A study of developing secure and scalable business-to-business electronic commerce systems

We studied the challenges in developing secure and scalable Business-to-Business Electronic Commerce (B2B E-Commerce) systems. B2B E-Commerce systems address the supply chain integration issues and thus promise significant cost saving benefits to enterprises. B2B E-Commerce presents new challenges in the areas of data security and scalability. B2B E-Commerce systems collect data from all participating companies and allow users from these companies (some of them are competitors to each other) to access the systems simultaneously. Traditional data processing systems typically deal with data collected internally in an enterprise. Users of these systems are all internal users. Thus, B2B E-Commerce systems demand higher data security standard than the traditional data processing systems. In addition, B2B E-Commerce systems are accessible via Internet and thus a large number of online users can use the systems concurrently. B2B E-Commerce systems must be scalable to deal with the increasing processing volume. We first identified the security requirements for B2B E-Commerce systems, with emphasis on B2B E-Marketplace systems. We then evaluated known theories and techniques to find out if they can provide the solutions. We concluded that no existing security models alone could address all the requirements. To address the security requirements, we proposed a security model and implemented the model in a prototype for a B2B E-Marketplace system. We also completed a security assessment and risk assessment on the proposed model. To address scalability, we developed a set of design techniques that can be used in both logical design and physical design phases of the development lifecycle. We used a B2B E-Marketplace system prototype to demonstrate how the security framework and design techniques are used together to build a secure and scalable system.; Our contributions include (1) B2B E-Commerce system security requirements, (2) a security model, (3) a technical architecture to implement the security model, (4) a set of logical design techniques, (5) a set of physical design techniques, and (6) a reference technical architecture for developing B2B E-Commerce systems.