Bachelor Thesis : „ Security Aspects of Digital Actors “ By : Ayse Morali

Online computations are getting more and more embedded into the daily life of people, in particular, they have practical applications in electronic commerce. In the cyber world, mobile codes interact with each other and their environment on behalf of sellers and buyers of the real world. Mobile code technologies provide potential benefits to applications, but as the responsibilities and the complexity of mobile codes increase, the variety of security threats that imposed the applications increases as well. In order to protect these inherently distributed systems from attacks, their components have to consider security aspects, without giving up flexibility. Transparent information flow between the mobile codes and their environment can help increase efficiency for its participants and reduce user’s cognitive load, yet add points of vulnerability to the system. In this thesis we describe a middleware framework for online auctions, in order to illustrate security problems in electronic commerce applications and suggest potential solutions. This middleware framework is a model of a futuristic electronic marketplace, consisting of various management components and electronic stores. In the electronic stores, the mobile codes, embedded in software agents, representing sellers and buyers, come together, in order to fulfill their duties. Furthermore, we describe a set of security requirements of the electronic marketplace. We then survey different models of mobile code in distributed computations, including actors, secure mobile actors, transactors, casts and directors, and mobile ambients. We then classify and compare these models according to their applicability to the security of the electronic marketplace scenario. We demonstrate how additional security instruments, such as proof-carrying code and cryptographic techniques, can be incorporated to these models in order to fulfill the security requirements of the marketplace electronic commerce applications. In summary, we investigated the conflicting design goals of openness and security in electronic commerce applications. This research is a first step in achieving the goal of building open yet secure electronic commerce systems.