Research On The Security Issues Of The E-Business Applications

E-business could improve the management of companies in terms of quality, cost and velocity. Meanwhile, the problem of information security arises. As one of the applications of e-business, collaborative commerce platform should also have a good analysis of its potential security problems, and propose corresponding solutions in order to ensure safe functioning of the system. The security problems of information systems include identity authentication service, access control service, data secrecy service, data integrality service, non-negation service, etc. After 1990s the RBAC introduces the concept of "role", assigns a certain role in an organization to users, authorizes the access right to the corresponding roles, manages access authorization and control according to the roles of users, effectively integrates the advantages of the traditional techniques of access control and overcomes their shortcomings, makes more flexible the process of access control policy design, and simplifies the work of administrators. In the domain of e-business, the transmission of sensitive data such as password and order is frequent, so the secrecy, integrality and non-negation of data have to be taken into account.The thesis employs collaborative commerce platform as an example, comprehensively analyzes the security problems in e-business, and proposes some solutions. Identity authentication is based on Forms and maximizes flexibility at the same time. The system does not save passwords directly but saves the hashed value and a random value of passwordsin order to enhance the ability to resist the dictionary attack. In terms of access control, a model based on RBAC is employed, role inheritance could solve the problem of the conflicts among the roles of companies with different types, and a graphic tool for role management could simplify the work of administrators. Front controller pattern could protect common web pages and web services in e- business, and makes easier the maintenance of the system. Lastly, the technique of digital signature is necessary for data integrality, and digital signature could be realized by using CAPICOM component in the web environment.