Visible to the public Biblio

Filters: Keyword is supply chain  [Clear All Filters]
2021-03-29
Das, T., Eldosouky, A. R., Sengupta, S..  2020.  Think Smart, Play Dumb: Analyzing Deception in Hardware Trojan Detection Using Game Theory. 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). :1–8.
In recent years, integrated circuits (ICs) have become significant for various industries and their security has been given greater priority, specifically in the supply chain. Budgetary constraints have compelled IC designers to offshore manufacturing to third-party companies. When the designer gets the manufactured ICs back, it is imperative to test for potential threats like hardware trojans (HT). In this paper, a novel multi-level game-theoretic framework is introduced to analyze the interactions between a malicious IC manufacturer and the tester. In particular, the game is formulated as a non-cooperative, zero-sum, repeated game using prospect theory (PT) that captures different players' rationalities under uncertainty. The repeated game is separated into a learning stage, in which the defender learns about the attacker's tendencies, and an actual game stage, where this learning is used. Experiments show great incentive for the attacker to deceive the defender about their actual rationality by "playing dumb" in the learning stage (deception). This scenario is captured using hypergame theory to model the attacker's view of the game. The optimal deception rationality of the attacker is analytically derived to maximize utility gain. For the defender, a first-step deception mitigation process is proposed to thwart the effects of deception. Simulation results show that the attacker can profit from the deception as it can successfully insert HTs in the manufactured ICs without being detected.
2021-02-23
Gamba, J., Rashed, M., Razaghpanah, A., Tapiador, J., Vallina-Rodriguez, N..  2020.  An Analysis of Pre-installed Android Software. 2020 IEEE Symposium on Security and Privacy (SP). :1039—1055.

The open-source nature of the Android OS makes it possible for manufacturers to ship custom versions of the OS along with a set of pre-installed apps, often for product differentiation. Some device vendors have recently come under scrutiny for potentially invasive private data collection practices and other potentially harmful or unwanted behavior of the preinstalled apps on their devices. Yet, the landscape of preinstalled software in Android has largely remained unexplored, particularly in terms of the security and privacy implications of such customizations. In this paper, we present the first large- scale study of pre-installed software on Android devices from more than 200 vendors. Our work relies on a large dataset of real-world Android firmware acquired worldwide using crowd-sourcing methods. This allows us to answer questions related to the stakeholders involved in the supply chain, from device manufacturers and mobile network operators to third- party organizations like advertising and tracking services, and social network platforms. Our study allows us to also uncover relationships between these actors, which seem to revolve primarily around advertising and data-driven services. Overall, the supply chain around Android's open source model lacks transparency and has facilitated potentially harmful behaviors and backdoored access to sensitive data and services without user consent or awareness. We conclude the paper with recommendations to improve transparency, attribution, and accountability in the Android ecosystem.

2020-11-02
Wang, Jiawei, Zhang, Yuejun, Wang, Pengjun, Luan, Zhicun, Xue, Xiaoyong, Zeng, Xiaoyang, Yu, Qiaoyan.  2019.  An Orthogonal Algorithm for Key Management in Hardware Obfuscation. 2019 Asian Hardware Oriented Security and Trust Symposium (AsianHOST). :1—4.

The globalization of supply chain makes semiconductor chips susceptible to various security threats. Design obfuscation techniques have been widely investigated to thwart intellectual property (IP) piracy attacks. Key distribution among IP providers, system integration team, and end users remains as a challenging problem. This work proposes an orthogonal obfuscation method, which utilizes an orthogonal matrix to authenticate obfuscation keys, rather than directly examining each activation key. The proposed method hides the keys by using an orthogonal obfuscation algorithm to increasing the key retrieval time, such that the primary keys for IP cores will not be leaked. The simulation results show that the proposed method reduces the key retrieval time by 36.3% over the baseline. The proposed obfuscation methods have been successfully applied to ISCAS'89 benchmark circuits. Experimental results indicate that the orthogonal obfuscation only increases the area by 3.4% and consumes 4.7% more power than the baseline1.

2020-10-06
Ur-Rehman, Attiq, Gondal, Iqbal, Kamruzzuman, Joarder, Jolfaei, Alireza.  2019.  Vulnerability Modelling for Hybrid IT Systems. 2019 IEEE International Conference on Industrial Technology (ICIT). :1186—1191.

Common vulnerability scoring system (CVSS) is an industry standard that can assess the vulnerability of nodes in traditional computer systems. The metrics computed by CVSS would determine critical nodes and attack paths. However, traditional IT security models would not fit IoT embedded networks due to distinct nature and unique characteristics of IoT systems. This paper analyses the application of CVSS for IoT embedded systems and proposes an improved vulnerability scoring system based on CVSS v3 framework. The proposed framework, named CVSSIoT, is applied to a realistic IT supply chain system and the results are compared with the actual vulnerabilities from the national vulnerability database. The comparison result validates the proposed model. CVSSIoT is not only effective, simple and capable of vulnerability evaluation for traditional IT system, but also exploits unique characteristics of IoT devices.

2020-03-12
Salmani, Hassan, Hoque, Tamzidul, Bhunia, Swarup, Yasin, Muhammad, Rajendran, Jeyavijayan JV, Karimi, Naghmeh.  2019.  Special Session: Countering IP Security Threats in Supply Chain. 2019 IEEE 37th VLSI Test Symposium (VTS). :1–9.

The continuing decrease in feature size of integrated circuits, and the increase of the complexity and cost of design and fabrication has led to outsourcing the design and fabrication of integrated circuits to third parties across the globe, and in turn has introduced several security vulnerabilities. The adversaries in the supply chain can pirate integrated circuits, overproduce these circuits, perform reverse engineering, and/or insert hardware Trojans in these circuits. Developing countermeasures against such security threats is highly crucial. Accordingly, this paper first develops a learning-based trust verification framework to detect hardware Trojans. To tackle Trojan insertion, IP piracy and overproduction, logic locking schemes and in particular stripped functionality logic locking is discussed and its resiliency against the state-of-the-art attacks is investigated.

2020-02-24
Ahmadi-Assalemi, Gabriela, al-Khateeb, Haider M., Epiphaniou, Gregory, Cosson, Jon, Jahankhani, Hamid, Pillai, Prashant.  2019.  Federated Blockchain-Based Tracking and Liability Attribution Framework for Employees and Cyber-Physical Objects in a Smart Workplace. 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3). :1–9.
The systematic integration of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) into the supply chain to increase operational efficiency and quality has also introduced new complexities to the threat landscape. The myriad of sensors could increase data collection capabilities for businesses to facilitate process automation aided by Artificial Intelligence (AI) but without adopting an appropriate Security-by-Design framework, threat detection and response are destined to fail. The emerging concept of Smart Workplace incorporates many CPS (e.g. Robots and Drones) to execute tasks alongside Employees both of which can be exploited as Insider Threats. We introduce and discuss forensic-readiness, liability attribution and the ability to track moving Smart SPS Objects to support modern Digital Forensics and Incident Response (DFIR) within a defence-in-depth strategy. We present a framework to facilitate the tracking of object behaviour within Smart Controlled Business Environments (SCBE) to support resilience by enabling proactive insider threat detection. Several components of the framework were piloted in a company to discuss a real-life case study and demonstrate anomaly detection and the emerging of behavioural patterns according to objects' movement with relation to their job role, workspace position and nearest entry or exit. The empirical data was collected from a Bluetooth-based Proximity Monitoring Solution. Furthermore, a key strength of the framework is a federated Blockchain (BC) model to achieve forensic-readiness by establishing a digital Chain-of-Custody (CoC) and a collaborative environment for CPS to qualify as Digital Witnesses (DW) to support post-incident investigations.
2020-02-17
Shukla, Meha, Johnson, Shane D., Jones, Peter.  2019.  Does the NIS implementation strategy effectively address cyber security risks in the UK? 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). :1–11.
This research explored how cyber security risks are managed across UK Critical National Infrastructure (CNI) sectors following implementation of the 2018 Networks and Information Security (NIS) legislation. Being in its infancy, there has been limited study into the effectiveness of this national framework for cyber risk management. The analysis of data gathered through interviews with key stakeholders against the NIS objectives indicated a collaborative implementation approach to improve cyber-risk management capabilities in CNI sectors. However, more work is required to bridge the gaps in the NIS framework to ensure holistic security across cyber spaces as well as non-cyber elements: cyber-physical security, cross-sector CNI service security measures, outcome-based regulatory assessments and risks due to connected smart technology implementations alongside legacy systems. This paper proposes ten key recommendations to counter the danger of not meeting the NIS key strategic objectives. In particular, it recommends that the approach to NIS implementation needs further alignment with its objectives, such as bringing a step-change in the cyber-security risk management capabilities of the CNI sectors.
2020-01-27
Akinrolabu, Olusola, New, Steve, Martin, Andrew.  2019.  Assessing the Security Risks of Multicloud SaaS Applications: A Real-World Case Study. 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :81–88.

Cloud computing is widely believed to be the future of computing. It has grown from being a promising idea to one of the fastest research and development paradigms of the computing industry. However, security and privacy concerns represent a significant hindrance to the widespread adoption of cloud computing services. Likewise, the attributes of the cloud such as multi-tenancy, dynamic supply chain, limited visibility of security controls and system complexity, have exacerbated the challenge of assessing cloud risks. In this paper, we conduct a real-world case study to validate the use of a supply chaininclusive risk assessment model in assessing the risks of a multicloud SaaS application. Using the components of the Cloud Supply Chain Cyber Risk Assessment (CSCCRA) model, we show how the model enables cloud service providers (CSPs) to identify critical suppliers, map their supply chain, identify weak security spots within the chain, and analyse the risk of the SaaS application, while also presenting the value of the risk in monetary terms. A key novelty of the CSCCRA model is that it caters for the complexities involved in the delivery of SaaS applications and adapts to the dynamic nature of the cloud, enabling CSPs to conduct risk assessments at a higher frequency, in response to a change in the supply chain.

2019-10-02
Wang, S., Zhu, S., Zhang, Y..  2018.  Blockchain-Based Mutual Authentication Security Protocol for Distributed RFID Systems. 2018 IEEE Symposium on Computers and Communications (ISCC). :00074–00077.

Since radio frequency identification (RFID) technology has been used in various scenarios such as supply chain, access control system and credit card, tremendous efforts have been made to improve the authentication between tags and readers to prevent potential attacks. Though effective in certain circumstances, these existing methods usually require a server to maintain a database of identity related information for every tag, which makes the system vulnerable to the SQL injection attack and not suitable for distributed environment. To address these problems, we now propose a novel blockchain-based mutual authentication security protocol. In this new scheme, there is no need for the trusted third parties to provide security and privacy for the system. Authentication is executed as an unmodifiable transaction based on blockchain rather than database, which applies to distributed RFID systems with high security demand and relatively low real-time requirement. Analysis shows that our protocol is logically correct and can prevent multiple attacks.

2019-09-11
Moyne, J., Mashiro, S., Gross, D..  2018.  Determining a Security Roadmap for the Microelectronics Industry. 2018 29th Annual SEMI Advanced Semiconductor Manufacturing Conference (ASMC). :291–294.

The evolution of the microelectronics manufacturing industry is characterized by increased complexity, analysis, integration, distribution, data sharing and collaboration, all of which is enabled by the big data explosion. This evolution affords a number of opportunities in improved productivity and quality, and reduced cost, however it also brings with it a number of risks associated with maintaining security of data systems. The International Roadmap for Devices and System Factory Integration International Focus Team (IRDS FI IFT) determined that a security technology roadmap for the industry is needed to better understand the needs, challenges and potential solutions for security in the microelectronics industry and its supply chain. As a first step in providing this roadmap, the IFT conducted a security survey, soliciting input from users, suppliers and OEMs. Preliminary results indicate that data partitioning with IP protection is the number one topic of concern, with the need for industry-wide standards as the second most important topic. Further, the "fear" of security breach is considered to be a significant hindrance to Advanced Process Control efforts as well as use of cloud-based solutions. The IRDS FI IFT will endeavor to provide components of a security roadmap for the industry in the 2018 FI chapter, leveraging the output of the survey effort combined with follow-up discussions with users and consultations with experts.

2019-03-15
Crouch, A., Hunter, E., Levin, P. L..  2018.  Enabling Hardware Trojan Detection and Prevention through Emulation. 2018 IEEE International Symposium on Technologies for Homeland Security (HST). :1-5.

Hardware Trojans, implantable at a myriad of points within the supply chain, are difficult to detect and identify. By emulating systems on programmable hardware, the authors have created a tool from which to create and evaluate Trojan attack signatures and therefore enable better Trojan detection (for in-service systems) and prevention (for in-design systems).

2019-02-25
Winter, A., Deniaud, I., Marmier, F., Caillaud, E..  2018.  A risk assessment model for supply chain design. Implementation at Kuehne amp;\#x002B; Nagel Luxembourg. 2018 4th International Conference on Logistics Operations Management (GOL). :1–8.
Every company may be located at the junction of several Supply Chains (SCs) to meet the requirements of many different end customers. To achieve a sustainable competitive advantage over its business rivals, a company needs to continuously improve its relations to its different stakeholders as well as its performance in terms of integrating its decision processes and hence, its communication and information systems. Furthermore, customers' growing awareness of green and sustainable matters and new national and international regulations force enterprises to rethink their whole system. In this paper we propose a model to quantify the identified potential risks to assist in designing or re-designing a supply chain. So that managers may take adequate decisions to have the continuing ability of satisfying customers' requirements. A case study, developed at kuehne + nagel Luxembourg is provided.
2019-02-18
Hilt, Michael, Shao, Daniel, Yang, Baijian.  2018.  RFID Security, Verification, and Blockchain: Vulnerabilities Within the Supply Chain for Food Security. Proceedings of the 19th Annual SIG Conference on Information Technology Education. :145–145.

Over the past few decades, radio frequency identification (RFID) technology has been an important factor in securing products along the agri-food supply chain. However, there still exist security vulnerabilities when registering products to a specific RFID tag, particularly regarding the ease at which tags can be cloned. In this paper, a potential attack, labeled the "Hilt Shao attack", is identified which could occur during the initial phases of product registration, and demonstrate the type of attack using UID and CUID tags. Furthermore, a system is proposed using blockchain technology in order for the attacker to hide the cloned tag information. Results show that this attack, if carried out, can negate the profits of distributors along the supply chain, and negatively affect the consumer.

Alzahrani, Naif, Bulusu, Nirupama.  2018.  Block-Supply Chain: A New Anti-Counterfeiting Supply Chain Using NFC and Blockchain. Proceedings of the 1st Workshop on Cryptocurrencies and Blockchains for Distributed Systems. :30–35.
Current anti-counterfeiting supply chains rely on a centralized authority to combat counterfeit products. This architecture results in issues such as single point processing, storage, and failure. Blockchain technology has emerged to provide a promising solution for such issues. In this paper, we propose the block-supply chain, a new decentralized supply chain that detects counterfeiting attacks using blockchain and Near Field Communication (NFC) technologies. Block-supply chain replaces the centralized supply chain design and utilizes a new proposed consensus protocol that is, unlike existing protocols, fully decentralized and balances between efficiency and security. Our simulations show that the proposed protocol offers remarkable performance with a satisfactory level of security compared to the state of the art consensus protocol Tendermint.
2018-12-03
Larsson, A., Ibrahim, O., Olsson, L., Laere, J. van.  2017.  Agent based simulation of a payment system for resilience assessments. 2017 IEEE International Conference on Industrial Engineering and Engineering Management (IEEM). :314–318.

We provide an agent based simulation model of the Swedish payment system. The simulation model is to be used to analyze the consequences of loss of functionality, or disruptions of the payment system for the food and fuel supply chains as well as the bank sector. We propose a gaming simulation approach, using a computer based role playing game, to explore the collaborative responses from the key actors, in order to evoke and facilitate collective resilience.

Khayyam, Y. E., Herrou, B..  2017.  Risk assessment of the supply chain: Approach based on analytic hierarchy process and group decision-making. 2017 International Colloquium on Logistics and Supply Chain Management (LOGISTIQUA). :135–141.

Faced with a turbulent economic, political and social environment, Companies need to build effective risk management systems in their supply chains. Risk management can only be effective when the risks identification and analysis are enough accurate. In this perspective, this paper proposes a risk assessment approach based on the analytic hierarchy process and group decision making. In this study, a new method is introduced that will reduce the impact of incoherent judgments on group decision-making, It is, the “reduced weight function” that decreases the weight associated to a member of the expert panel based on the consistency of its judgments.

2018-05-01
Dofe, Jaya, Gu, Peng, Stow, Dylan, Yu, Qiaoyan, Kursun, Eren, Xie, Yuan.  2017.  Security Threats and Countermeasures in Three-Dimensional Integrated Circuits. Proceedings of the on Great Lakes Symposium on VLSI 2017. :321–326.

Existing works on Three-dimensional (3D) hardware security focus on leveraging the unique 3D characteristics to address the supply chain attacks that exist in 2D design. However, 3D ICs introduce specific and unexplored challenges as well as new opportunities for managing hardware security. In this paper, we analyze new security threats unique to 3D ICs. The corresponding attack models are summarized for future research. Furthermore, existing representative countermeasures, including split manufacturing, camouflaging, transistor locking, techniques against thermal signal based side-channel attacks, and network-on-chip based shielding plane (NoCSIP) for different hardware threats are reviewed and categorized. Moreover, preliminary countermeasures are proposed to thwart TSV-based hardware Trojan insertion attacks.

2018-01-23
Zhang, Dongrong, He, Miao, Wang, Xiaoxiao, Tehranipoor, M..  2017.  Dynamically obfuscated scan for protecting IPs against scan-based attacks throughout supply chain. 2017 IEEE 35th VLSI Test Symposium (VTS). :1–6.

Scan-based test is commonly used to increase testability and fault coverage, however, it is also known to be a liability for chip security. Research has shown that intellectual property (IP) or secret keys can be leaked through scan-based attacks. In this paper, we propose a dynamically-obfuscated scan design for protecting IPs against scan-based attacks. By perturbing all test patterns/responses and protecting the obfuscation key, the proposed architecture is proven to be robust against existing non-invasive scan attacks, and can protect all scan data from attackers in foundry, assembly, and system developers (i.e., OEMs) without compromising the testability. Furthermore, the proposed architecture can be easily plugged into EDA generated scan chains without having a noticeable impact on conventional integrated circuit (IC) design, manufacturing, and test flow. Finally, detailed security and experimental analyses have been performed on several benchmarks. The results demonstrate that the proposed method can protect chips from existing brute force, differential, and other scan-based attacks that target the obfuscation key. The proposed design is of low overhead on area, power consumption, and pattern generation time, and there is no impact on test time.

2017-12-28
Suebsombut, P., Sekhari, A., Sureepong, P., Ueasangkomsate, P., Bouras, A..  2017.  The using of bibliometric analysis to classify trends and future directions on \#x201C;smart farm \#x201D;. 2017 International Conference on Digital Arts, Media and Technology (ICDAMT). :136–141.

Climate change has affected the cultivation in all countries with extreme drought, flooding, higher temperature, and changes in the season thus leaving behind the uncontrolled production. Consequently, the smart farm has become part of the crucial trend that is needed for application in certain farm areas. The aims of smart farm are to control and to enhance food production and productivity, and to increase farmers' profits. The advantages in applying smart farm will improve the quality of production, supporting the farm workers, and better utilization of resources. This study aims to explore the research trends and identify research clusters on smart farm using bibliometric analysis that has supported farming to improve the quality of farm production. The bibliometric analysis is the method to explore the relationship of the articles from a co-citation network of the articles and then science mapping is used to identify clusters in the relationship. This study examines the selected research articles in the smart farm field. The area of research in smart farm is categorized into two clusters that are soil carbon emission from farming activity, food security and farm management by using a VOSviewer tool with keywords related to research articles on smart farm, agriculture, supply chain, knowledge management, traceability, and product lifecycle management from Web of Science (WOS) and Scopus online database. The major cluster of smart farm research is the soil carbon emission from farming activity which impacts on climate change that affects food production and productivity. The contribution is to identify the trends on smart farm to develop research in the future by means of bibliometric analysis.

2017-05-17
Guin, Ujjwal, Shi, Qihang, Forte, Domenic, Tehranipoor, Mark M..  2016.  FORTIS: A Comprehensive Solution for Establishing Forward Trust for Protecting IPs and ICs. ACM Trans. Des. Autom. Electron. Syst.. 21:63:1–63:20.

With the advent of globalization in the semiconductor industry, it is necessary to prevent unauthorized usage of third-party IPs (3PIPs), cloning and unwanted modification of 3PIPs, and unauthorized production of ICs. Due to the increasing complexity of ICs, system-on-chip (SoC) designers use various 3PIPs in their design to reduce time-to-market and development costs, which creates a trust issue between the SoC designer and the IP owners. In addition, as the ICs are fabricated around the globe, the SoC designers give fabrication contracts to offshore foundries to manufacture ICs and have little control over the fabrication process, including the total number of chips fabricated. Similarly, the 3PIP owners lack control over the number of fabricated chips and/or the usage of their IPs in an SoC. Existing research only partially addresses the problems of IP piracy and IC overproduction, and to the best of our knowledge, there is no work that considers IP overuse. In this article, we present a comprehensive solution for preventing IP piracy and IC overproduction by assuring forward trust between all entities involved in the SoC design and fabrication process. We propose a novel design flow to prevent IC overproduction and IP overuse. We use an existing logic encryption technique to obfuscate the netlist of an SoC or a 3PIP and propose a modification to enable manufacturing tests before the activation of chips which is absolutely necessary to prevent overproduction. We have used asymmetric and symmetric key encryption, in a fashion similar to Pretty Good Privacy (PGP), to transfer keys from the SoC designer or 3PIP owners to the chips. In addition, we also propose to attach an IP digest (a cryptographic hash of the entire IP) to the header of an IP to prevent modification of the IP by the SoC designers. We have shown that our approach is resistant to various attacks with the cost of minimal area overhead.

2017-03-08
Yang, K., Forte, D., Tehranipoor, M..  2015.  An RFID-based technology for electronic component and system Counterfeit detection and Traceability. 2015 IEEE International Symposium on Technologies for Homeland Security (HST). :1–6.

The vulnerabilities in today's supply chain have raised serious concerns about the security and trustworthiness of electronic components and systems. Testing for device provenance, detection of counterfeit integrated circuits/systems, and traceability are challenging issues to address. In this paper, we develop a novel RFID-based system suitable for electronic component and system Counterfeit detection and System Traceability called CST. CST is composed of different types of on-chip sensors and in-system structures that provide the information needed to detect multiple counterfeit IC types (recycled, cloned, etc.), verify the authenticity of the system with some degree of confidence, and track/identify boards. Central to CST is an RFID tag employed as storage and a channel to read the information from different types of chips on the printed circuit board (PCB) in both power-off and power-on scenarios. Simulations and experimental results using Spartan 3E FPGAs demonstrate the effectiveness of this system. The efficiency of the radio frequency (RF) communication has also been verified via a PCB prototype with a printed slot antenna.

Li, Gaochao, Xu, Xiaolin, Li, Qingshan.  2015.  LADP: A lightweight authentication and delegation protocol for RFID tags. 2015 Seventh International Conference on Ubiquitous and Future Networks. :860–865.

In recent years, the issues of RFID security and privacy are a concern. To prevent the tag is cloned, physically unclonable function (PUF) has been proposed. In each PUF-enabled tag, the responses of PUF depend on the structural disorder that cannot be cloned or reproduced. Therefore, many responses need to store in the database in the initial phase of many authentication protocols. In the supply chain, the owners of the PUF-enabled Tags change frequently, many authentication and delegation protocols are proposed. In this paper, a new lightweight authentication and delegation protocol for RFID tags (LADP) is proposed. The new protocol does not require pre-stored many PUF's responses in the database. When the authentication messages are exchanged, the next response of PUF is passed to the reader secretly. In the transfer process of ownership, the new owner will not get the information of the interaction of the original owner. It can protect the privacy of the original owner. Meanwhile, the original owner cannot continue to access or track the tag. It can protect the privacy of the new owner. In terms of efficiency, the new protocol replaces the pseudorandom number generator with the randomness of PUF that suitable for use in the low-cost tags. The cost of computation and communication are reduced and superior to other protocols.

Bass, L., Holz, R., Rimba, P., Tran, A. B., Zhu, L..  2015.  Securing a Deployment Pipeline. 2015 IEEE/ACM 3rd International Workshop on Release Engineering. :4–7.

At the RELENG 2014 Q&A, the question was asked, “What is your greatest concern?” and the response was “someone subverting our deployment pipeline”. That is the motivation for this paper. We explore what it means to subvert a pipeline and provide several different scenarios of subversion. We then focus on the issue of securing a pipeline. As a result, we provide an engineering process that is based on having trusted components mediate access to sensitive portions of the pipeline from other components, which can remain untrusted. Applying our process to a pipeline we constructed involving Chef, Jenkins, Docker, Github, and AWS, we find that some aspects of our process result in easy to make changes to the pipeline, whereas others are more difficult. Consequently, we have developed a design that hardens the pipeline, although it does not yet completely secure it.

Castro, J. A. O., G, W. A. Casilimas, Ramírez, M. M. H..  2015.  Impact analysis of transport capacity and food safety in Bogota. 2015 Workshop on Engineering Applications - International Congress on Engineering (WEA). :1–7.

Food safety policies have aim to promote and develop feeding and nutrition in society. This paper presents a system dynamics model that studies the dynamic behavior between transport infrastructure and the food supply chain in the city of Bogotá. The results show that an adequate transport infrastructure is more effective to improve the service to the customer in the food supply chain. The system dynamics model allows analyze the behavior of transport infrastructure and supply chains of fruits and vegetables, groceries, meat and dairy. The study has gone some way towards enhancing our understanding of food security impact, food supply chain and transport infrastructure.

Tonder, J. van, Poll, J. A. van der.  2015.  Cloud-based technologies for addressing long vehicle turnaround times at recycling mills. 2015 International Conference on Computing, Communication and Security (ICCCS). :1–8.

Transportation costs for road transport companies may be intensified by rising fuel prices, levies, traffic congestion, etc. Of particular concern to the Mpact group of companies is the long waiting times in the queues at loading and offloading points at three processing mills in the KZN (KwaZulu-Natal) province in South Africa. Following a survey among the drivers who regularly deliver at these sites, recommendations for alleviating the lengthy waiting times are put forward. On the strength of one of these recommendations, namely the innovative use of ICTs, suggestions on how cloud-based technologies may be embraced by the company are explored. In the process, the value added by a cloud-based supply chain, enterprise systems, CRM (Customer Relationship Management) and knowledge management is examined.