Securing Large Applications CSCI 5931 Web Security Rungang Mo, Yingying Sun.
1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin...
-
Upload
jemima-taylor -
Category
Documents
-
view
215 -
download
0
Transcript of 1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin...
![Page 1: 1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin Serban, and Wenxuan Zhang Dept of Computer Science.](https://reader035.fdocuments.net/reader035/viewer/2022072115/56649d045503460f949d7b3e/html5/thumbnails/1.jpg)
1
Towards Decentralized and Secure
Electronic Marketplace
Yingying Chen, Naftaly Minsky,Constantin Serban, and Wenxuan
Zhang
Dept of Computer ScienceRutgers University
May 6, 2005
![Page 2: 1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin Serban, and Wenxuan Zhang Dept of Computer Science.](https://reader035.fdocuments.net/reader035/viewer/2022072115/56649d045503460f949d7b3e/html5/thumbnails/2.jpg)
2
Outline
On the nature of marketplaces, and their conventional electronic realization.
Decentralized Electronic Marketplace (DEM), and its implementation via LGI.
A marketplace for Airline Ticket – An Example
Related Work Conclusion
![Page 3: 1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin Serban, and Wenxuan Zhang Dept of Computer Science.](https://reader035.fdocuments.net/reader035/viewer/2022072115/56649d045503460f949d7b3e/html5/thumbnails/3.jpg)
3
Market Place Essentials
A venue is required for buyers and sellers to find each other and conduct trading of merchandise.
A degree of trust between buyers and sellers is required.
![Page 4: 1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin Serban, and Wenxuan Zhang Dept of Computer Science.](https://reader035.fdocuments.net/reader035/viewer/2022072115/56649d045503460f949d7b3e/html5/thumbnails/4.jpg)
4
Electronic vs. Traditional Marketplaces
Traditional marketplace (e.g. Farmers Market, Shopping Mall):
The venue of trading is physical and characterized by geographic proximity.
The trust is generated by traditional societal means—such as familiarity, local laws, local customs, and local police.
Electronic marketplace: No geographic proximity, thus no human interaction, and
no common customs and laws. The question is: how to regain the necessary trust among
the trading parties?
![Page 5: 1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin Serban, and Wenxuan Zhang Dept of Computer Science.](https://reader035.fdocuments.net/reader035/viewer/2022072115/56649d045503460f949d7b3e/html5/thumbnails/5.jpg)
5
Conventional Approach to E-Market
Trust is established via a central mediator that enforces a set of rules and maintains reputation.
Example: ebay.com, pricingcentral.com/ford Limitations:
Very expensive to establish, if the marketplace is to be scalable and reliable.
The rules of trading are usually implicit in the code of the mediator, and thus quite obscure.
![Page 6: 1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin Serban, and Wenxuan Zhang Dept of Computer Science.](https://reader035.fdocuments.net/reader035/viewer/2022072115/56649d045503460f949d7b3e/html5/thumbnails/6.jpg)
6
The Proposed
Decentralized Electronic Marketplace(DEM)
Based on Law Governed Interaction (LGI)---a decentralized coordination & access control mechanism.
Interaction between buyers and sellers does not involve any central mediator.
All participants in the marketplace operate via their private controllers, all carrying the same “law of the market”, L.
The marketplace is defined by its law.
![Page 7: 1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin Serban, and Wenxuan Zhang Dept of Computer Science.](https://reader035.fdocuments.net/reader035/viewer/2022072115/56649d045503460f949d7b3e/html5/thumbnails/7.jpg)
7
Controller
Agent
Buyers Sellers
Auditor
Airlines
Certification Authority
BanksBanks
Banks
Law
Airline Ticket Marketplace (overview)
L
L
L
L
L
L
L
L
LLL
L L
L
![Page 8: 1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin Serban, and Wenxuan Zhang Dept of Computer Science.](https://reader035.fdocuments.net/reader035/viewer/2022072115/56649d045503460f949d7b3e/html5/thumbnails/8.jpg)
8
Some Trust Requirements
Airline tickets cannot be forged. Credit card submitted to a seller can be
used only for the specified payment. Money back guarantee would be
honored. One cannot lie about his/her own
reputation.
![Page 9: 1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin Serban, and Wenxuan Zhang Dept of Computer Science.](https://reader035.fdocuments.net/reader035/viewer/2022072115/56649d045503460f949d7b3e/html5/thumbnails/9.jpg)
9buyer
b
L
seller
s
L
airline
al
L
Implementation of DEM
controller
agent
buy
ba
bank
L
credit card check req
credit card check resp
t
distributeticket
t
t
t
t
sell
![Page 10: 1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin Serban, and Wenxuan Zhang Dept of Computer Science.](https://reader035.fdocuments.net/reader035/viewer/2022072115/56649d045503460f949d7b3e/html5/thumbnails/10.jpg)
10
Implementation of DEM(Trading Law, Cont.)
URL location of the law: Java law:
www.cs.rutgers.edu/moses/examples/marketplace/trade.java1
Prolog law:
www.cs.rutgers.edu/moses/examples/marketplace/trade.law
![Page 11: 1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin Serban, and Wenxuan Zhang Dept of Computer Science.](https://reader035.fdocuments.net/reader035/viewer/2022072115/56649d045503460f949d7b3e/html5/thumbnails/11.jpg)
11
Implementation of DEM(Performance Evaluation)
Overhead added by a pair of controllers: Depend on the complexity of the law: 20 –
200 µs Negligible over WAN Acceptable over LAN
![Page 12: 1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin Serban, and Wenxuan Zhang Dept of Computer Science.](https://reader035.fdocuments.net/reader035/viewer/2022072115/56649d045503460f949d7b3e/html5/thumbnails/12.jpg)
12
Deployment(Using Distributed TCB)
II
I
I
IIx y
Controller Service
adopt(L, name) adopt(L, name)
adopt(…)
adopt(…)
m’ m’’L
m ==> yL
Implemented by Moses Middleware
![Page 13: 1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin Serban, and Wenxuan Zhang Dept of Computer Science.](https://reader035.fdocuments.net/reader035/viewer/2022072115/56649d045503460f949d7b3e/html5/thumbnails/13.jpg)
13
Related Work
European SEMPER project [Wainder, M. et.al. 1996-2000]
Proposed a secure electronic marketplace for Europe Basic trust assumption has been that each user trusts
his or her own machine, but not the machine of the partner.
Had no continuation after the project has been completed in 2000.
Distributed Digital Commerce [Schemees, M. 2003] Discussed the benefits of decentralized market for
digital goods. Studied the processes involved in digital trading and
their implementation using P2P communication Proposed no mechanism for achieving the trust and
security in the marketplace.
![Page 14: 1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin Serban, and Wenxuan Zhang Dept of Computer Science.](https://reader035.fdocuments.net/reader035/viewer/2022072115/56649d045503460f949d7b3e/html5/thumbnails/14.jpg)
14
Conclusion Proposed the concept of DEM (Decentralized
Electronic Marketplace) Completely decentralized, fully scalable, and lightweight. Security and trust are provided by a single, unifying law
that governs all the transactions made through the marketplace – in some analogy to the laws that govern the traditional marketplaces.
Proof of concept provided by an implementation of the airline tickets marketplace
Implemented in both Java and Prolog trading law Demo will be available on the web site of LGI release
Realization of DEM needs a widely deployed commercial controller service, to act as a distributed trusted computing base (DTCB).
![Page 15: 1 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Naftaly Minsky, Constantin Serban, and Wenxuan Zhang Dept of Computer Science.](https://reader035.fdocuments.net/reader035/viewer/2022072115/56649d045503460f949d7b3e/html5/thumbnails/15.jpg)
15
Thanks !&
Questions ?
The End