Academic journal article Communications of the IIMA

Modeling in Confidentiality and Integrity for a Supply Chain Network

Academic journal article Communications of the IIMA

Modeling in Confidentiality and Integrity for a Supply Chain Network

Article excerpt

ABSTRACT

Bell-LaPadula Model and Markov Chain Model are used for supply chain networks in the previous literature. However, Bell-LaPadula Model only considers the confidentiality aspect of security. Markov Chain Model is used to simulate the dynamics of the security states. In a typical supply chain network, the integrity of business transactions should be as important as confidentiality of those transactions. The purpose of this paper is to apply Clark-Wilson model to the supply chain network integrity. The major concepts of the Clark-Wilson model such as separation of duty, constrained data items, well-formed transactions, and transform procedures are applied to different situations of a supply chain network.

INTRODUCTION

A supply chain is a sequence of processes that take place between customers, manufacturers/distributors and suppliers (Chopra & Meindl, 2006). Narrow definition of supply chain network, or suppliers relationship management (SRM) is limited to the management of relationship between suppliers and manufacturers (or retail-chain distributors). The broader definition of a supply chain network includes all the parties from customers to suppliers. Therefore, it further includes customer relationship management (CRM), warehousing, production, and product design. Most textbooks use the broader definition for supply chain management. Today most large manufacturers such as General Motor or retail-chain distributors such as Wal-Mart are in the form of supply chain networks.

One of the major goals of supply chain management is to minimize the total system costs from customers to suppliers so it can attract and retain customers in a competitive environment. Another major goal of supply chain management is to achieve the efficiency of supply chain network so it can meet the philosophy of just-in-time manufacturing/delivery. The efficiency of a supply chain network is relied on the success of the supply information network software system and IT infrastructure. A broader supply chain network system includes Enterprise Resources Planning (ERP) and Customer Relationship Management (CRM) systems. The Intranet or extranet are examples for IT infrastructure for the supply chain network. Another important issue of a supply chain network is the security of the information system. In a supply chain network, most suppliers may have conflict of interests so the integrity and confidentially of the information is important in a supply chain network.

Chen et. al. (2006) proposed the application of Bell-LaPadula model in the design of a supply chain network. In the Bell-LaPadula model a subject has a security clearance and an object has a security classification. The goal of the Bell-LaPadula security model is to prevent "read" access to objects at a security classification higher than the subject's clearance (Bishop, 2003). However, the Bell-LaPadula Model only considers the confidentiality aspect of security. In a typical supply chain network, the integrity of business transactions should be as important as confidentiality of those transactions.

The Clark-Wilson model is one of the security models for information integrity for a business environment. This paper attempts to model the security on a supply chain network using the Clark-Wilson Model by applying the major concepts such as separation of duty and transformation procedures (TP) in different supply chain situations.

LITERATURE REVIEW

Information Security

The word "information" is defined as "Knowledge obtained from investigation, study, or instruction; Intelligence, News; Facts, Data" (Merriam-Webster Online, 2006). And the word "security" is defined as "measures taken to guard against espionage or sabotage, crime, attack, or escape". Therefore, after combine these two definitions, information security can be defined as "measures, for which knowledge obtained from investigation, study, or instruction; intelligence, news taken to guard against espionage or sabotage, crime, attack, or escape". …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.