We proudly organised the WSNSCM workshop related to the integration of Wireless Sensor Networks into Supply Chain Management systems. This workshop has been held jointly with the NetWare conference, in Saint Laurent du Var, France, from the 21st to the 27th of August. (http://www.iaria.org/conferences2011/WSNSCM.html).
With the growing pressure from regulations to enhance security, while needing to control and lower the costs, Supply Chain Management (SCM) has to face an end-to-end problematic: the proper modeling of complete supply chain, while including relevant security requirements, and leveraging real world information to both assess the security level and enforce the security requirements. In this context, sensors and RFIDs appear as an important assets for securing and optimizing of Supply Chain Management Systems. We have already identified important challenges that need to be addressed, and this will allow us to drive this workshop towards a constructive outcome, as listed on the topics:
These challenges require identified experts from fields which are not necessarily correlated (SCM and WSNs). Our workshop will close this gap. These issues are also inline with the EU roadmap, with their planned call for proposals in 2012 for a 40 M euros research demonstration project on this topic.
The WSNSCM workshop provides a constructive environment to reach a stimulating and productive interaction between researchers and industrial partners who work on very different aspects for the integration of WSNs and RFIDs for secure SCMs. The workshop intended to identify issues, methodologies and directions for future research, together with experience of industrial partners and encourage cooperation in this areas.
The three following publications attracted our attention:
1. Trabelsi S. and Boasso L., The KPI-Based Reputation Policy Language
Trust policy languages are implemented to express the trust requirements of the users. These requirements are represented by a set of rules specifying the necessary conditions that should be fulfilled by an entity in order to gain the trust of the evaluator. Most of the known trust policy languages are designed to express credential, authorization and access control requirements for the trust establishment. The credential based approach represents only one aspect of trust. The other main aspects like reputation and recommendation are not covered by these policy languages. In this paper we propose a new policy language for expressing trust requirements for reputation models, and particularly for the KPI-based reputation model in a supply chain scenario.
2. Khalfaoui M. and Elkhiyaoui K. and Molva R., Privacy Preserving Products Tracking in Clustered Supply Chain
One of the main applications of supply chain management is product tracking. We deﬁne it as tracing the product path along the supply chain. In this paper, we propose a solution to track the product while preserving the privacy of the supply chain actors involved and the path traced. More precisely, this solution allows to identify which path a product has taken in the supply chain, without disclosing sensitive information. To allow product tracking, the product are attached to a sensor node. This latter stores a trace of the product path along the supply chain. The trace is computed using polynomial based signature techniques. We restrict the visibility of the manager of the supply chain by organizing the supply chain facilities into clusters. Also, we encrypt the path traces to ensure security against adversaries. To perform access control in the sensor nodes we use randomized Rabin scheme which is known for being efﬁcient and lightweight. In this paper, sensor nodes are not required to perform heavy computation, which makes our solution feasible. The main achievement of this work is a cryptographic mechanism that allows to the supply chain manager to trace the supply chain entities that product went through, without disclosing the identity of those entities.
3. Serme G. and Idrees M.S. Adaptive, Security on Service-based SCM Control System
On a large-scale application subject to dynamic interactions, the description and enforcement of security rules are complex tasks to handle, as they involve heterogeneous entities that do not have the same capabilities. In the context of SCM-application for example, we have different goods that are being transported across different systems. At one point, items and systems communicate together to signal presence, report issues during transport, certify validity of previous checks, etc. Security capabilities of the involved parties are heterogeneous and one might want to specify security policies on an abstract level and let the involved systems enforce them according to their contexts and the speciﬁc capabilities of each party. In this paper, we propose a framework for security mechanisms adaptation when services are involved by using Aspect-Oriented-Programming (AOP) concepts that can be applied to SCM applications. The novelty is the expressivity of security policy at a global level and the enforcement at a local level, through a speciﬁc and distributed aspect model that has a larger semantic to catch up events relevant for business usage and dedicated to security concerns.