developing trust management system and trust data analysis
TRANSCRIPT
Developing Trust Management System and Trust Data Analysis in a Cloud-Based
Supply Chain
Liang-Chieh (Victor) Cheng, Ph.D.,
Yunpeng (Jack) Zhang, Ph.D.,
Xuqing (Jason) Wu, Ph.D.,
10/03/2017
University of Houston, Main Campus
Agenda
• INTRODUCTION
– Collaborators
– Background and Motivation
• STATE OF THE ART
• CONCEPTUAL FRAMEWORK
• RESEARCH METHODS
• FINDINGS AND DISCUSSION
Cloud-based Supply Chain Trust Management
Agenda
• INTRODUCTION
– Collaborators
– Background and Motivation
• STATE OF THE ART
• CONCEPTUAL FRAMEWORK
• RESEARCH METHODS
• FINDINGS AND DISCUSSION
Cloud-based Supply Chain Trust Management
Dr. Liang-Chieh (Victor) Cheng
• Associate Professor in Supply Chain & Logistics Technology (SCLT)
• US DOT project on microscopic traffic simulation
• TxDOT Traffic Signal Cybersecurity
• Diffusion of TransLog, SCM technologies
• Risk management of TransLog, SCM systems
Introduction
Dr. Yunpeng (Jack) Zhang
1. Currently an Assistant Professor in the Department ofInformation & Logistics Technology
2. Worked for several universities, including the Boise StateUniversity (U.S.), University of Melbourne (Australia) andImperial College London (U.K.).
3. Research interests include cybersecurity and softwareengineering.
4. Keen to incorporate his research into new technologies whilecooperating with research and industrial partners on pioneeringresearch.
Introduction
Cyber Security
Intrusion Detection
Cryptography
Trust Management
IoT, Cloud Computing,Blockchain
Human_ComputerInterface
Data Analysis
Software Engineering
Access
Control
Research overview
Dr. Yunpeng (Jack) Zhang
Dr. Xuqing (Jason) Wu
• An Assistant Professor of Department of Information & Logistics Technology at the University of Houston
• More than 15 years of combined experience and competencies in academic research, high-tech and energy industry.
• General research interests include Statistical Data Analysis, Machine Learning, Computer Vision and Image Analysis, Natural Language Processing, and Mathematical Programming.
• Current research is aimed at large-scale inverse modeling of geoscience data, semantic analysis of spatial-temporal data, and Big Data analysis and its applications in predictive intelligence, traffic control, and intrusion detection.
Introduction
Agenda
• INTRODUCTION
– Collaborators
– Background and Motivation
• STATE OF THE ART
• CONCEPTUAL FRAMEWORK
• RESEARCH METHODS
• FINDINGS AND DISCUSSION
Cloud-based Supply Chain Trust Management
Goal and Research Questions
• Goal: To enhance trust in cloud-based information systems within supply chain operations.
• Research Questions:
– What are the critical aspects to assess the trust management of a networked ICT?
– How can a cloud-based ICT system in a supply chain network incorporate trust control tools to enhance its trustworthiness?
Background and Motivation
Physical Flow in Supply Chain
Background and Motivation
Manufacturer Wholesaler Retailer
Information System
Cloud-based SC with Integrated ICT
Background and Motivation
Manufacturer Wholesaler Retailer
Challenges for Cloud Service Adoption
• While cloud computing is a highly promising supply chain technology, deficient trust management is hindering market growth (Hwang and Li 2010).
• Because of the growing markets of cloud-based services, the critical decision is no longer as to whether or not to embrace the idea of cloud computing (Low et al. 2011).
• The fundamental issue that needs to be addressed is the reliability of the open platform of cloud computing, and its data validity (Sule et al. 2016).
Background and Motivation
Gaps in Supply Chain Literature
• Trust management architecture for either CSP or a cloud-based supply chain has not been studied until recently;
• A supply chain wide conceptual framework for IT trust management is lacking in supply chain management research.
Background and Motivation
Scope
• The ICT platform of a cloud-based supply chain
– A supply chain which consists of a cloud service provider, vendors, hospital customers, and carriers
• An exploratory case study of the trust management practices
• Incorporating cybersecurity tools into trust management system
Agenda
• INTRODUCTION
– Collaborators
– Background and Motivation
• STATE OF THE ART
• CONCEPTUAL FRAMEWORK
• RESEARCH METHODS
• FINDINGS AND DISCUSSION
Cloud-based Supply Chain Trust Management
Cloud-based ICT Trust Characteristics
• Authentication
• Cybersecurity
• Privacy
• Virtualization
• Accessibility
STATE OF THE ART
• Reputation
• Credibility
• Accessibility
• Availability
• Quality of Service
Architecture of the cloudarmor trust management framework
STATE OF THE ART
Noor et al. 2016b
Agenda
• INTRODUCTION
– Collaborators
– Background and Motivation
• STATE OF THE ART
• CONCEPTUAL FRAMEWORK
• RESEARCH METHODS
• FINDINGS AND DISCUSSION
Cloud-based Supply Chain Trust Management
Research Design
• Interdisciplinary (SCM, IS, and Analytics)
• Deductive Method
– Conceptual framework development
– Empirics developed and executed according to concepts
• Case Study Techniques
– Action Research Participation
– Primary information gathering
CONCEPTUAL FRAMEWORK
Based on Noor et al. 2016a, b
CONCEPTUAL FRAMEWORK
Three layers’ functions.1. Cloud Service
Provider Layer offer Data storage and analytics.
2. TMS Layer control data flow, user request, and server access.
3. Cloud-based Supply Chain Layer access data and receive request result.
Agenda
• INTRODUCTION
– Collaborators
– Background and Motivation
• STATE OF THE ART
• CONCEPTUAL FRAMEWORK
• RESEARCH METHODS
• FINDINGS AND DISCUSSION
Cloud-based Supply Chain Trust Management
Case Study Techniques
• Project duration: Fall 2016 – Spring 2017
• Master Plan for field work and collaboration
• Active participation in R&D activities
– Deductive approach for empirical studies
– Inductive approach for theory building
• Data collection methods
– F2F meetings, teleconferences, emails,
– Print and digital media and unpublished reports
RESEARCH METHODS
Case Company Profile and SC
• Medical Cloud Service (MCS), Inc.
– a Houston-based CSP
– provides information system services for hospitals in Houston, TX, and St. Louis, MO areas.
• This cloud-based system connects the CSP with hospitals and medical equipment vendors.
• MCS forms strategic partnerships with local shipping companies to transport the medical equipment.
Company Profile
Agenda
• INTRODUCTION
– Collaborators
– Background and Motivation
• STATE OF THE ART
• CONCEPTUAL FRAMEWORK
• RESEARCH METHODS
• FINDINGS AND DISCUSSION
Cloud-based Supply Chain Trust Management
Trust Control as the Analytical Lens
• MCS ICT architecture
• Trust management set-ups
• Cybersecurity aspects as the emphasis of TMS
– Practices
– Weaknesses and vulnerabilities
• Countermeasures and recommendations
FINDINGS AND DISCUSSION
Med Asset Tracking & Data-generating Processes
• Using Bar-codes on existing track-able equipment in hospitals to count each individual piece of equipment.
• GPS location of devices that scans the object becomes the current location of the device.
• MCS relies on Bluetooth Low Energy Beacons to track equipment and the GPS tracking to monitor equipment during transportation.
FINDINGS AND DISCUSSION
Current State of Trust Management
FINDINGS AND DISCUSSION
In the MCS design, potential attackers could attack the system through: (1) Supply Chain Service Provider or (2) Direct breaches into CSPL and MSCUL. Additional controls are needed to make the system safe.
Weaknesses and Vulnerabilities
• Minimum level of trust feedback and data security
• Firewall and anti-virus tools
– In essence, a reactive measure
– Do not provide attacker identification, recovery, backup, and/or sensitive data encryption the cloud-based system
• Capabilities on continuity, compliance, and quality control of users in the entire cloud-based supply chain do not exist
FINDINGS AND DISCUSSION
Proposed Improvements
FINDINGS AND DISCUSSION
Enhancement through Cybersecurity Techniques
• The TMS strengthens the trustworthiness through: Identify database, access control, and supply chain-wide identify management.
• New Identify & Access Management algorithms and a new Federation Identify systems are added to the TMS framework.
• Access control and encryption mechanisms are added the existing firewall and antivirus software functions.
FINDINGS AND DISCUSSION
Thank you for the attentions!
• Questions and Answers