Modeling and evaluating information leakage caused by inferences in supply chains

While information sharing can benefit supply chains significantly, it may also have an adverse effect, namely, information leakage. A limitation common to many existing solutions for preventing information leakage in supply chains is that they rely, either implicitly or explicitly, upon two unrealistic assumptions. First, what information is confidential is well known. Second, confidential information will not be revealed, if only it is not shared, regardless of how much other information is being shared. As we shall show in this paper, those assumptions are not always true due to potential information leakage caused by inferences. Specifically, we propose a conceptual model of such information leakage. The model will enable companies in a supply chain to better understand how their confidential information may be leaked through inferences. On the basis of the proposed conceptual model, we then devise a quantitative approach to evaluating the risk of information leakage caused by inferences when a given amount of information is shared. The quantitative approach will allow companies in a supply chain to measure and consequently mitigate the risk of information leakage. Finally, we discuss a case study to illustrate how the proposed approaches work in practice.

[1]  J. Steenkamp,et al.  Make, buy, or ally: A transaction cost theory meta-analysis , 2006 .

[2]  Rajit Gadh,et al.  Collaborative virtual prototyping of product assemblies over the Internet , 2002, Comput. Aided Des..

[3]  P. Fiala Information sharing in supply chains , 2005 .

[4]  Yong Zeng,et al.  Understanding design activities through computer simulation , 2009, Adv. Eng. Informatics.

[5]  George Q. Huang,et al.  The impacts of sharing production information on supply chain dynamics: A review of the literature , 2003 .

[6]  Weidong Li,et al.  State-of-the-art technologies and methodologies for collaborative product development systems , 2006 .

[7]  José Carlos Brustoloni,et al.  Intellectual Property Protection in Collaborative Design through Lean Information Modeling and Sharing , 2006, J. Comput. Inf. Sci. Eng..

[9]  Yong Zeng,et al.  Mathematical Foundation for Modeling Conceptual Design Sketches1 , 2004, Journal of Computing and Information Science in Engineering.

[10]  Hongtao Zhang VERTICAL INFORMATION EXCHANGE IN A SUPPLY CHAIN WITH DUOPOLY RETAILERS , 2002 .

[11]  Shuai Liu,et al.  A Game Theoretic Approach to Optimize the Performance of Host-Based IDS , 2008, 2008 IEEE International Conference on Wireless and Mobile Computing, Networking and Communications.

[12]  Ravi S. Sandhu,et al.  RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role-Based Access Control" , 2007, IEEE Security & Privacy.

[13]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[14]  Rajit Gadh,et al.  Internet-based collaborative product design with assembly features and virtual design spaces , 2001, Comput. Aided Des..

[15]  Philip M. Kaminsky,et al.  Designing and managing the supply chain : concepts, strategies, and case studies , 2007 .

[16]  Lode Li Information Sharing in a Supply Chain with Horizontal Competition , 2002, Manag. Sci..

[17]  Carl Bartz,et al.  The Department of State , 1989 .

[18]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2000, Journal of Cryptology.

[19]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, ACM Comput. Surv..

[20]  Vineet Padmanabhan,et al.  Comments on "Information Distortion in a Supply Chain: The Bullwhip Effect" , 1997, Manag. Sci..

[21]  Alan Calder,et al.  Information Security Based on ISO 27001/ISO 17799: A Management Guide , 2006 .

[22]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[23]  Brahim Chaib-draa,et al.  Information Sharing as a Coordination Mechanism for Reducing the Bullwhip Effect in a Supply Chain , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[24]  Wendy Hui Wang,et al.  Privacy-preserving data publishing , 2010, 2010 IEEE 26th International Conference on Data Engineering Workshops (ICDEW 2010).

[25]  W. C. Benton,et al.  Supply chain practice and information sharing , 2007 .

[26]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[27]  Eric Choi,et al.  The impact of US export controls on the Canadian space industry , 2006 .

[28]  Tatu Ylönen,et al.  The Secure Shell (SSH) Authentication Protocol , 2006, RFC.

[29]  Yong Zeng,et al.  Environment-Based formulation of Design Problem , 2004, Trans. SDPS.

[30]  Yan Wang,et al.  Design formalism for collaborative assembly design , 2004, Comput. Aided Des..

[31]  Uta Jüttner Supply chain risk management: Understanding the business requirements from a practitioner perspective , 2005 .

[32]  D. Simchi-Levi Designing And Managing The Supply Chain , 2007 .

[33]  Manu Goyal,et al.  Strategic Information Management Under Leakage in a Supply Chain , 2009, Manag. Sci..

[34]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[35]  R. Handfield,et al.  Success factors in strategic supplier alliances: The buying company perspective , 1998 .

[36]  R. Eltantawy,et al.  Securing the upstream supply chain: a risk management approach , 2004 .

[37]  Yong Zeng,et al.  Recursive object model (ROM) - Modelling of linguistic information in engineering design , 2008, Comput. Ind..

[38]  Yong Zeng,et al.  On the logic of design , 1991 .

[39]  impactbnd International Traffic in Arms Regulations , 2011 .

[40]  JungHyun Han,et al.  Role-based viewing envelopes for information protection in collaborative modeling , 2004, Comput. Aided Des..

[41]  Hyunseung Choo,et al.  Multi-Level modeling and access control for data sharing in collaborative design , 2006, Adv. Eng. Informatics.

[42]  W. B. Lee,et al.  A security model for distributed product data management system , 2003, Comput. Ind..

[43]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[44]  Tetsuo Tomiyama,et al.  Advanced Engineering Informatics , 2007, Adv. Eng. Informatics.

[45]  P. Trott,et al.  Outsourcing, information leakage and the risk of losing technology based competencies , 2006 .

[46]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[47]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[48]  JungHyun Han,et al.  Hierarchical Role-Based Viewing for Multilevel Information Security in Collaborative CAD , 2006, J. Comput. Inf. Sci. Eng..

[49]  Eduardo Gelbstein,et al.  Outsourcing , 2002, Encyclopedia of Information Systems.

[50]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[51]  Hau L. Lee,et al.  Information sharing in a supply chain , 2000, Int. J. Manuf. Technol. Manag..

[52]  Vitaly Shmatikov,et al.  Finite-State Analysis of SSL 3.0 , 1998, USENIX Security Symposium.

[53]  Kamel Rouibah,et al.  Dynamic data sharing and security in a collaborative product definition management system , 2007 .

[54]  Soonhung Han,et al.  Protection of intellectual property based on a skeleton model in product design collaboration , 2009, Comput. Aided Des..

[55]  Yuh-Min Chen,et al.  Developing a trust evaluation method between co-workers in virtual project team for enabling resource sharing and collaboration , 2008, Comput. Ind..

[56]  Yong Zeng,et al.  Axiomatic Theory of Design Modeling , 2002, Trans. SDPS.

[57]  Paul Trott,et al.  Innovation risks of strategic outsourcing , 2006 .

[58]  Li Chen,et al.  Internet-enabled real-time collaborative assembly modeling via an e-Assembly system: status and promise , 2004, Comput. Aided Des..

[59]  Wei Liu,et al.  Development of Mathematical Models for Secure Collaboration in Product Lifecycle Management , 2009 .

[60]  Yong Zeng,et al.  A science-based approach to product design theory Part I: formulation and formalization of design process , 1999 .

[61]  Shawn Cheadle Export compliance : Understanding ITAR and EAR , 2005 .

[62]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[63]  L. D. Boer,et al.  A review of methods supporting supplier selection , 2001 .

[64]  Yong Zeng,et al.  A science-based approach to product design theory Part II: formulation of design requirements and products , 1999 .

[65]  Weiming Shen,et al.  A review of Internet-based product information sharing and visualization , 2004, Comput. Ind..

[66]  R. Handfield,et al.  Supplier integration into new product development: coordinating product, process and supply chain design , 2005 .

[67]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[68]  John R. Liebman,et al.  A Guide to Export Controls for the Non-Specialist , 2006 .

[69]  Kevin McCormack,et al.  Analysing risks in supply networks to facilitate outsourcing decisions , 2010 .

[70]  Christopher S. Tang,et al.  The Value of Information Sharing in a Two-Level Supply Chain , 2000 .

[71]  Hicham G. Elmongui,et al.  Secure supply-chain protocols , 2003, EEE International Conference on E-Commerce, 2003. CEC 2003..