consider an online store Tor consumer products. henever a customer chooses a product to order, the relevant product ID, the quantity ordered, and the item price is added to the shopping basket. An example of the shopping basket is shown below. Item Product ID Quantity Item price 1 DVD101 2 £2.5 2 ВОOK205 4 £1 At the checkout, this particular order should cost (2 x £2.5) + (4x £1) = £9. However, what if an attacker sets the quantity value for BOOK205 to -4 (minus 4) when the data from the shopning basket is sent to

Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
icon
Related questions
Question
Consider an online store for consumer products. Whenever a customer chooses a product to order, the
relevant product ID, the quantity ordered, and the item price is added to the shopping basket. An
example of the shopping basket is shown below.
Item
Product ID
Quantity
Item price
1
DVD101
2
£2.5
2
ВОOK205
4
£1
At the checkout, this particular order should cost (2 x £2.5) + (4x £1) = £9. However, what if an attacker
sets the quantity value for BOOK205 to -4 (minus 4) when the data from the shopping basket is sent to
the web server? Then the attacker has to pay only (2 x £2.5) + (-4 x £1) = £1. The system may not
dispatch BOOK205 because of its negative quantity value but still the attacker could get 2 of DVD101 for
£1! This type of security attack is called a parameter tampering attack. To prevent this attack, the
checkout program has to make sure that the quantity of every item in the shopping basket is a natural
number, i.e. greater than zero.
Let product(X) stand for X is a product in the shopping basket at the checkout.
Let product_quantity(X, Y) stand for Y is the quantity of the product X.
Let natural(X) stand for X is a natural number greater than zero.
Using the predicate symbols above, which of the following constraints can be used to prevent negative
quantity values?
Select one:
O VX.VY. ((product(X) ^ product_quantity(X,Y)) → natural(Y))
O VX.VY. (product(X) ^ product_quantity(X,Y) ^ natural(Y))
O VX. VY. (product(X) → (product_quantity(X,Y) ^ natural(Y)))
O VX.3Y. (product(X) ^ product_quantity(X,Y) ^ natural(X))
Transcribed Image Text:Consider an online store for consumer products. Whenever a customer chooses a product to order, the relevant product ID, the quantity ordered, and the item price is added to the shopping basket. An example of the shopping basket is shown below. Item Product ID Quantity Item price 1 DVD101 2 £2.5 2 ВОOK205 4 £1 At the checkout, this particular order should cost (2 x £2.5) + (4x £1) = £9. However, what if an attacker sets the quantity value for BOOK205 to -4 (minus 4) when the data from the shopping basket is sent to the web server? Then the attacker has to pay only (2 x £2.5) + (-4 x £1) = £1. The system may not dispatch BOOK205 because of its negative quantity value but still the attacker could get 2 of DVD101 for £1! This type of security attack is called a parameter tampering attack. To prevent this attack, the checkout program has to make sure that the quantity of every item in the shopping basket is a natural number, i.e. greater than zero. Let product(X) stand for X is a product in the shopping basket at the checkout. Let product_quantity(X, Y) stand for Y is the quantity of the product X. Let natural(X) stand for X is a natural number greater than zero. Using the predicate symbols above, which of the following constraints can be used to prevent negative quantity values? Select one: O VX.VY. ((product(X) ^ product_quantity(X,Y)) → natural(Y)) O VX.VY. (product(X) ^ product_quantity(X,Y) ^ natural(Y)) O VX. VY. (product(X) → (product_quantity(X,Y) ^ natural(Y))) O VX.3Y. (product(X) ^ product_quantity(X,Y) ^ natural(X))
Expert Solution
steps

Step by step

Solved in 2 steps

Blurred answer
Knowledge Booster
Adjacency Matrix
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
  • SEE MORE QUESTIONS
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education