Designing a Secure E-commerce with Credential Purpose-based Access Control

  • Norjihan Abdul Ghani University of Malaya, Kuala Lumpur, Malaysia
  • Harihodin Selamat Technology University of Malaysia, Jalan Semarak, Kuala Lumpur, Malaysia
  • Zailani Mohamed Sidek Technology University of Malaysia, Jalan Semarak, Kuala Lumpur, Malaysia


The rapid growth of e-commerce has created a great opportunities for both businesses and end users. The essential e-commerce process is required for the successful operation and management of e-commerce activities. One of the processes is access control and security. E-commerce must establish a secure access between the parties in an e-commerce transaction by authenticating users, authorizing access, and enforcing security features. The e-commerce application must authorize access to only those parts of the application that an individual user needs to accomplish his or her particular transactions. This paper discusses an access control model based on credential and purpose and how it was proposed to design a secure e-commerce.


Download data is not yet available.


1. Ackerman, M. S., & Davis Jr, D. T. (2003). Privacy and Security Issues in E-commerce. New Economy Handbook.

2. Agrawal, R., Kiernan, J. and Srikant, R. (2002). Hippocratic Database. Proceedings of the 28th International Conference on Very Large Data Bases, 143-154.

3. Chauduri, S., Kaushik, R., and Ramamurthy, R. (2011). Database Access Control & Privacy: Is There A Common Ground. Proceedings of the 5th Biennial Conference on Innovative Data Systems Research. January 9-12. Asilomar, California, USA, 2010. 96-103.

4. Dagdee, N. and Vijaywargiya, R. (2009b). Credential Based Hybrid Access Control Methodology for Shared Electronic Health Records. International Conference on Information Management and Engineering. 3-5 April. S.D. Bansal Coll. of Technol., Indore. 624-628.

5. LeFevre, K., Agrawal, R., Ercegovac, V. and Ramakrishnan, R. (2004). Limiting Disclosure in Hippocratic Databases. Proceedings of the Thirtieth International Conference on Very Large Data Bases. 30, 108-119.

6. Samarati, P. and De Capitani, S. V. (2001). Access Control: Policies, Models, and Mechanisms. Foundations of Security Analysis and Design. 137-196.

7. Yang, N., Barringer, H., & Zhang, N. (2008). A Purpose-Based Access Control Model. Journal of Information Assurance and Security. 51-58.

8. Yang, C. and Zhang, C. N. (2003). Designing Secure E-commerce with Role-based Access Control. Proceedings of the IEEE International Conference on E-Commerce, 2003. 313-319.
How to Cite
GHANI, Norjihan Abdul; SELAMAT, Harihodin; SIDEK, Zailani Mohamed. Designing a Secure E-commerce with Credential Purpose-based Access Control. Journal of Business & Management (COES&RJ-JBM), [S.l.], v. 2, p. 241-248, oct. 2014. ISSN 2306-7179. Available at: <>. Date accessed: 25 sep. 2020.