Misuse case modeling for secure e-tendering system

Tendering process is utilized by principal to invited capable tenderer to participate in competitive bid for winning a large project.Due to advent of IT infrastructure, E-tendering is introduced and adopted in many countries. Yet, an electronic environment did not promise curbing collusion between principal and certain tenderers. Other than common threats to system like security breaches by malicious parties, security issue related to ethical issue like fraud and repudiation issue where no evidence existed to denied it.In this paper, common threats for e-tendering process altogether with security countermeasure are described. This three interrelated attribute (consist of tender phase, threat and security countermeasure) are illustrated in misuse case for better understanding of the risk that may occurs in particular tender phase. Furthermore, it sought to ease the system developer for designing and constructing a secure e-tendering system

A Secured Model of E-Tendering Using Unified Modeling Language Approach

E-Tendering systems remain uncertain on issues relating to legal and security compliance, in which unclear security framework is one of the issues. In te current situation, tendering systems are lacking in addressing integrity, confidentiality, authentication, and non-repudiation. Thus, ensuring the system requirements, consider security and trust issues has to be regarded as one of the challenges in developing an e-Tendering system. Therefore, this paper a model of a secured e-Tendering system using Unified Modeling Language (UML) approach. The modelling process begins with identifying the e-Tendering process, which is based on Australian Standard Code of Tendering (AS 4120-1994). It is followed by identifying the security threats and its countermeasure. The use case approach has been proven reliable in determining appropriate requirements for handling security issues. Having considered that, the outcome of this paper is a secured e-Tendering model. The model can guide developers as well as other researchers

The enterprise blockchain design framework and its application to an e-Procurement ecosystem

The research work of this paper has been partially funded by the project VORTAL INTER DATA (n° 038361), co-financed by Vortal and COMPETE Program P2020. We would also like to thank UNIDEMI, DEMI, and LASI for providing us with the research infrastucture and resources to conduct this research. Publisher Copyright: © 2022 Elsevier LtdBlockchain technologies have seen a steady growth in interest from industries as the technology is gaining maturity. It is offering a novel way to establish trust amongst multiple stakeholders without relying or trusting centralised authorities. While its use as a decentralised store of value has been validated through the emergence of cryptocurrencies, its use case in industrial applications with multiple stakeholder ecosystems such as industrial supply chain management, is still at an early stage of design and experimentation where private blockchains are used as opposed to public blockchains. Many enterprise blockchain projects failed to gain traction after initial launches, due to inefficient design, lack of incentives to all stakeholders or simply because the use of blockchain was not really necessary in the first place. There has been a need for a framework that allows blockchain designers and researchers to evaluate scenarios when a blockchain solution is useful and design the key configurations for an enterprise blockchain solution. Literature on blockchain architectures are sparse and only applicable to specific use cases or functionalities. This paper proposes a comprehensive Enterprise Blockchain Design Framework (EBDF), that not only identifies the relevant use cases when a blockchain must be utilised, but also details all the characteristics and configurations for designing an enterprise blockchain ecosystem, applicable to multiple industries. To validate the EBDF, we apply the same to the Vortal e-Procurement ecosystem allowing for multiple platforms to interoperate with greater transparency and accountability over the proposed blockchain framework. In this use case, many vendors bid for procurement procedures, often for publicly managed funds where it is extremely vital that full transparency and accountability is ensured in the entire process. Ensuring that certain digital certification functions, such as timestamps are independent from e-Procurement platform owners has been a challenge. Blockchain technology has emerged as a promising solution for not only ensuring transparency and immutability of records, but also providing for interoperability across different platforms by acting as a trusted third-party. The applied framework is used to design a Hyperledger based blockchain solution with some of the key architectural elements that could fulfil these needs while presenting the advantages of such a solution.publishersversionpublishe

Secure Interactive Electronic Negotiations in Business to Business Marketplaces

In this paper, we discuss security aspects of interactive bilateral multi-attribute negotiations. We introduce this type of electronic negotiations and maintain that it will be an important functional aspect of business-to-business electronic marketplaces. We discuss the general application architecture and the process flow for this type of negotiations. We introduce the relevant security issues and show how these issues can be dealt with, especially within a business relationship where a lower degree of trust prevails. To this purpose, we introduce and discuss a protocol for secure interactive electronic negotiations

Privacy-supporting Cloud Computing by In-browser Key Translation

The appendix contains our response to the reviewers. Cloud computing means entrusting data to information systems that are managed by external parties on remote servers, in the “cloud”, raising new privacy and confidentiality concerns. We propose a general technique for designing cloud services that allows the cloud to see only encrypted data, while still facilitating some data-dependent computations. The technique is based on key translations and mixes in web browsers. We focus on a particular kind of software-as-a-service, namely, services that support applications, evaluations, and decisions. Such services include job application management, public tender management (e.g., for civil construction), and conference management. We identify the specific security and privacy risks that existing systems pose. We propose a protocol that addresses them, and forms the basis of a system that offers strong security and privacy guarantees. We express the protocol and its properties in the language of ProVerif, and prove that it does provide the intended properties. We describe an implementation of a particular instance of the protocol called ConfiChair, which is geared to the evaluation of papers submitted to conferences.

Electronic Tendering: Recognising a More Effective Use of Information Communications Technology in the Irish Construction Industry

When undertaking a traditional tender in Ireland, computer applications are heavily relied upon. Documents, from drawings to Bills of Quantities, are created with an array of computer applications. These documents are subsequently exchanged from surveying firms to a number of main contractors and, additionally, from the main contractors to subcontractors. However, even though the documents have originated in an electronicform, the majority of the documents are communicated in a paper format. Therefore, with each new communication between the parties more paperwork is created. This system of communication is inefficient and process gains can be made through the utilization of already existing Information Communication Technologies (ICT) . The thesis initially provides an analysis of the literature relating to the existing traditional tender process in the Irish construction industry. These findings are then compared with techniques being undertaken in other parts of the world, where ICT is implemented to a greater degree in the tender process. An observation study, subsequently, reveals a clearer picture of the tender process to the author. In particular, the tasks a contractor completes when pricing a competitive tender are clarified. The communication methods used by the contractor between both the PQS and subcontractors are also investigated. This investigation shows that a relatively low level of eCommunication is being undertaken by the individuals within the industry. A survey carried out by the author in the summer of 2008, establishes the current level of ICT usage in Irish construction companies with respect to the tendering process. These results show that there is a similar level of eTendering uptake to that of other countries. However, this uptake is significantly discouraged by a number of barriers identified by the author.Finally, the thesis presents an industry led pilot project. This pilot projectclarifies the potential cost savings that the Irish construction industry achieved through the application of integrated ICT tools in the construction tendering proces

COURSE REGISTRATION INTEGRATED WITH WIRELESS APPLICATION PROTOCOL

This project is initiated with the hope to enhance the current Online Tutorial/Lab Registration, integrated with WAP application. The tremendous surge of interest and development in the area of wireless data is to bridge the gap between the mobile world and the Internet, bringing sophisticated solutions to mobile users, independent of the bearer and network. The main objective of this system is to develop an efficient and interactive system to cater to the course registration of lab and tutorial sessions integrated with WAP for the students and lecturers. Usually, students will have to either meet the lecturers at their cubicle which are located far from their block or will have to attend the class in order to register for a lab or tutorial session. Besides that, it consumes a lot of time for the student to go over to the lecturers' office or to even wait in line after class to register for the suitable slot. This is mainlyto minimize the hassle and inconvenience that the students and lecturers go through for lab and tutorial registrations. A Linear Sequential Model has been chosen as the methodology in developing this system. Other objectives are to study the underlying concept of WAP and to work in line with the university's goal of e-learning where a paperless environment is encouraged. The scope of this project is only limited to the labs or tutorials registration in UTP

A secured e-tendering model based on rational unified process (RUP) approach: inception and elaboration phases

Due to the rapid rise in the e-Tendering transaction over the internet and the increasing use of e-Tendering solution by large organizations, there is a need to construct a secured e-Tendering model to ensure some security mechanisms such as confidentiality, integrity, and accessibility of the document are embedded in the e-tendering model.This to ensure the e-tendering transaction is secured and the most important is to gain trust from the e-Tendering stakeholder. Therefore, there is a need to develop a secured e-Tendering model as a guideline to e-tendering developers in developing the system. The Rational Unified Process (RUP) is the most appropriate system development methodology that can guide researchers in generating secured artifact. The RUP has been used by many researchers to construct a secured application model in various researches and projects. This due to the ability of the RUP in guiding researchers to deliver secured artifacts through Inception and elaboration phases.Therefore, this study aims to construct a secured e-tendering artifacts based on RUP. The Unified Modeling Language (UML) is used to generate the secured e-tendering artifacts. This paper discusses the generation of use case, misuse case and class diagrams based on security mechanism that need to be embedded in the e-Tendering model.This study also found that, the RUP is one of the best system development methodology that can be used as one of the research methodology in the Software Engineering domain, especially related to secured design of any observed application.This methodology has been tested in various studies, such as in Simulation-based Decision Support, Security Requirement Engineering, Business Modeling and Secure System Requirement, and so forth.This study may contribute to the software industries in developing a secured system application in the future, and also to the secured system modeling domain