SoK: Evolution, Security, and Fundamental Properties of Transactional Systems

Transaction processing systems underpin modern commerce, finance, and critical infrastructure, yet their security has never been studied across the full evolutionary arc of these systems. Over five decades, transaction processing has progressed through four distinct generations, from centralized databases, to distributed databases, to blockchain and distributed ledger technologies (DLTs), finally to multi-context systems that span cyber-physical components under real-time constraints. Each generation has introduced new transaction types and new classes of vulnerabilities, yet security research remains fragmented by domain, and the foundational ACID transaction model has not been revisited to reflect the demands of contemporary systems. We classify 163 papers on transaction security by evolutionary generation, security focus, and relevant Common Weakness Enumeration (CWE) entries, and distill a curated set of 41 high-impact or seminal papers spanning all four generations. We make three principal contributions. First, we develop a four-generation evolutionary taxonomy that contextualizes each work within the broader trajectory of transaction processing. Second, we map each paper's security focus to CWE identifiers, providing a systems-oriented vocabulary for analyzing transaction-specific threats across otherwise siloed domains. Third, we demonstrate that the classical ACID properties are insufficient for modern transactional systems and introduce RANCID, extending ACID with Real-timeness (R) and N-many Contexts (N), as a property set for reasoning about the security and correctness of systems that must coordinate across heterogeneous contexts under timing constraints. Our systematization exposes a pronounced bias toward DLT security research at the expense of broader transactional security and identifies concrete open problems for the next generation of transaction processing systems.