Ecurrency threat modeling and hardening

Abstract

In this paper we investigate the problem of providing application domain security constraints to distributed systems will maintaining high availability. This study uses the application domain of business loyalty incentives as a motivating example. The loyalty incentives are earned through electronic point and currency programs while the modeled system ensures the incentives are not vulnerable to cyber-attack. We consider five loyalty activity categories rewarded by companies to their patrons; social networking rewards, web-site browsing rewards, mobile browsing rewards and referral/social circle rewards. We document vulnerabilities with each activity category, propose and implement a solution that will ensure the activity being rewarded is the activity that is intended by the reward program.