Biblio

Under the background of "Internet +", in order to solve the problem of deeply mining credit risk behind online supply chain financial big data, this paper proposes an online supply chain financial credit risk assessment method based on deep belief network (DBN). First, a deep belief network evaluation model composed of Restricted Boltzmann Machine (RBM) and classifier SOFTMAX is established, and the performance evaluation test of three kinds of data sets is carried out by using this model. Using factor analysis to select 8 indicators from 21 indicators, and then input them into RBM for conversion to form a more scientific evaluation index, and finally input them into SOFTMAX for evaluation. This method of online supply chain financial credit risk assessment based on DBN is applied to an example for verification. The results show that the evaluation accuracy of this method is 96.04%, which has higher evaluation accuracy and better rationality compared with SVM method and Logistic method.

The rise of supply chain finance has provided effective assistance to SMEs with financing difficulties. This study mainly explores the financial risk evaluation of supply chain under the leadership of 3PL. According to the risk identification, 27 comprehensive rating indicators were established, and then the model under the BP neural network was constructed through empirical data. The actual verification results show that the model performs very well in risk assessment which helps 3PL companies to better evaluate the business risks of supply chain finance, so as to take more effective risk management measures.

In the recent years, sustainability has becoming an important topic in agro-food supply chain. Moreover, these supply chains are more vulnerable due to different interrelated risks from man-made and natural disasters. However, most of the previous studies consider less about interrelation in assessing sustainability risks. The purpose of this research is to develop a framework to assess supply chain sustainability risks by rnking environmental risks, economic risks, social risks and operational risks. To solve this problem, the proposed methodology is an integrated rough decision- making and trial evaluation laboratory (DEMA℡) method that consider the interrelationship between different risks and the group preference diversity. In order to evaluate the applicability of the proposed method, a real-world case study of Tunisian agro-food company is presented. The results show that the most important risks are corruption, inflation and uncertainty in supply and demand.

Based on the analysis of cluster supply chain risk characteristics, starting from the analysis of technical risk dimensions, information risk dimensions, human risk dimensions, and capital risk dimensions, a cluster supply chain risk severity assessment index system is designed. The fuzzy C-means clustering algorithm based on data flow is used to cluster each supply chain, analyze the risk severity of the supply chain, and evaluate the decision of the supply chain risk severity level based on the cluster weights and cluster center range. Based on the analytic hierarchy process, the risk severity of the entire clustered supply chain is made an early warning decision, and the clustered supply chain risk severity early warning level is obtained. The results of simulation experiments verify the feasibility of the decision method for cluster supply chain risk severity, and improve the theoretical support for cluster supply chain risk severity prediction.

This paper establishes a novel approach to supply chain risk management (SCRM), through establishing a risk assessment framework addressing the importance of SCRM and supply chain visibility (SCV). Through a quantitative assessment and empirical evidence, the paper also discusses the specific risks within the manufacturing industry. Based on survey data collected and a case study from Asia, the paper finds that supplier delays and poor product quality can be considered as prevailing risks relevant to the manufacturing industry. However, as supply chain risks are inter-related, one must increase supply chain visibility to fully consider risk causes that ultimately lead to the risk effects. The framework established can be applied to different industries with the view to inform organisations on prevailing risks and prompt motivate improvement in supply chain visibility, thereby, modify risk management strategies. Through suggesting possible risk sources, organisations can adopt proactive risk mitigation strategies so as to more efficiently manage their exposure.

Blockchain is becoming more popular because of its decentralized, secured, and transparent nature. Supply chain and its management is indispensable to improve customer services, reduce operating costs and improve financial position of a firm. Integration of blockchain and supply chain is substantial, but it alone is not enough for the sustainability of supply chain systems. The proposed mechanism speaks about the method of rewarding the supply chain parties with incentives so as to improve the security and make the integration of supply chain with blockchain sustainable. The proposed incentive mechanism employs the co-operative approach of game theory where all the supply chain parties show a cooperative behavior of following the blockchain-based supply chain protocols and also this mechanism makes a fair attempt in rewarding the supply chain parties with incentives.

{With the rapid development of economic globalization, cooperation between countries, between enterprises, has become a key factor whether country and enterprises can make great economic progress. In these cooperation processes, it is necessary to trace the source of business data or log data for auditing and accountability. However, multi-party enterprises participating in cooperation often do not trust each other, and the separate accounting of the enterprises leads to isolated islands of information, which makes it difficult to trace the entire life cycle of the data. Therefore, there is an urgent need for a mechanism that can establish distributed trustworthiness among multiparty organizations that do not trust each other, and provide a tamper-resistant data storage mechanism to achieve credible traceability of data. This work proposes a data traceability platform architecture design plan for supply chain management based on the multi-disciplinary knowledge and technology of the Fabric Alliance chain architecture, perceptual identification technology, and cryptographic knowledge. At the end of the paper, the characteristics and shortcomings of data traceability of this scheme are evaluated.

Trust along digitalized supply chains is challenged by the aspect that monitoring equipment may not be trustworthy or unreliable as respective measurements originate from potentially untrusted parties. To allow for dynamic relationships along supply chains, we propose a blockchain-backed supply chain monitoring architecture relying on trusted hardware. Our design provides a notion of secure end-to-end sensing of interactions even when originating from untrusted surroundings. Due to attested checkpointing, we can identify misinformation early on and reliably pinpoint the origin. A blockchain enables long-term verifiability for all (now trustworthy) IoT data within our system even if issues are detected only after the fact. Our feasibility study and cost analysis further show that our design is indeed deployable in and applicable to today’s supply chain settings.

The supply chain network is a complex network with the risk of cascading failure. To study the cascading failure in it, an accurate supply chain network model needs to be established. In this paper, we construct a layered supply chain network model according to the types of companies in real supply chain networks. We first define the similarity between companies in the same layer by studying real-world scenarios in supply chain networks. Then, considering both the node degree and the similarity between nodes in the same layer, we propose preferential attachment probability formulas for the new nodes to join the exist network. Finally, the evolution steps of the model are summarized. We analyze the structural characteristics of the new model. The results show that the new model has scale-free property and small-world property, which conform to the structural characteristics of the known supply chain networks. Compared with the other network models, it is found that the new model can better describe the actual supply chain network.

Information security of logistics services. Information security of logistics services is understood as a complex activity aimed at using information and means of its processing in order to increase the level of protection and normal functioning of the object's information environment. At the same time the main recommendations for ensuring information security of logistics processes include: logistics support of processes for ensuring the security of information flows of the enterprise; assessment of the quality and reliability of elements, reliability and efficiency of obtaining information about the state of logistics processes. However, it is possible to assess the level of information security within the organization's controlled part of the supply chain through levels and indicators. In this case, there are four levels and elements of information security of supply chains.

Blockchain will increase supply chains' productivity and accountability, and have a positive effect on anything from warehousing to distribution to payment. To bridge the supply chain visibility gap, blockchain is being deployed because of its security features like immutability, tamper-resistant and hash proof. Blockchain integration with IoT increases the traceability and verifiability of the supply chain management and drastically eradicates the fraudulent activities including bribery, money laundering, forged checks, sanction violations, misrepresentation of goods and services. Blockchain can help to cross-check the verification, identification and authenticity of IoT devices to reduce the frequency and ramifications of fraud in supply chain management. The epidemic outbreak of SARS-CoV-2 has disrupted many global supply chains. The Geneva-based World Economic Forum declared that SARS-CoV-2 exposed supply chain failures can be tackled by blockchain technology. This paper explores the modern methodologies of supply chain management with integration of blockchain and IoT.

Military supply chains play a critical role in the acquisition and movement of goods for defence purposes. The disruption of these supply chain processes can have potentially devastating affects to the operational capability of military forces. The introduction and integration of new technologies into defence supply chains can serve to increase their effectiveness. However, the benefits posed by these technologies may be outweighed by significant consequences to the cyber security of the entire defence supply chain. Supply chains are complex Systems of Systems, and the introduction of an insecure technology into such a complex ecosystem may induce cascading system-wide failure, and have catastrophic consequences to military mission assurance. Subsequently, there is a need for an evaluative process to determine the extent to which a new technology will affect the cyber security of military supply chains. This work proposes a new model, the Military Supply Chain Cyber Implications Model (M-SCCIM), that serves to aid military decision makers in understanding the potential cyber security impact of introducing new technologies to supply chains. M-SCCIM is a multiphase model that enables understanding of cyber security and supply chain implications through the lenses of theoretical examinations, pilot applications and system wide implementations.

Supply chain security threats pose new challenges to security risk modeling techniques for complex ICT systems such as the IoT. With established techniques drawn from attack trees and reliability analysis providing needed points of reference, graph-based analysis can provide a framework for considering the role of suppliers in such systems. We present such a framework here while highlighting the need for a component-centered model. Given resource limitations when applying this model to existing systems, we study various classes of uncertainties in model development, including structural uncertainties and uncertainties in the magnitude of estimated event probabilities. Using case studies, we find that structural uncertainties constitute a greater challenge to model utility and as such should receive particular attention. Best practices in the face of these uncertainties are proposed.

Supply chain management (SCM) system is a main requirement for manufacturers and companies to cooperate. There are many management techniques to manage supply chains, such as using Excel sheets. However, that technique is ineffective, insecure, and sensitive to human errors. In this paper, we propose CLOUDITY, a cloud-based SCM system using SELAT (Selective Market) and Blockchain system. We modify JUGO architecture to develop SELAT as a connector between users and cloud service providers. Also, we apply the Blockchain concept to make more secure system. CLOUDITY system can solve several cases: resource provisioning, service selection, authentication, and access control. Also, it improves the data security by checking every data changes of the supply chain management system using Blockchain system.

Supply chain plays a significant job in an organization making systems between an organization and its supplier to deliver and disperse items and administrations to the last purchasers. Digitization alludes to the way toward moving physical reports into physical documents. Digitization will make incredible open doors for associations and supply chain rehearses. Numerous associations need to turn out to be progressively “advanced” since they have watched the criticality and value of computerized advances for their development and their own organizations. This research study topic presents a review of the supply chain management digitization practices and dreams with a merged image of digitization and stream of data between the Supplier and Manufacturer chain. Value management, in value analysis, assumes a huge job in a viable Digital Supply Chain Management, it is progressively centered around mechanization, digitizing the procedure, and the coordination and reconciliation of the considerable number of components associated with the supply chain. In view of how value-chain management has developed, it assumes an urgent job in managing the ever-expanding unpredictability in supply chains all inclusive. This study presents an overview of the supply chain management digitization practices and visions with a consolidated picture of digitization and flow of information between the Supplier and Manufacturer chain. This study can be further improved by integrating the latest technology and tools AI and IoT-as a future study.

This paper argues that the security management of the robot supply chain would preferably focus on Sino-US relations and technical bottlenecks based on a comprehensive security analysis through open-source intelligence and data mining of associated discourses. Through the lens of the newsboy model and game theory, this study reconstructs the risk appraisal model of the robot supply chain and rebalances the process of the Sino-US competition game, leading to the prediction of China's strategic movements under the supply risks. Ultimately, this paper offers a threefold suggestion: increasing the overall revenue through cost control and scaled expansion, resilience enhancement and risk prevention, and outreach of a third party's cooperation for confrontation capabilities reinforcement.

This paper addresses security and risk management of hardware and embedded systems across several applications. There are three companies involved in the research. First is an energy technology company that aims to leverage electric- vehicle batteries through vehicle to grid (V2G) services in order to provide energy storage for electric grids. Second is a defense contracting company that provides acquisition support for the DOD's conventional prompt global strike program (CPGS). These systems need protections in their production and supply chains, as well as throughout their system life cycles. Third is a company that deals with trust and security in advanced logistics systems generally. The rise of interconnected devices has led to growth in systems security issues such as privacy, authentication, and secure storage of data. A risk analysis via scenario-based preferences is aided by a literature review and industry experts. The analysis is divided into various sections of Criteria, Initiatives, C-I Assessment, Emergent Conditions (EC), Criteria-Scenario (C-S) relevance and EC Grouping. System success criteria, research initiatives, and risks to the system are compiled. In the C-I Assessment, a rating is assigned to signify the degree to which criteria are addressed by initiatives, including research and development, government programs, industry resources, security countermeasures, education and training, etc. To understand risks of emergent conditions, a list of Potential Scenarios is developed across innovations, environments, missions, populations and workforce behaviors, obsolescence, adversaries, etc. The C-S Relevance rates how the scenarios affect the relevance of the success criteria, including cost, schedule, security, return on investment, and cascading effects. The Emergent Condition Grouping (ECG) collates the emergent conditions with the scenarios. The generated results focus on ranking Initiatives based on their ability to negate the effects of Emergent Conditions, as well as producing a disruption score to compare a Potential Scenario's impacts to the ranking of Initiatives. The results presented in this paper are applicable to the testing and evaluation of security and risk for a variety of embedded smart devices and should be of interest to developers, owners, and operators of critical infrastructure systems.

Threats and risks against supply chains are increasing and a framework to add the trustworthiness of supply chain has been considered. In this framework, organisations in the supply chain validate the conformance to the pre-defined requirements. The results of validations are linked each other to achieve the trustworthiness of the entire supply chain. In this paper, we further consider this framework for data supply chains. First, we implement the framework and evaluate the performance. The evaluation shows 500 digital evidences (logs) can be checked in 0.28 second. We also propose five methods to improve the performance as well as five new functionalities to improve usability. With these functionalities, the framework also supports maintaining the certificate chain.

Logic obfuscation has been proposed as a counter-measure against supply chain threats such as overproduction and IP piracy. However, the functional corruption it offers can be exploited by oracle-guided pruning attacks to recover the obfuscation key, forcing existing logic obfuscation methods to trivialize their output corruption which in turn leads to a diminished protection scope. In this paper, we address this quandary through an FSM obfuscation methodology that delivers obfuscation scope not only through external secrets but more importantly through inherent state transition patterns. We leverage a minimum-cut graph partitioning algorithm to divide the FSM diagram and implement the resulting partitions with distinct FF configurations, enabled by a novel synthesis methodology supporting reconfigurable FFs. The obfuscated FSM can be activated by invoking key values to dynamically switch the FF configuration at a small number of inter-partition transitions. Yet, the overall obfuscation scope comprises far more intra-partition transitions which are driven solely by the inherent transition sequences and thus reveal no key trace. We validate the security of the proposed obfuscation method against numerous functional and structural attacks. Experimental results confirm its delivery of extensive obfuscation scope at marginal overheads.

The ever-increasing cost and complexity of cutting-edge manufacturing and test processes have migrated the semiconductor industry towards a globalized business model. With many untrusted entities involved in the supply chain located across the globe, original intellectual property (IP) owners face threats such as IP theft/piracy, tampering, counterfeiting, reverse engineering, and overproduction. Logic locking has emerged as a promising solution to protect integrated circuits (ICs) against supply chain vulnerabilities. It inserts key gates to corrupt circuit functionality for incorrect key inputs. A logic-locked chip test can be performed either before or after chip activation (becoming unlocked) by loading the unlocking key into the on-chip tamperproof memory. However, both pre-activation and post-activation tests suffer from lower test coverage, higher test cost, and critical security vulnerabilities. To address the shortcomings, we propose LL-ATPG, a logic-locking aware test method that applies a set of valet (dummy) keys based on a target test coverage to perform manufacturing test in an untrusted environment. LL-ATPG achieves high test coverage and minimizes test time overhead when testing the logic-locked chip before activation without sharing the unlocking key. We perform security analysis of LL-ATPG and experimentally demonstrate that sharing the valet keys with the untrusted foundry does not create additional vulnerability for the underlying locking method.

In an agricultural supply chain, farmers, food processors, transportation agencies, importers, and exporters must comply with different regulations imposed by one or more jurisdictions depending on the nature of their business operations. Supply chain stakeholders conventionally transport their goods, along with the corresponding documentation via regulators for compliance checks. This is generally followed by a tedious and manual process to ensure the goods meet regulatory requirements. However, supply chain systems are changing through digitization. In digitized supply chains, data is shared with the relevant stakeholders through digital supply chain platforms, including blockchain technology. In such datadriven digital supply chains, the regulators may be able to leverage digital technologies, such as artificial intelligence and machine learning, to automate the compliance verification process. However, a barrier to progress is the risk that information will not be credible, thus reversing the gains that automation could achieve. Automating compliance based on inaccurate data may compromise the safety and credibility of the agricultural supply chain, which discourages regulators and other stakeholders from adopting and relying on automation. Within this article we consider the challenges of digital supply chains when we describe parts of the compliance management process and how it can be automated to improve the operational efficiency of agricultural supply chains. We introduce assisted autonomy as a means to pragmatically automate the compliance verification process by combining the power of digital systems while keeping the human in-the-loop. We argue that autonomous compliance is possible, but that the need for human led inspection processes will never be replaced by machines, however it can be minimised through “assisted autonomy”.

Aggressive time-to-market constraints and enormous hardware design and fabrication costs have pushed the semiconductor industry toward hardware Intellectual Properties (IP) core design. However, the globalization of the integrated circuits (IC) supply chain exposes IP providers to theft and illegal redistribution of IPs. Watermarking and fingerprinting are proposed to detect IP piracy. Nevertheless, they come with additional hardware overhead and cannot guarantee IP security as advanced attacks are reported to remove the watermark, forge, or bypass it. In this work, we propose a novel methodology, GNN4IP, to assess similarities between circuits and detect IP piracy. We model the hardware design as a graph and construct a graph neural network model to learn its behavior using the comprehensive dataset of register transfer level codes and gate-level netlists that we have gathered. GNN4IP detects IP piracy with 96% accuracy in our dataset and recognizes the original IP in its obfuscated version with 100% accuracy.

Cyberattacks on cyber supply chain (CSC) systems and the cascading impacts have brought many challenges and different threat levels with unpredictable consequences. The embedded networks nodes have various loopholes that could be exploited by the threat actors leading to various attacks, risks, and the threat of cascading attacks on the various systems. Key factors such as lack of common ontology vocabulary and semantic interoperability of cyberattack information, inadequate conceptualized ontology learning and hierarchical approach to representing the relationships in the CSC security domain has led to explicit knowledge representation. This paper explores cyberattack ontology learning to describe security concepts, properties and the relationships required to model security goal. Cyberattack ontology provides a semantic mapping between different organizational and vendor security goals has been inherently challenging. The contributions of this paper are threefold. First, we consider CSC security modelling such as goal, actor, attack, TTP, and requirements using semantic rules for logical representation. Secondly, we model a cyberattack ontology for semantic mapping and knowledge representation. Finally, we discuss concepts for threat intelligence and knowledge reuse. The results show that the cyberattack ontology concepts could be used to improve CSC security.

Nowadays malicious vendors can easily insert hardware Trojans into integrated circuit chips as the entire integrated chip supply chain involves numerous design houses and manufacturers on a global scale. It is thereby becoming a necessity to expose any possible hardware Trojans, if they ever exist in a chip. A typical Trojan circuit is made of a trigger and a payload that are interconnected with a trigger net. As trigger net can be viewed as the signature of a hardware Trojan, in this paper, we propose a gate-level hardware Trojan detection method and model that can be applied to screen the entire chip for trigger nets. In specific, we extract the trigger-net features for each net from known netlists and use the machine learning method to train multiple detection models according to the trigger modes. The detection models are used to identify suspicious trigger nets from the netlist of the integrated circuit under detection, and score each net in terms of suspiciousness value. By flagging the top 2% suspicious nets with the highest suspiciousness values, we shall be able to detect majority hardware Trojans, with an average accuracy rate of 96%.

With increased awareness comes unprecedented expectations. We live in a digital, cloud era wherein the underlying information architectures are expected to be elastic, secure, resilient, and handle petabyte scaling. The expectation of epic proportions from the next generation of the data frameworks is to not only do all of the above but also build it on a foundation of trust and explainability across multi-organization business networks. From cloud providers to automobile industries or even vaccine manufacturers, components are often sourced by a complex, not full digitized thread of disjoint suppliers. Building Machine Learning and AI-based order fulfillment and predictive models, remediating issues, is a challenge for multi-organization supply chain automation. We posit that Federated Learning in conjunction with blockchain and smart contracts are technologies primed to tackle data privacy and centralization challenges. In this paper, motivated by challenges in the industry, we propose a decentralized distributed system in conjunction with a recommendation system model (Matrix Factorization) that is trained using Federated Learning on an Ethereum blockchain network. We leverage smart contracts that allow decentralized serverless aggregation to update local-ized items vectors. Furthermore, we utilize Homomorphic Encryption (HE) to allow sharing the encrypted gradients over the network while maintaining their privacy. Based on our results, we argue that training a model over a serverless Blockchain network using smart contracts will provide the same accuracy as in a centralized model while maintaining our serverless model privacy and reducing the overhead communication to a central server. Finally, we assert such a system that provides transparency, audit-ready and deep insights into supply chain operations for enterprise cloud customers resulting in cost savings and higher Quality of Service (QoS).