Tianbo Lu

Next Big Thing in Big Data: The Security of the ICT Supply Chain

In contemporary society, with supply chains becoming more and more complex, the data in supply chains increases by means of volume, variety and velocity. Big data rise in response to the proper time and conditions to offer advantages for the nodes in supply chains to solve prewiously difficult problems. For any big data project to succeed, it must first depend on high-quality data but not merely on quantity. Further, it will become increasingly important in many big data projects to add external data to the mix and companies will eventually turn from only looking inward to also looking outward into the market, which means the use of big data must be broadened considerably. Hence the data supply chains, both internally and externally, become of prime importance. ICT (Information and Telecommunication) supply chain management is especially important as supply chain link the world closely and ICT supply chain is the base of all supply chains in todays world. Though many initiatives to supply chain security have been developed and taken into practice, most of them are emphasized in physical supply chain which is addressed in transporting cargos. The research on ICT supply chain security is still in preliminary stage. The use of big data can promote the normal operation of ICT supply chain as it greatly improve the data collecting and processing capacity and in turn, ICT supply chain is a necessary carrier of big data as it produces all the software, hardware and infrastructures for big datas collection, storage and application. The close relationship between big data and ICT supply chain make it an effective way to do research on big data security through analysis on ICT supply chain security. This paper first analyzes the security problems that the ICT supply chain is facing in information management, system integrity and cyberspace, and then introduces several famous international models both on physical supply chain and ICT supply chain. After that the authors describe a case of communication equipment with big data in ICT supply chain and propose a series of recommendations conducive to developing secure big data supply chain from five dimensions.

Security Analysis on Cyber-physical System Using Attack Tree

Cyber-Physical System (CPS) is a system of system which integrates physical system with cyber capability in order to improve the physical performance. It is being widely used in areas closely related to national economy and peoples livelihood, therefore CPS security problems have drawn a global attention and an appropriate risk assessment for CPS is in urgent need. Existing risk assessment for CPS always focuses on the reliability assessment, using Probability Risk Assessment (PRA). In this way, the assessment of physical part and cyber part is isolated as PRA is difficult to quantify the risks from the cyber world. Methodologies should be developed to assess the both parts as a whole system, considering this integrated system has a high coupling between the physical layer and cyber layer. In this paper, a risk assessment idea for CPS with the use of attack tree is proposed. Firstly, it presents a detailed description about the threat and vulnerability attributes of each leaf in an attack tree and tells how to assign value to its threat and vulnerability vector. Then this paper focuses on calculating the threat and vulnerability vector of an attack path with the use of the leaf vector values. Finally, damage is taken into account and an idea to calculate the risk value of the whole attack path is given.

Analysis of security standardization for IPTV

Internet Protocol Television (IPTV) is a critical service in converged networking environment. It promises to deliver a world of content and services to “any device, anywhere, anytime.” The number of global IPTV subscribers is expected to grow from 28 million in 2009 to 83 million in 2013, and the global IPTV market revenues are forecasted to grow from US

Research on Software Development Process Assurance Models in ICT Supply Chain Risk Management

12 billion in 2009 to US

Cyber-physical System Risk Assessment

38 billion in 2013. However, IPTV must offer secure and reliable delivery to subscribers of entertainment video and related services. This article discusses published specifications and ongoing activities on IPTV security in main standards organizations, including ITU-T IPTV FG, ETSI TISPAN, DVB, ATIS, OIPF and CCSA.

Towards Attacks and Defenses of Anonymous Communication Systems

Software assurance in software development process becomes an important part of ICT supply chains risk management, and also has been one of the most advanced information security technologies. Based on the researches of software assurance, this paper studies the development and current research of software security assurance in the background of software security being concerned by more and more people, then proposes a software security assurance model in software development process based on SDLC model, summarizes security activities during the development phase, analyzes the risk management of software assurance. Finally, the paper also indicates new research directions.