Collaborative Supply Chain and

Data Protection

Antonio Zilli, antonio.zilli@unisalento.itFabbrica Futuro, Bari, 05/10/2016

https://cpdm.unisalento.it/ http://www.dtascarl.it/

Privacy-Preserving Computation in the Cloudhttp://practice-project.eu/

This project has received funding from the European Union’s Seventh Framework Programme for research, technological development and demonstration under grant agreement no 609611

Antonio Zilli, antonio.zilli@unisalento.it 2

L’innovazione tecnologica come fattore abilitante dello sviluppo e della crescita

Antonio Zilli

Antonio Zilli, antonio.zilli@unisalento.it 4

ContattiT: 0039 0832 297981e: antonio.zilli@unisalento.itw: https://cpdm.unisalento.it/it/portfolio-items/supply-chain-management-and-security/(http://bit.ly/2dmCDNS)

Aer

on

auti

c in

du

stry

Knowledge managementTeSCHeTiDFKITE.ITKHIRA

Social network analysis

Value and supply network

Secure collaborationSecuSCMPRACTICE

• PRACTICE project

• Aeronautic supply chain

• Process optimization requirements

• Data leakage risks and data protection levels

• Prototype application and economic benefits

• Conclusions

Agenda

Antonio Zilli, antonio.zilli@unisalento.it 5

... a secure cloud framework … of advanced and practical cryptographic technologies providing sophisticated security and privacy guarantees for all parties in cloud computing scenarios.

… PRACTICE project goals:• data confidentiality and integrity (no need to trust cloud providers);• computation on encrypted data (insiders cannot disclose secrets);• flexible architecture and tools (seamless migration towards new platforms while gradually

adding levels of protection).

… The PRACTICE project will:• enable European customers to save costs by globally outsourcing to the cheapest

providers while still maintaining guaranteed security and legal compliance;• deliver a Secure Platform for Enterprise Applications and Services providing application

servers and automatic tools enabling privacy-sensitive applications on the cloud;• protect user data from cloud providers and other users, supporting cloud-aided secure

computations by mutually distrusting parties.

PRACTICE project

Antonio Zilli, antonio.zilli@unisalento.it 6

http://practice-project.eu/@FP7_PRACTICE

PRACTICE project

Antonio Zilli, antonio.zilli@unisalento.it 7

10

9

8

7

6

5

4

3

2

1

11

12

13

14

15

16

17

18

*

Project start: 1st November, 2013

Project duration: 3 years

Total costs: 10.465.059

WP24: Supply chain prototype

Aeronautic new product developmentsupply chain

Antonio Zilli, antonio.zilli@unisalento.it 9

The supply chain is the set of actors sharing material, information and financial information within organizational units, so as to meet consumer’ need and as a result, enhance the entire supply chain involved.

Product design information

MRO supply chain

Antonio Zilli, antonio.zilli@unisalento.it 10

Information, products

Products, money

The aeronautic aftersales supply chain has the role of keeping aircraft systems into conditions where they can perform their function. In many cases, aircrafts need to be shut down for maintenance.

Airlines, airforces, other aircraft operators

MRO Service provider

Spare partssuppliersBusiness relationship model

Time & material

Performance based

MRO performances

Antonio Zilli, antonio.zilli@unisalento.it 11

“… the main barriers to the fulfilment of the business objectives of MRO companies are component delays during procurement and repair. 41% of the surveyed companies answered that they have to deal with this delays.” Remenyi, C., Staudacher, S., 2011. MRO: Organisation der Produktion sowie von Produktionsplanung und–steuerung. Wt Werkstattstechnikonline2011(4), 242–248.

MRO TAT

Dataset related to the JT8 engineAbout 1000 MRO events

Service planning

# Events: 1038Mean (TAT): 143,03

Median (TAT): 131St. Deviation (TAT): 80,98

# Repair Events: 973Mean (PT): 17,4Median (PT): 10

St. Deviation (PT): 28

MRO supply chain: optimization

Antonio Zilli, antonio.zilli@unisalento.it 12

Information, products

Products, money

Data

Data

To improve effectiveness and efficiency of inventory management policy, more accurate demand forecasts and service plans are required

Data

Dat

a

Demand forecasting and service planning

Antonio Zilli, antonio.zilli@unisalento.it 13

Business data

Production plan

Inventory status

Production status

Cloud

Planning

System

Engine

operators

Contract data (SLA and penalties)

Service plan

Inventory status

Service status

MRO Service

Provider

Engine health status

(Data gathered by on-

board sensors)

Suppliers

Sample: ICT, Supply chain

• Results:1. The cloud diffusion is obstacled by security issues;

2. The main source of threat is the cloud service provider;

3. Insiders are a concern, but not the main one;

4. ‘Certification’ is the main source of trust;

5. No data protection when data are shared with partners.

Survey on cloud application diffusion

Antonio Zilli, antonio.zilli@unisalento.it 14

Secure Computation technology satisfies these requirements

• Data leakage risks depend on leaked data, business role of owner and business role of leakage recipient

• Cloud service provider (admin) is part of the risks model

Data leakage risks

Antonio Zilli, antonio.zilli@unisalento.it 15

Airline/Air Force

MRO SP SupplierAdmin

Same sc Other scComponents manufacturer

MRO SP

Airline/Air force data

Competitive advantage

Bargaining power

Bargaining power

Bargaining power

Bargaining power

Lost profit

MRO SP data

Bargaining power

/Competitive advantage

Bargaining power

Competitive advantage

+Bargaining

power

Lost profit

Supplier data

Bargaining power on MRO SP

Bargaining power

Competitive advantage on other MRO SP

+Bargaining

power

Competitive advantage

Competitive advantage

+Bargaining

power

Lost profit

• Sample: IT, Supply chain dept

• People are asked to evaluate how much critical is if suppliers, competitors and customers access selected types of data,

• Individual evaluations are combined, public information and business historical relationships are taken in consideration too

Data protection level measurement

Antonio Zilli, antonio.zilli@unisalento.it 16

CONFIDENTIAL DATAPROTECTION LEVEL

(scale: 0-75)

Usage condition of the engines fleet 51,3MRO process data 57Production plans and the inventorystatus of spare parts suppliers 55

• Secure Computation Technology: sharing without disclosing

• SAP HANA database system

• Collaborative forecast demand:

1. Engine owners provide encrypted engine health status data;

2. Secure Cloud SCM computes on encrypted inputs of several engine owners, decryption keys are not required: data are never revealed,(specific computation algorithms were developed);

3. Application computes how many parts repairs and replacements are expected in a future time window;

Prototype application

Antonio Zilli, antonio.zilli@unisalento.it 17

Prototype performance: Evaluation time in the order of seconds

Prototypearchitectural

design

Benefit assessment simulation*

Antonio Zilli, antonio.zilli@unisalento.it 18

Methodology design and development *Simplified engine composition is considered, realistic part properties are used

3 - Output: Where are the quick wins? What is the range of cost reduction we can expect?

2 - Simulation (in 100 runs) of the costs over 24 periods (standard VS improved forecasts)

1 - Input: the inventory setting model (order costs, unit costs, penalty costs, lead times, …) and the demand process (mean and std. dev of demand, …) for a certain product

1. Design novel collaborative inter-organizational processes2. Identify involved data3. Evaluate data leakage risks (on a owner/receiver perspective)4. Measure data protection level (wrt all possible receivers)5. Develop secure cloud application6. Assess application functionalities7. Assess security performances

Result: a secure cloud supply chain management system implementing collaborative forecasting functionalities able to improve performance of the aeronautic MRO service supply chain by both increasing service level agreement and reducing service (inventory) costs

For more information: www.practice-project.eu

Methodology for securing supply chaincollaboration (on cloud applications)

Antonio Zilli, antonio.zilli@unisalento.it 19

• Supply chain wide collaboration and cloud application diffusion are obstacled by confidential data protection needs

• Novel technologies (cloud + secure computation) provide higher security performances

• Process-customized algorithms and protocols are required• Firms are required to model supply chain collaborative processes with respect

to their business models• Firms are required to measure data confidentiality and data protection level

with respect to all type of partners

• Process models and data protection levels are mandatory input of any secure cloud supply chain system

Conclusions

Antonio Zilli, antonio.zilli@unisalento.it 20