASCOTS '99. Proceedings of the Seventh International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems.

[8]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[9]  Dominique Bolignano Towards the formal verification of electronic commerce protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.