Multi-level model of secure interoperability in e-commerce based on a security profile

As e-commerce evolves, the number of integration points between online storefronts, payment services, logistics, accounting and analytics systems continues to grow. At the same time, information security measures are typically specified in a fragmented manner and are weakly aligned with interoperability models and risk management processes. This paper proposes a multi-layer model of secure interoperability for e-commerce systems, which embeds information security requirements into the interaction profile. The model is complemented by a classification of intersystem exchanges and a reference integration scenario via a gateway, forming a multi-layer interoperability structure within which security invariants are defined. An attacker model is developed that maps attack vectors to framework levels and classes of exchanges. Based on this model, a matrix is constructed that links threats to configuration parameters and control settings of the integration gateway and monitoring systems. Requirements are defined for a machine-readable security profile that includes invariants, indicators, countermeasures and their traceable identifiers, as well as integration with KPI/KRI-based monitoring and DevSecOps processes. The proposed structure enables risk-oriented design and assessment of protection for e-commerce integration points and can serve as a basis for further automation of security profile configuration and audit.