NAME: G ADITHYA KUMAR REDDY

REG.NO: 21BCE2064

SOFTWARE ENGINEERING LAB

[BCSE301P]
TASK-3

Problem: Cybersecurity Threats in E-commerce Transactions

UML USE CASE DIAGRAM:

In the context of cybersecurity threats in e-commerce transactions, a Use Case Diagram serves as a visual
representation of the dynamic interactions between actors and the system functionalities. It encapsulates
the various use cases, actors involved, and their relationships, providing a comprehensive overview of the
system's behavior concerning security in e-commerce transactions.

PURPOSE OF USE CASE DIAGRAM:

A use case diagram is a visual representation of the functional requirements of a system from the
perspective of its users (actors) and the various ways they interact with the system. In the context of
cybersecurity threats in e-commerce transactions, a use case diagram serves several important purposes:

HOW TO DRAW USE CASE DIAGRAM:

Drawing a Use Case diagram for cybersecurity threats in e-commerce transactions involves identifying
the actors, use cases, and their relationships, with a focus on security aspects. Here are the steps to create
a Use Case diagram for this scenario.

Actors:

• Customer: Represents the end-user engaging in e-commerce transactions.

• Merchant: Represents the entity providing goods or services in the e-commerce platform.
• Administrator: Represents individuals responsible for managing and maintaining the e-commerce
system's security.
NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064
Use Cases:

Login/Authentication:

Actor: Customer
• Description: The customer logs in to the e-commerce platform, triggering authentication
processes to ensure secure access.

Transaction Processing:

Actors: Customer, Merchant

• Description: Initiates the secure processing of e-commerce transactions, involving encryption and
secure communication channels.

Payment Authorization:

Actors: Customer, Payment Gateway

• Description: Involves secure payment authorization processes, protecting financial data during
transactions.

Product Search and Listing:

Actor: Customer
• Description: Represents the secure retrieval and display of products, ensuring data integrity and
protection against tampering.

Security Patching:

Actor: Administrator
• Description: Involves applying security patches to the system to address vulnerabilities and
enhance overall security.

Account Management:
NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064

Actors: Customer, Administrator

• Description: Covers secure account creation, modification, and deletion processes, safeguarding
customer information.

Relationships:

• Association: Connects actors with relevant use cases, illustrating their involvement in specific
functionalities.
• Inheritance: Represents specialized actors inheriting common functionalities, such as
authentication processes.

System Boundary:

• Defines the boundary encapsulating the e-commerce system, emphasizing the scope of the
depicted functionalities related to cybersecurity threats.

EXAMPLE OF USE CASE DIAGRAM:

While I can't provide a visual diagram in this text format, I can describe a simplified textual
representation of a Use Case Diagram for cybersecurity threats in e-commerce transactions. Keep in mind
that actual diagrams may vary in complexity based on the specific requirements of the system. Here's a
basic example:

Customer ----- (Secure Login) ----- (Encrypt Data) ----- (Browse Products)
|
v
(Place Order) ----[extension]-----> (Verify Payment)
|
v
(Monitor Transactions) ---- (Update Security Policies)
|
v
NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064
(Manage User Account) ----- (Administer System)

External Systems

In this simplified example:

• The actors "Customer," "Administrator," and "External Systems" represent the key entities
interacting with the e-commerce system. Customers engage in transactions, administrators
manage the system, and external systems contribute to the overall functionality.

• The identified use cases provide a snapshot of the essential functionalities within the e-commerce
system. "Secure Login" ensures a protected authentication process, "Encrypt Data" safeguards
sensitive information, and "Browse Products" allows users to explore available items. Additional
use cases like "Add to Cart," "Place Order," "Monitor Transactions," "Update Security Policies,"
"Manage User Account," and "Administer System" cover various aspects of the e-commerce
workflow.

• The extension relationship between "Place Order" and "Verify Payment" implies that under
specific conditions, the system may extend the standard order placement process to include an
additional step for payment verification. This showcases flexibility in accommodating variations
in the transaction flow.

• Security-related use cases embedded within the main functionalities emphasize the integration of
security measures throughout the system. For instance, "Secure Login" ensures that the
authentication process is fortified against potential threats. "Encrypt Data" is seamlessly
integrated into the broader scope of use cases, indicating a pervasive commitment to securing
sensitive information.

• It's important to note that this example serves as a foundational representation. In a real-world
scenario, the diagram would likely evolve to include more nuanced details, additional actors, and
a comprehensive set of use cases and relationships. This evolution would be driven by factors
such as specific business requirements, industry standards, and evolving cybersecurity threats.

• As the e-commerce system matures and adapts to changing conditions, the diagram would be
refined to reflect these adjustments. This iterative approach ensures that the Use Case diagram
remains a dynamic tool that accurately represents the evolving nature of the system and its
response to cybersecurity challenges.
NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064

IMPORTANT TIPS FOR DRAWING USE CASE DIAGRAM:

• Identify key actors: "Customer," "Administrator," and "External Systems."

• Define primary use cases: "Secure Login," "Encrypt Data," "Browse Products," and "Place
Order."
• Highlight security-related use cases: "Secure Login," "Encrypt Data," "Monitor Transactions,"
and "Update Security Policies."
• Use clear lines to connect actors with associated use cases, ensuring accurate representation of
interactions.
• Clearly indicate extension relationships, such as showing that "Place Order" extends to "Verify
Payment."
• Draw a box to represent the system boundary, defining the scope of the e-commerce system.
• Clearly represent external systems interacting with the e-commerce system and connect them to
relevant use cases.
NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064
• Use annotations or notes to highlight security measures associated with each use case, specifying
protocols and mechanisms.
• Maintain consistent notations for actors and use clear symbols.
• Include a legend or key explaining the symbols and notations used.
• Aim for simplicity and clarity, avoiding unnecessary details.
• Regularly review the diagram with stakeholders, developers, and security experts for feedback
and refinement.

SEQUENCE DIAGRAM:
• Definition:
• A sequence diagram visually represents the dynamic flow of messages in a system. It showcases
the runtime participation of elements through lifelines and messages, ordered in time sequences.

PURPOSE OF A SEQUENCE DESIGN:

• Model high-level interactions among active objects.

• Illustrate collaborations realizing use cases.
• Model both generic interactions and specific instances.

NOTATIONS OF SEQUENCE DIAGRAM

Lifeline:

• Represents individual participants with a vertical bar at the diagram's top.

NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064

Actor:

• Represents a role played by an entity interacting with the subject. It extends beyond the system's
scope, embodying roles involving human users or external hardware.
NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064
Activation:

• Shown as a thin rectangle on the lifeline, indicating the time period during which an operation is
performed.’

Messages:

• Arrows depicting interactions between objects. Types include Call Message, Return Message,
Self Message, Recursive Message, Create Message, Destroy Message, and Duration Message.

Note:
• Enables the attachment of remarks to elements, offering useful information for modelers.
NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064
Sequence Fragments:

Introduced in UML 2.0, enclosed in a combined fragment box.

• Types include alt (Alternative), opt (Optional), par (Parallel), loop (Loop), region (Critical
region), neg (Negative), ref (Reference), and sd (Sequence Diagram).

Example of a Sequence Diagram:

Scenario:
A high-level sequence diagram for an online ECOMMERECE , involving customer actions such as
searching the catalog, viewing book details, adding to the cart, and checkout.
NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064
Benefits of a Sequence Diagram:

• Explores real-time application scenarios.

• Depicts the message flow between different objects.
• Facilitates easy maintenance and generation.
• Supports both forward and reverse engineering.
• Easily updated to accommodate system changes.

Drawbacks of a Sequence Diagram:

• Complexity increases with a high number of lifelines.

• Incorrect results may occur if the message flow order changes.
• Different notations for each sequence may complicate the diagram.
• The type of sequence depends on the message type.

Sequence diagrams, a vital component in Unified Modeling Language (UML), offer a dynamic
perspective on system behavior, capturing the sequence of interactions among various elements during
runtime. This document provides an extensive overview of sequence diagrams, covering their definition,
purpose, notations, examples, benefits, and drawbacks.

Introduction:
The sequence diagram is a powerful UML tool that visually represents the order of interactions between
objects within a system. This document aims to elucidate the fundamental aspects of sequence diagrams,
shedding light on their applications, notations, and implications in system modeling.

Definition and Purpose:

Sequence diagrams, often termed event diagrams, elucidate the flow of messages among elements during
runtime. The primary purposes include modeling high-level interactions among active objects, illustrating
collaborations realizing use cases, and representing both generic and specific instances of interactions.

Notations:
The notations in a sequence diagram play a crucial role in conveying information effectively. Lifelines,
depicted as vertical bars, represent individual participants. Actors, extending beyond the system's scope,
portray roles involving users or external entities. Activations, represented by thin rectangles, indicate the
NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064
time period during which an operation is executed. Messages, denoted by arrows, come in various types
like Call, Return, Self, Recursive, Create, Destroy, and Duration.

Sequence Fragments:
• UML 2.0 introduced sequence fragments, enclosed in combined fragment boxes. These
fragments, represented by operators like alt, opt, par, loop, region, neg, ref, and sd, enhance the
modeling capability, allowing for the depiction of complex scenarios and interactions.

Example of a Sequence Diagram:

A practical application of a high-level sequence diagram is illustrated through an online bookshop
scenario. This example involves customer actions such as searching the catalog, viewing book details,
adding to the cart, and completing the checkout process.

Benefits and Drawbacks:

Sequence diagrams offer numerous benefits, including the exploration of real-time applications, clear
depiction of message flow, ease of maintenance and generation, support for both forward and reverse
engineering, and adaptability to system changes. However, they come with drawbacks such as increased
complexity with many lifelines, potential for incorrect results due to changes in message flow order, and
the need for distinct notations for each sequence.

Conclusion:
In conclusion, sequence diagrams are invaluable tools in the UML toolkit, providing a dynamic
representation of system behavior. This document serves as a comprehensive guide, offering insights into
the intricacies of sequence diagrams, from their notations to practical applications. Understanding and
mastering sequence diagrams contribute significantly to effective system modeling and communication
among stakeholders.

STATE MACHINE DIAGRAM:

The state machine diagram is also called the Statechart or State Transition diagram, which shows
the order of states underwent by an object within the system. It captures the software system's
behavior. It models the behavior of a class, a subsystem, a package, and a complete system.
NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064
It tends out to be an efficient way of modeling the interactions and collaborations in the external
entities and the system. It models event-based systems to handle the state of an object. It also
defines several distinct states of a component within the system. Each object/component has a
specific state.

Following are the types of a state machine diagram that are given below:

• Behavioral state machine

The behavioral state machine diagram records the behavior of an object within the system. It depicts
an implementation of a particular entity. It models the behavior of the system.
• Protocol state machine
It captures the behavior of the protocol. The protocol state machine depicts the change in the state
of the protocol and parallel changes within the system. But it does not portray the implementation
of a particular component.

WHY IS STATE MACHINE DIAGRAM:

Since it records the dynamic view of a system, it portrays the behavior of a software application.
During a lifespan, an object underwent several states, such that the lifespan exist until the program
is executing. Each state depicts some useful information about the object.I saw the future of Smart
Phones

It blueprints an interactive system that response back to either the internal events or the external
ones. The execution flow from one state to another is represented by a state machine diagram. It
visualizes an object state from its creation to its termination.

The main purpose is to depict each state of an individual object. It represents an interactive system
and the entities inside the system. It records the dynamic behavior of the system.

NOTATION OF STATE MACHINE DIAGRAM

Following are the notations of a state machine diagram enlisted below:

NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064

a. Initial state: It defines the initial state (beginning) of a system, and it is represented by a black
filled circle.
b. Final state: It represents the final state (end) of a system. It is denoted by a filled circle present
within a circle.
c. Decision box: It is of diamond shape that represents the decisions to be made on the basis of an
evaluated guard.
d. Transition: A change of control from one state to another due to the occurrence of some event is
termed as a transition. It is represented by an arrow labeled with an event due to which the change
has ensued.
e. State box: It depicts the conditions or circumstances of a particular object of a class at a specific
point of time. A rectangle with round corners is used to represent the state box.

TYPES OF STATES

The UML consist of three states:

1. Simple state: It does not constitute any substructure.

NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064

2. Composite state: It consists of nested states (substates), such that it does not contain more than
one initial state and one final state. It can be nested to any level.

3.Submachine state: The submachine state is semantically identical to the composite state, but it can
be reused.

HOW TO DRAW STATE MACHINE DIAGRAM

The state machine diagram is used to portray various states underwent by an object. The change
in one state to another is due to the occurrence of some event. All of the possible states of a
particular component must be identified before drawing a state machine diagram.

The primary focus of the state machine diagram is to depict the states of a system. These states are
essential while drawing a state transition diagram. The objects, states, and events due to which the
state transition occurs must be acknowledged before the implementation of a state machine
diagram.

Following are the steps that are to be incorporated while drawing a state machine diagram:

1. A unique and understandable name should be assigned to the state transition that describes the
behavior of the system.
2. Out of multiple objects, only the essential objects are implemented.
3. A proper name should be given to the events and the transitions.

WHEN TO USE STATE MACHINE DIAGRAM:

The state machine diagram implements the real-world models as well as the object-oriented
systems. It records the dynamic behavior of the system, which is used to differentiate between the
dynamic and static behavior of a system.

It portrays the changes underwent by an object from the start to the end. It basically envisions how
triggering an event can cause a change within the system.

State machine diagram is used for:

• For modeling the object states of a system.

NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064

• For modeling the reactive system as it consists of reactive objects.

• For pinpointing the events responsible for state transitions.
• For implementing forward and reverse engineering.

EXAMPLE OF STATE MACHINE DIAGRAM:

• In the depicted state machine diagram, we outline the sequential flow of an e-commerce transaction,
highlighting potential cybersecurity threats at each stage. The process initiates with the user's
action, progressing through authentication, payment information input, payment authorization,
transaction confirmation, order processing, shipment and delivery, and ultimately reaching either
order completion or the cancellation/refund phase.
• During the Authentication phase, the system faces threats such as credential stuffing attacks, brute-
force attempts on passwords, and phishing schemes. These risks underscore the importance of
robust authentication protocols to safeguard user accounts.
• Moving to Payment Information Input, potential threats include vulnerabilities to Man-in-the-
Middle attacks and the risk of keyloggers capturing sensitive information. Secure encryption and
anti-keylogging measures become crucial to protect payment details.
• The subsequent phase, Payment Authorization, introduces threats like stolen credit card details and
payment fraud through compromised credentials. Implementing secure payment gateways and
continuous monitoring helps mitigate these risks.
• Upon Transaction Confirmation, the process proceeds to Order Processing, where inventory
manipulation attacks and order tampering pose potential threats. Establishing stringent controls
over inventory management and order verification mechanisms becomes imperative.
• As the transaction advances to Shipment and Delivery, risks such as address manipulation and
package interception during transit emerge. Employing secure delivery processes and validating
recipient information helps prevent unauthorized access to shipped goods.
• The journey concludes with Order Completion or diverts to Cancellation/Refund, each stage
accompanied by potential threats. False refund requests and chargeback fraud are identified risks
during the Cancellation/Refund phase, demanding vigilant monitoring and validation procedures.
• Ultimately, the state machine culminates in either a successful transaction denoted by [End
Completed] or an aborted one marked by [End Canceled]. This example underscores the
interconnectedness of e-commerce processes and emphasizes the necessity of a comprehensive
cybersecurity strategy to address threats at every step of the transaction lifecycle.
NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064

STATE VS FLOWCHART:
State Machine:
Focus on States and Transitions:

State machines are particularly useful when emphasizing the various states a system can be in and the
transitions between these states.
Well-suited for representing dynamic systems where the behavior changes based on internal or external
events.
Events and Actions:

State machines explicitly capture events that trigger transitions and actions associated with each
transition.
NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064
Suitable for modeling complex behaviors and interactions between different components.
Concurrency:

State machines can represent concurrent processes, making them versatile for modeling systems with
parallel activities.
Sequential Logic:

Effective for representing systems with sequential logic and state-dependent behaviors.
Useful for capturing the lifecycle of an e-commerce transaction, from initiation to completion or
cancellation.
Applicability to Cybersecurity:

Ideal for modeling security protocols and threat responses where the system behavior changes in response
to security events.

Flowchart:
Process Flow Visualization:

Flowcharts are great for illustrating the step-by-step flow of a process.

Useful when emphasizing the sequential nature of tasks and decision points within a process.
Decision Points and Control Flow:

Flowcharts excel at representing decision points and control flow, making them suitable for modeling
decision-making processes.
Structured Activities:

Flowcharts are effective for representing structured activities and detailed procedural steps.
Helpful for documenting and understanding the logical flow of tasks within an e-commerce system.
Communication and Documentation:

Often used for communication and documentation purposes, providing a clear visual representation of a
process.
NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064
Applicability to Cybersecurity:

Effective for representing procedural security measures, such as access controls, authentication, and
authorization processes.

Application to Cybersecurity Threats in E-commerce Transactions:

State Machine:

Useful for modeling the dynamic aspects of security responses during different stages of an e-commerce
transaction.
Can represent the adaptive nature of security protocols to address evolving threats.

Flowchart:

Effective for detailing step-by-step security procedures, such as user authentication, payment
authorization, and order processing.
Suitable for illustrating decision points where security checks and validations occur.

ACTIVITY DIAGRAM:
In the realm of Unified Modeling Language (UML), the activity diagram serves as a powerful tool for
illustrating the flow of control within a system, prioritizing a high-level view of the system's behavior
over implementation details. This diagram is adept at modeling both concurrent and sequential activities,
offering a visual representation of how various actions unfold within a system.

The primary focus of an activity diagram is on depicting the workflow, showcasing the progression from
one activity to another. It places particular emphasis on the conditions governing the flow and the specific
order in which activities occur. The flow itself can take on different forms, including sequential, branched,
or concurrent, and the activity diagram provides constructs like fork and join to address these diverse flow
patterns.

Referred to as an object-oriented flowchart, the activity diagram encompasses activities that consist of a
set of actions or operations. These activities are strategically organized to model the behavioral aspects of
a system, capturing the interactions and sequences of actions that drive the system's functionality.
NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064
In summary, the activity diagram in UML serves as a comprehensive and versatile representation of a
system's behavioral flow, offering a clear depiction of how activities unfold, whether sequentially, in
parallel, or with branching conditions. Its design incorporates elements such as forks and joins to
elegantly handle the complexity of concurrent and sequential flows within a system.

COMPONENTS OF ACTIVITY DIAGRAM

Following are the component of an activity diagram:

Play Videox

Activities
The categorization of behavior into one or more actions is termed as an activity. In other words, it can be
said that an activity is a network of nodes that are connected by edges. The edges depict the flow of
execution. It may contain action nodes, control nodes, or object nodes.

The control flow of activity is represented by control nodes and object nodes that illustrates the objects used
within an activity. The activities are initiated at the initial node and are terminated at the final node.

Activity partition /swimlane

NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064
The swimlane is used to cluster all the related activities in one column or one row. It can be either vertical
or horizontal. It used to add modularity to the activity diagram. It is not necessary to incorporate swimlane
in the activity diagram. But it is used to add more transparency to the activity diagram.

Forks
Forks and join nodes generate the concurrent flow inside the activity. A fork node consists of one inward
edge and several outward edges. It is the same as that of various decision parameters. Whenever a data is
received at an inward edge, it gets copied and split crossways various outward edges. It split a single inward
flow into multiple parallel flows.

Join Nodes
NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064
Join nodes are the opposite of fork nodes. A Logical AND operation is performed on all of the inward edges
as it synchronizes the flow of input across one single output (outward) edge.

Pins
It is a small rectangle, which is attached to the action rectangle. It clears out all the messy and complicated
thing to manage the execution flow of activities. It is an object node that precisely represents one input to
or output from the action.

NOTATIONS FOR ACTIVITY DIAGRAM:

Activity diagram constitutes following notations:

Initial State: It depicts the initial stage or beginning of the set of actions.

Final State: It is the stage where all the control flows and object flows end.

Decision Box: It makes sure that the control flow or object flow will follow only one path.

Action Box: It represents the set of actions that are to be performed.

NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064

WHY USE ACTIVITY DIAGRAM

An event is created as an activity diagram encompassing a group of nodes associated with edges. To model
the behavior of activities, they can be attached to any modeling element. It can model use cases, classes,
interfaces, components, and collaborations.

It mainly models processes and workflows. It envisions the dynamic behavior of the system as well as
constructs a runnable system that incorporates forward and reverse engineering. It does not include the
message part, which means message flow is not represented in an activity diagram.

It is the same as that of a flowchart but not exactly a flowchart itself. It is used to depict the flow between
several activities.

HOW TO DRAW AN ACTIVITY DIAGRAM

An activity diagram is a flowchart of activities, as it represents the workflow among various activities. They
are identical to the flowcharts, but they themself are not exactly the flowchart. In other words, it can be said
that an activity diagram is an enhancement of the flowchart, which encompasses several unique skills.

Since it incorporates swimlanes, branching, parallel flows, join nodes, control nodes, and forks, it supports
exception handling. A system must be explored as a whole before drawing an activity diagram to provide
a clearer view of the user. All of the activities are explored after they are properly analyzed for finding out
NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064
the constraints applied to the activities. Each and every activity, condition, and association must be
recognized.

After gathering all the essential information, an abstract or a prototype is built, which is then transformed
into the actual diagram.

Following are the rules that are to be followed for drawing an activity diagram:

1. A meaningful name should be given to each and every activity.

2. Identify all of the constraints.
3. Acknowledge the activity associations.

EXAMPLE OF ACTIVITY DIAGRAM

• In an e-commerce transaction process, various steps are involved, starting with the initiation of the
transaction, followed by the validation of user credentials, verification of payment information,
processing of the transaction, generation of a transaction confirmation, and finally, notifying the
user and updating the database.

• Amid this process, potential cybersecurity threats can emerge. These threats encompass
intercepting communication, man-in-the-middle attacks, phishing attempts, credential theft,
payment fraud, and data breaches. Each poses a risk to the integrity and security of the e-commerce
transaction.

• To mitigate these cybersecurity threats, several security measures should be implemented.

Activating intrusion detection systems, employing encryption methods, educating users about
potential risks, and conducting regular security audits are essential components of a comprehensive
cybersecurity strategy. By incorporating these measures, the e-commerce platform can enhance its
resilience against potential threats and safeguard sensitive user and transactional data.
NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064

WHEN TO USE ACTIVITY DIAGRAM:

Activity diagrams are particularly useful when you need to model the flow of activities or processes
within a system. In the context of the e-commerce transaction and cybersecurity threats example provided
above, an activity diagram is beneficial for illustrating the sequence of actions involved in the transaction
process and identifying potential security vulnerabilities.
Here are specific scenarios where an activity diagram is helpful for this use case:

Process Visualization:

• When to Use: Activity diagrams are effective for visualizing complex processes or workflows. In
an e-commerce transaction, the diagram can represent the sequence of steps from initiation to
completion, providing a clear overview of the entire process.
NAME: G ADITHYA KUMAR REDDY
REG.NO: 21BCE2064
Identifying Interaction Points:

• When to Use: Activity diagrams are useful for highlighting interaction points between different
components or actors. In the example, the diagram shows interactions between the user, payment
system, and database during the transaction.

Modeling Security Threats:

• When to Use: Activity diagrams can be employed to model potential cybersecurity threats and
their impact on the transaction process. By incorporating a section for cybersecurity threats, the
diagram highlights where vulnerabilities may occur.

Handling Exceptions:

• When to Use: Activity diagrams are beneficial for representing exceptional cases or error
handling. In the context of cybersecurity threats, the diagram can show how the system responds
to security incidents, such as activating intrusion detection or implementing encryption.

Communication and Collaboration:

• When to Use: Activity diagrams facilitate communication between different stakeholders

involved in the process. They provide a visual representation that is easily understood by both
technical and non-technical audiences, aiding in collaborative discussions about the e-commerce
transaction process and security measures.

System Optimization:

• When to Use: Activity diagrams can assist in identifying areas for process optimization. In the
example, the diagram could reveal potential bottlenecks or areas where additional security
measures could be implemented to enhance the overall system efficiency and security.