Transaction processing systems underpin modern commerce, finance, and critical infrastructure, yet their security has never been studied across the full evolutionary arc of these systems. Over five decades, transaction processing has progressed through four distinct generations, from centralized databases, to distributed databases, to blockchain and distributed ledger technologies (DLTs), finally to multi-context systems that span cyber-physical components under real-time constraints. Each generation has introduced new transaction types and new classes of vulnerabilities, yet security research remains fragmented by domain, and the foundational ACID transaction model has not been revisited to reflect the demands of contemporary systems. We classify 163 papers on transaction security by evolutionary generation, security focus, and relevant Common Weakness Enumeration (CWE) entries, and distill a curated set of 41 high-impact or seminal papers spanning all four generations. We make three principal contributions. First, we develop a four-generation evolutionary taxonomy that contextualizes each work within the broader trajectory of transaction processing. Second, we map each paper's security focus to CWE identifiers, providing a systems-oriented vocabulary for analyzing transaction-specific threats across otherwise siloed domains. Third, we demonstrate that the classical ACID properties are insufficient for modern transactional systems and introduce RANCID, extending ACID with Real-timeness (R) and N-many Contexts (N), as a property set for reasoning about the security and correctness of systems that must coordinate across heterogeneous contexts under timing constraints. Our systematization exposes a pronounced bias toward DLT security research at the expense of broader transactional security and identifies concrete open problems for the next generation of transaction processing systems.

翻译：事务处理系统是现代商业、金融和关键基础设施的基石，然而其安全性从未在这些系统的完整演进历程中得到系统性研究。在跨越五十余年的发展中，事务处理已历经四代显著演进：从集中式数据库，到分布式数据库，再到区块链与分布式账本技术（DLT），最终演变为实时约束下跨越信息物理组件的多情境系统。每一代系统都引入了新的事务类型与新的脆弱性类别，但安全研究仍因领域分野而呈现碎片化，且经典的ACID事务模型尚未被重新审视以适应当代系统的需求。我们依据演进代际、安全焦点及相关通用缺陷枚举（CWE）条目，对163篇事务安全文献进行分类，并提炼出涵盖全部四代系统的41篇高影响力或开创性论文。本研究作出三项主要贡献：首先，我们构建了一个四代演进分类体系，将每项研究工作置于事务处理更宏大的发展脉络中定位；其次，我们将每篇论文的安全焦点映射至CWE标识符，为跨领域分析事务特定威胁提供了系统导向的术语框架；最后，我们论证经典ACID特性已不足以描述现代事务系统，进而提出RANCID——通过引入实时性（R）与多情境（N）对ACID进行扩展，作为在时序约束下协调异构情境的系统安全性与正确性推理的特性集合。我们的系统化分析揭示了当前研究明显偏向DLT安全而忽视更广泛事务安全的问题，并指明了下一代事务处理系统亟待解决的具体开放性问题。