Consider an online store for consumer products. Whenever a customer chooses a product to order, the relevant product ID, the quantity ordered, and the item price is added to the shopping basket. An example of the shopping basket is shown below. Item Product ID Quantity Item price 1 DVD101 2 £2.5 2 ВОOK205 4 £1 At the checkout, this particular order should cost (2 x £2.5) + (4x £1) = £9. However, what if an attacker sets the quantity value for BOOK205 to -4 (minus 4) when the data from the shopping basket is sent to the web server? Then the attacker has to pay only (2 x £2.5) + (-4 x £1) = £1. The system may not dispatch BOOK205 because of its negative quantity value but still the attacker could get 2 of DVD101 for £1! This type of security attack is called a parameter tampering attack. To prevent this attack, the checkout program has to make sure that the quantity of every item in the shopping basket is a natural number, i.e. greater than zero. Let product(X) stand for X is a product in the shopping basket at the checkout. Let product_quantity(X, Y) stand for Y is the quantity of the product X. Let natural(X) stand for X is a natural number greater than zero. Using the predicate symbols above, which of the following constraints can be used to prevent negative quantity values? Select one: O VX.VY. ((product(X) ^ product_quantity(X,Y)) → natural(Y)) O VX.VY. (product(X) ^ product_quantity(X,Y) ^ natural(Y)) VX.VY. (product(X) → (product_quantity(X,Y) ^ natural(Y))) O VX.3Y. (product(X) ^ product_quantity(X,Y) ^ natural(X))

Please provide detailed answer.

Transcribed Image Text:

Consider an online store for consumer products. Whenever a customer chooses a product to order, the relevant product ID, the quantity ordered, and the item price is added to the shopping basket. An example of the shopping basket is shown below. Item Product ID Quantity Item price 1 DVD101 2 £2.5 2 ВОOK205 4 £1 At the checkout, this particular order should cost (2 x £2.5) + (4x £1) = £9. However, what if an attacker sets the quantity value for BOOK205 to -4 (minus 4) when the data from the shopping basket is sent to the web server? Then the attacker has to pay only (2 x £2.5) + (-4 x £1) = £1. The system may not dispatch BOOK205 because of its negative quantity value but still the attacker could get 2 of DVD101 for £1! This type of security attack is called a parameter tampering attack. To prevent this attack, the checkout program has to make sure that the quantity of every item in the shopping basket is a natural number, i.e. greater than zero. Let product(X) stand for X is a product in the shopping basket at the checkout. Let product_quantity(X, Y) stand for Y is the quantity of the product X. Let natural(X) stand for X is a natural number greater than zero. Using the predicate symbols above, which of the following constraints can be used to prevent negative quantity values? Select one: O VX.VY. ((product(X) ^ product_quantity(X,Y)) → natural(Y)) O VX.VY. (product(X) ^ product_quantity(X,Y) ^ natural(Y)) O VX. VY. (product(X) → (product_quantity(X,Y) ^ natural(Y))) O VX.3Y. (product(X) ^ product_quantity(X,Y) ^ natural(X))