developing trust management system and trust data analysis

Developing Trust Management System and Trust Data Analysis in a Cloud-Based

Supply Chain

Liang-Chieh (Victor) Cheng, Ph.D.,

Yunpeng (Jack) Zhang, Ph.D.,

Xuqing (Jason) Wu, Ph.D.,

10/03/2017

University of Houston, Main Campus

Agenda

• INTRODUCTION

– Collaborators

– Background and Motivation

• STATE OF THE ART

• CONCEPTUAL FRAMEWORK

• RESEARCH METHODS

• FINDINGS AND DISCUSSION

Cloud-based Supply Chain Trust Management

Agenda

• INTRODUCTION

– Collaborators

– Background and Motivation

• STATE OF THE ART

• CONCEPTUAL FRAMEWORK

• RESEARCH METHODS

• FINDINGS AND DISCUSSION

Cloud-based Supply Chain Trust Management

Dr. Liang-Chieh (Victor) Cheng

• Associate Professor in Supply Chain & Logistics Technology (SCLT)

• US DOT project on microscopic traffic simulation

• TxDOT Traffic Signal Cybersecurity

• Diffusion of TransLog, SCM technologies

• Risk management of TransLog, SCM systems

Introduction

Dr. Yunpeng (Jack) Zhang

1. Currently an Assistant Professor in the Department ofInformation & Logistics Technology

2. Worked for several universities, including the Boise StateUniversity (U.S.), University of Melbourne (Australia) andImperial College London (U.K.).

3. Research interests include cybersecurity and softwareengineering.

4. Keen to incorporate his research into new technologies whilecooperating with research and industrial partners on pioneeringresearch.

Introduction

Cyber Security

Intrusion Detection

Cryptography

Trust Management

IoT, Cloud Computing,Blockchain

Human_ComputerInterface

Data Analysis

Software Engineering

Access

Control

Research overview

Dr. Yunpeng (Jack) Zhang

Dr. Xuqing (Jason) Wu

• An Assistant Professor of Department of Information & Logistics Technology at the University of Houston

• More than 15 years of combined experience and competencies in academic research, high-tech and energy industry.

• General research interests include Statistical Data Analysis, Machine Learning, Computer Vision and Image Analysis, Natural Language Processing, and Mathematical Programming.

• Current research is aimed at large-scale inverse modeling of geoscience data, semantic analysis of spatial-temporal data, and Big Data analysis and its applications in predictive intelligence, traffic control, and intrusion detection.

Introduction

Agenda

• INTRODUCTION

– Collaborators

– Background and Motivation

• STATE OF THE ART

• CONCEPTUAL FRAMEWORK

• RESEARCH METHODS

• FINDINGS AND DISCUSSION

Cloud-based Supply Chain Trust Management

Goal and Research Questions

• Goal: To enhance trust in cloud-based information systems within supply chain operations.

• Research Questions:

– What are the critical aspects to assess the trust management of a networked ICT?

– How can a cloud-based ICT system in a supply chain network incorporate trust control tools to enhance its trustworthiness?

Background and Motivation

Physical Flow in Supply Chain

Background and Motivation

Manufacturer Wholesaler Retailer

Information System

Cloud-based SC with Integrated ICT

Background and Motivation

Manufacturer Wholesaler Retailer

Challenges for Cloud Service Adoption

• While cloud computing is a highly promising supply chain technology, deficient trust management is hindering market growth (Hwang and Li 2010).

• Because of the growing markets of cloud-based services, the critical decision is no longer as to whether or not to embrace the idea of cloud computing (Low et al. 2011).

• The fundamental issue that needs to be addressed is the reliability of the open platform of cloud computing, and its data validity (Sule et al. 2016).

Background and Motivation

Gaps in Supply Chain Literature

• Trust management architecture for either CSP or a cloud-based supply chain has not been studied until recently;

• A supply chain wide conceptual framework for IT trust management is lacking in supply chain management research.

Background and Motivation

Scope

• The ICT platform of a cloud-based supply chain

– A supply chain which consists of a cloud service provider, vendors, hospital customers, and carriers

• An exploratory case study of the trust management practices

• Incorporating cybersecurity tools into trust management system

Agenda

• INTRODUCTION

– Collaborators

– Background and Motivation

• STATE OF THE ART

• CONCEPTUAL FRAMEWORK

• RESEARCH METHODS

• FINDINGS AND DISCUSSION

Cloud-based Supply Chain Trust Management

Cloud-based ICT Trust Characteristics

• Authentication

• Cybersecurity

• Privacy

• Virtualization

• Accessibility

STATE OF THE ART

• Reputation

• Credibility

• Accessibility

• Availability

• Quality of Service

Architecture of the cloudarmor trust management framework

STATE OF THE ART

Noor et al. 2016b

Agenda

• INTRODUCTION

– Collaborators

– Background and Motivation

• STATE OF THE ART

• CONCEPTUAL FRAMEWORK

• RESEARCH METHODS

• FINDINGS AND DISCUSSION

Cloud-based Supply Chain Trust Management

Research Design

• Interdisciplinary (SCM, IS, and Analytics)

• Deductive Method

– Conceptual framework development

– Empirics developed and executed according to concepts

• Case Study Techniques

– Action Research Participation

– Primary information gathering

CONCEPTUAL FRAMEWORK

Based on Noor et al. 2016a, b

CONCEPTUAL FRAMEWORK

Three layers’ functions.1. Cloud Service

Provider Layer offer Data storage and analytics.

2. TMS Layer control data flow, user request, and server access.

3. Cloud-based Supply Chain Layer access data and receive request result.

Agenda

• INTRODUCTION

– Collaborators

– Background and Motivation

• STATE OF THE ART

• CONCEPTUAL FRAMEWORK

• RESEARCH METHODS

• FINDINGS AND DISCUSSION

Cloud-based Supply Chain Trust Management

Case Study Techniques

• Project duration: Fall 2016 – Spring 2017

• Master Plan for field work and collaboration

• Active participation in R&D activities

– Deductive approach for empirical studies

– Inductive approach for theory building

• Data collection methods

– F2F meetings, teleconferences, emails,

– Print and digital media and unpublished reports

RESEARCH METHODS

Case Company Profile and SC

• Medical Cloud Service (MCS), Inc.

– a Houston-based CSP

– provides information system services for hospitals in Houston, TX, and St. Louis, MO areas.

• This cloud-based system connects the CSP with hospitals and medical equipment vendors.

• MCS forms strategic partnerships with local shipping companies to transport the medical equipment.

Company Profile

Agenda

• INTRODUCTION

– Collaborators

– Background and Motivation

• STATE OF THE ART

• CONCEPTUAL FRAMEWORK

• RESEARCH METHODS

• FINDINGS AND DISCUSSION

Cloud-based Supply Chain Trust Management

Trust Control as the Analytical Lens

• MCS ICT architecture

• Trust management set-ups

• Cybersecurity aspects as the emphasis of TMS

– Practices

– Weaknesses and vulnerabilities

• Countermeasures and recommendations

FINDINGS AND DISCUSSION

Med Asset Tracking & Data-generating Processes

• Using Bar-codes on existing track-able equipment in hospitals to count each individual piece of equipment.

• GPS location of devices that scans the object becomes the current location of the device.

• MCS relies on Bluetooth Low Energy Beacons to track equipment and the GPS tracking to monitor equipment during transportation.

FINDINGS AND DISCUSSION

Current State of Trust Management

FINDINGS AND DISCUSSION

In the MCS design, potential attackers could attack the system through: (1) Supply Chain Service Provider or (2) Direct breaches into CSPL and MSCUL. Additional controls are needed to make the system safe.

Weaknesses and Vulnerabilities

• Minimum level of trust feedback and data security

• Firewall and anti-virus tools

– In essence, a reactive measure

– Do not provide attacker identification, recovery, backup, and/or sensitive data encryption the cloud-based system

• Capabilities on continuity, compliance, and quality control of users in the entire cloud-based supply chain do not exist

FINDINGS AND DISCUSSION

Proposed Improvements

FINDINGS AND DISCUSSION

Enhancement through Cybersecurity Techniques

• The TMS strengthens the trustworthiness through: Identify database, access control, and supply chain-wide identify management.

• New Identify & Access Management algorithms and a new Federation Identify systems are added to the TMS framework.

• Access control and encryption mechanisms are added the existing firewall and antivirus software functions.

FINDINGS AND DISCUSSION

Thank you for the attentions!

• Questions and Answers