Posted on by Sakine Yalman, licensed under CC BY-ND 4.0.

Secure Life Cycle Assessment in Complex Supply Chains

In this post, Sakine explains her PhD research. This post has also been published on the Research and Innovation Blog of the University of Exeter.

Deciding My Research Focus

With the convergence of technologies such as real-time analytics, machine learning, and embedded systems, the use of smart devices is increasing rapidly. Smart devices, such as smartwatches, smartphones, or home automation gadgets, are used in a wide range of areas from control systems, automation systems to healthcare systems.

As I am curious and sensitive about my confidential data, I do always wonder how data collected by smart devices is used and how companies producing these smart devices ensure the confidentiality, privacy, and security of this data.

As you may know, it is not possible to solve all problems that you have in your mind in just one PhD! Therefore, I am focusing on what excites me the most!

Being Caught Between Protecting Confidential Data and Addressing the Environmental Concerns of Consumers

When I was reviewing literature, an interesting research article took my attention. It was including a subject that I knew nothing about called Life-Cycle Assessment (LCA).

As we can see in our daily lives, the environmental impact of products has become an increasingly important factor in buying decisions of customers, moreover, is also a growing concern of law makers. Hence, companies have an increased interest in determining the ecological footprint of their products. And LCA is a standardized method for computing the ecological footprint of a product. It evaluates the ecological sustainability of a product or service in a quantitative way, and its computation requires exhaustive and comprehensible information about industrial activities, from cradle to grave. This information can, e.g., include information about the production and delivery processes of partners within a supply chain. As this information can reveal the details of production processes that are often considered a trade secret, it is confidential. Moreover, collaborating actively within a supply chain can disclose business relationships, which can be confidential too!

So… After giving some background information, I would like to pose a question. If you were one of the companies placed in a supply chain, would you be interested in sharing your whole data or would you try to hide your confidential information?

Although companies are willing to determine the ecological footprint of their products, they are also concerned about how their confidential data is used in computations/operations and shared with the public or other competitive companies. As a result, security and confidentiality concerns are currently hindering both the collaboration within supply chains and precisely LCA.

What Do I Propose?

With my work, I try to provide a good balance of data protection needs and the availability of data. My work should make it possible to analyse data while preserving privacy of data.

In the first year of my PhD, I developed a hierarchical method for confidential computations within a business network such as supply chains. I applied my method to LCA, which ensures the confidentiality of data (e.g., information about details of production processes) and meta-data (e.g., supplier-consumer relationships). In contrast to traditional LCA, in my approach, I decompose LCA into “levels” in a recursive way which enables us to apply secure multi-party computation (SMPC) in an efficient way in complex supply chains.

In my second year, I plan to extend my approach to focus on the formal privacy analysis of smart devices used in business networks.

Welcome to the blog of the Software Assurance & Security Research Team at the University of Exeter. We blog regularly news, tips & tricks, as well as fun facts about software assurance, reliability, security, testing, verification, hacking, and logic.

You can also follow us on Twitter: @logicalhacking.




academia ai android apidesign appsec bitcoin blockchain bpmn browser browserextensions browsersecurity bug certification chrome composition cordova dast devops devsecops dom dsbd efsm epsrc event extensions fixeffort floss formaldocument formalmethods funding hol-ocl hol-testgen humanfactor hybridapps iast industry internetofthings iot isabelle/hol isabelledof isadof latex logic maintance malicous mbst mobile mobile apps modelinference modeling monads monitoring msc ocl ontology opensource owasp patches pet phd phdlife phishing policy protocols publishing reliability research safelinks safety sap sast sdlc secdevops secureprogramming security securityengineering securitytesting semantics servicecomposition skills smartcontract smartthings softwareeinginering softwaresecurity softwaresupplychain solidity staff&positions statemachine studentproject tcb test&proof testing tips&tricks tools transport tuos uk uoe upgrade usability verification vulnerabilities vulnerableapplication webinar websecurity


blog whole site