Visible to the public Biblio

Filters: Keyword is Trust  [Clear All Filters]
2021-10-26
Raymond Richards.  2021.  Vetting Commodity IT Software and Firmware (VET) .

Government agencies and the military rely upon many kinds of Commercial Off-the-Shelf (COTS) commodity Information Technology (IT) devices, including mobile phones, printers, computer workstations and many other everyday items. Each of these devices is the final product of long supply chains involving many vendors from many nations providing various components and subcomponents, including considerable amounts of software and firmware. Long supply chains provide adversaries with opportunities to insert hidden malicious functionality into this software and firmware that adversaries can exploit to accomplish harmful objectives, including exfiltration of sensitive data and sabotage of critical operations.

2021-10-22
[Anonymous].  2011.  Cyber Supply Chain Risk Management: Toward a Global Vision of Transparency and Trust.

This paper introduces Microsoft’s perspective on supply chain risk and the relationship of such risk to global trade in ICT products. It reviews the considerations that lead governments to express concerns about supply chain security and discusses the implications of some approaches to “solving the problem.” It points out the importance of having national approaches to supply chain risk management that are risk-based, transparent, flexible and reciprocal or standards-based.

2021-10-21
Xu, Xiaolin, Rahman, Fahim, Shakya, Bicky, Vassilev, Apostol, Forte, Domenic, Tehranipoor, Mark.  2019.  Electronics Supply Chain Integrity Enabled by Blockchain. ACM Trans. Des. Autom. Electron. Syst.. 24
Electronic systems are ubiquitous today, playing an irreplaceable role in our personal lives, as well as in critical infrastructures such as power grids, satellite communications, and public transportation. In the past few decades, the security of software running on these systems has received significant attention. However, hardware has been assumed to be trustworthy and reliable “by default” without really analyzing the vulnerabilities in the electronics supply chain. With the rapid globalization of the semiconductor industry, it has become challenging to ensure the integrity and security of hardware. In this article, we discuss the integrity concerns associated with a globalized electronics supply chain. More specifically, we divide the supply chain into six distinct entities: IP owner/foundry (OCM), distributor, assembler, integrator, end user, and electronics recycler, and analyze the vulnerabilities and threats associated with each stage. To address the concerns of the supply chain integrity, we propose a blockchain-based certificate authority framework that can be used to manage critical chip information such as electronic chip identification, chip grade, and transaction time. The decentralized nature of the proposed framework can mitigate most threats of the electronics supply chain, such as recycling, remarking, cloning, and overproduction.