Download Secure Electronic Commerce: Advanced Issues and Technologies and more Study notes Information Technology in PDF only on Docsity! 1 1 Introduction to Secure Electronic Commerce ISA 767, Secure Electronic Commerce Xinwen Zhang, xzhang6@gmu.edu George Mason University Fall 2005 2 Learning Secure Electronic Commerce Available learning programs Master degree program, graduate certificate program, graduate and undergraduate course, single lecture, etc. Usual coverage and fundamental issues Cryptography, Access Control, Internet and network security, security protocols, PKI, certificate, etc. 2 3 Our Coverage We skip details of technologies and mechanisms that can be found in previous, prerequisite classes. The details of these issues can be found in textbooks without difficulty Our focus goes beyond them and covers various advanced issues that are found in recent literature. 4 Electronic Commerce Using electronic (networked) connections. Virtually everything available in physical world as well as digital goods and services are available in e-marketplace Trades of digital goods and services New technologies New business models New legislations More in-depth study in INFS 640 Intro to E- commerce 5 9 Business Model (continued) Successful so far Apple iTune service and iPod Not so successful Circuit city’s Divx (Digital Video Express) movie rental service (not DivX, the MPEG-4 compression technology) http://hometheater.about.com/library/weekly/aa062199.htm In Business Wal-Mart and Netflix DVD rental subscription services 10 Law New legislation for new technology DMCA (1998), TEACH Act (2002) Promises and problems Illegal case Previous Napster 321 Studios lawsuit (Aug. 2004) Morpheus and Grokster Supreme court's new decision peer-to-peer companies such as Grokster could be held responsible for the copyright piracy on their networks BitTorrent for legal content Microsoft Avalanche 6 11 Our Focus and Approach We are focusing on Technology as an enabler Neutral position Security aspects Layered approach Traditional, intuitive approach in IT and CS communities E.g., OSI 7 layers, Policy and Mechanism (two layers) approach, ….. 12 Two Layer Approach Traditionally information security has been studied in two layer: policy and mechanism. (Lampson’s June 2004 IEEE computer paper) No clear distinction between objective and model models for one policy or objective No clear distinction between architecture and mechanism No architectural variation: centralized mainframe system only, no client-server system 7 13 OMAM Layered Approach Objective Mechanism Architecture Model What ? How ? Assurance 14 OMAM Examples - MAC What ? How ? Assurance Objective Mechanism Architecture Model No Information Leakage Lattices (Bell-LaPadula) Secirty Kernel Security Labels OM-AM Framework MAC System