Добірка наукової літератури з теми "Software Supply Chain Attacks"

Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями

Оберіть тип джерела:

Ознайомтеся зі списками актуальних статей, книг, дисертацій, тез та інших наукових джерел на тему "Software Supply Chain Attacks".

Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.

Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.

Статті в журналах з теми "Software Supply Chain Attacks"

1

Martínez, Jeferson, and Javier M. Durán. "Software Supply Chain Attacks, a Threat to Global Cybersecurity: SolarWinds’ Case Study." International Journal of Safety and Security Engineering 11, no. 5 (October 31, 2021): 537–45. http://dx.doi.org/10.18280/ijsse.110505.

Повний текст джерела
Анотація:
Exploitation of a vulnerability that compromised the source code of the Solar Winds’ Orion system, a software that is used widely by different government and industry actors in the world for the administration and monitoring of networks; brought to the fore a type of stealth attack that has been gaining momentum: supply chain attacks. The main problem in the violation of the software supply chain is that, from 85% to 97% of the code currently used in the software development industry comes from the reuse of open source code frameworks, repositories of third-party software and APIs, creating potential vulnerabilities in the development cycle of a software product. This research analyzes the SolarWinds case study from an exploratory review of academic literature, government information, but also from the articles and reports that are published by different cybersecurity consulting firms and software providers. Then, a set of good practices is proposed such as: Zero trust, Multi-Factor authentication mechanisms (MFA), strategies such as SBOM and the recommendations of the CISA guide to defend against this type of attack. Finally, the research discusses about how to improve response times and prevention against this type of attacks, also future research related to the subject is suggested, such as the application of Machine Learning and Blockchain technologies. Additionally for risk reduction, in addition to the management and articulation of IT teams that participate in all the actors that are part of the software life cycle under a DevSecOps approach.
Стилі APA, Harvard, Vancouver, ISO та ін.
2

Куликов, Сергей Сергеевич, Владимир Иванович Белоножкин, and Николай Алексеевич Ююкин. "ANALYSIS OF INFORMATION SECURITY THREATS, ASSOCIATED WITH SUPPLY CHAIN ATTACKS." ИНФОРМАЦИЯ И БЕЗОПАСНОСТЬ, no. 1(-) (April 5, 2022): 135–40. http://dx.doi.org/10.36622/vstu.2022.25.1.011.

Повний текст джерела
Анотація:
В данной статье представлен анализ угроз информационной безопасности, связанных с атаками на цепи поставок, которые могут использоваться для нарушения информационной безопасности организации без прямых воздействий на ее информационно-технологическую инфраструктуру. В контексте информационной безопасности, атака на цепь поставки предполагает целенаправленные злоумышленные воздействия на активы поставщика с целью последующего нарушения информационной безопасности потребителя. Этот тип атак сегодня приобретает особую актуальность как наиболее эффективный среди всего множества угроз информационной безопасности ввиду принципиальных особенностей, существенно затрудняющих противодействие им: возможность злоумышленника по выбору наиболее незащищенного элемента для атаки, необходимость координации действий нескольких организационных структур для противодействия таким атакам, устранения последствий от их реализации и расследования их причин. Также приведен анализ научной, методической и технической литературы, описывающей сценарии известных атак на цепи поставок программного и аппаратного обеспечения. This article presents an analysis of information security threats associated with attacks on the supply chain, which can be used to violate the information security of an organization without direct impacts on its information technology infrastructure. In the context of information security, an attack on the supply chain involves targeted malicious impacts on the supplier's assets with the aim of further violating the consumer's information security. This type of attacks is becoming particularly relevant today as the most effective among all the many threats to information security due to the fundamental features that significantly complicate countering them: the possibility of choosing the most unprotected element of the chain for an attack, the need to coordinate the actions of several organizational structures to counter such attacks, eliminate the consequences of their implementation and investigate their causes. The analysis of scientific, methodological and technical literature describing scenarios of known attacks on the supply chain of software and hardware is also given.
Стилі APA, Harvard, Vancouver, ISO та ін.
3

Watney, Murdoch. "Cybersecurity Threats to and Cyberattacks on Critical Infrastructure: a Legal Perspective." European Conference on Cyber Warfare and Security 21, no. 1 (June 8, 2022): 319–27. http://dx.doi.org/10.34190/eccws.21.1.196.

Повний текст джерела
Анотація:
Over the years cybersecurity threats to and cyberattacks on the critical infrastructure by state and non-state actors have escalated in intensity and sophistication. Cyberattacks, such as the 2017 NotPetya ransomware attack, the 2020 SolarWinds software supply chain attack and the 2021 Colonial Pipeline ransomware attack, illustrate the vulnerability of critical infrastructure to cyberattacks. Most cyberattacks are committed across borders involving criminal hackers or state supported hackers. Furthermore, critical infrastructure is increasingly interconnected and interdependent. Connectivity brings about the risk of a cyberattack, demonstrated by the 2021 Colonial Pipeline ransomware attack. Interconnectedness also means that the compromise of one critical infrastructure asset can have a domino effect that degrades or disrupts others and results in cascading consequences across the economy and national security. Operational continuity is essential and this may have been one of the reasons why Colonial Pipeline paid a ransom to cyber-attackers. A cyberattack on the critical infrastructure of a state cannot be seen in isolation as the consequences of the attack may impact other states, this was illustrated by the 2017 WannaCry and NotPetya ransomware attacks. The level of sophistication of cyberattacks has increased over the years as shown by the 2020 SolarWinds software supply chain attack. The escalation of attacks has served as a catalyst for governments to address the risk to critical infrastructure. Countries need to have strong government bodies which supervise cybersecurity in their country and work together with their counterparts in other countries by sharing information regarding threats and attacks against critical infrastructure. The discussion focuses on the challenges that threats to and attacks on critical infrastructure present, the possible solutions a government may implement in addressing cyberattacks on critical infrastructure and the accountability of state and non-state actors of cyberattacks on critical infrastructure. The issues are discussed from a legal perspective.
Стилі APA, Harvard, Vancouver, ISO та ін.
4

Kaczorowski, Maya, Falcon Momot, George V. Neville-Neil, and Chris McCubbin. "OSS Supply-chain Security: What Will It Take?" Queue 20, no. 5 (October 31, 2022): 86–102. http://dx.doi.org/10.1145/3570923.

Повний текст джерела
Анотація:
While enterprise security teams naturally tend to turn their focus primarily to direct attacks on their own infrastructure, cybercrime exploits now are increasingly aimed at easier targets upstream. This has led to a perfect storm, since virtually all significant codebase repositories at this point include at least some amount of open-source software. But opportunities also abound there for the authors of malware. The broader cybercrime world, meanwhile, has noted that open-source supply chains are generally easy to penetrate. What's being done at this point to address the apparent risks?
Стилі APA, Harvard, Vancouver, ISO та ін.
5

Chetthamrongchai, Paitoon, Johnry Dayupay, Sevdie Alshiqi, Tawfeeq Abdulameer Hashim Alghazali, A. Heri Iswanto, Luigi Pio Leonardo Cavaliere, Ahmed Kateb Jumaah Al-Nussairi, Karrar Hatif Mohmmed, and Mustafa M. Kadhim. "Design a Mathematical Planning Approach to Optimize the Supply Chain Taking Into Account Uncertainties In Distributors." Foundations of Computing and Decision Sciences 47, no. 4 (December 1, 2022): 409–20. http://dx.doi.org/10.2478/fcds-2022-0022.

Повний текст джерела
Анотація:
Abstract With the globalization of markets and increasing competition in global markets, the attempts of organizations to survive in this market has increased and has resulted in the emergence of the philosophy of Supply Chain Management. There is uncertainty in the reliability of supply chain facilities for reasons such as natural disasters, terrorist attacks, labor errors, and weather conditions. Therefore, when making strategic decisions, the system will continue to operate with minimal damage. Over the course of this study, the uncertainty of supplier layers in the supply chain has been modeled. To meet that aim, the issue of supply chain, including producers, warehouses, suppliers and consumers are considered. To calculate the cost of breakdowns due to the non-functioning of distributors, the scenario-building method has been utilized. Finally, the desired model is solved with Gomez software and the results are presented. The result of the study demonstrate the efficiency of this model in the facility location decision-making in supply chains.
Стилі APA, Harvard, Vancouver, ISO та ін.
6

Zhou, Chencheng, Liudong Xing, Qisi Liu, and Honggang Wang. "Semi-Markov Based Dependability Modeling of Bitcoin Nodes Under Eclipse Attacks and State-Dependent Mitigation." International Journal of Mathematical, Engineering and Management Sciences 6, no. 2 (April 1, 2021): 480–92. http://dx.doi.org/10.33889/ijmems.2021.6.2.029.

Повний текст джерела
Анотація:
The block chain technology has immense potential in many different applications, including but not limited to cryptocurrencies, financial services, smart contracts, supply chains, healthcare services, and energy trading. Due to the critical nature of these applications, it is pivotal to model and evaluate dependability of the block chain-based systems, contributing to their reliable and robust operation. This paper models and analyzes the dependability of Bitcoin nodes subject to Eclipse attacks and state-dependent mitigation activities. Built upon the block chain technology, the Bitcoin is a peer-to-peer cryptocurrency system enabling an individual user to trade freely without the involvement of banks or any other types of intermediate agents. However, a node in the Bitcoin is vulnerable to the Eclipse attack, which aims to monopolize the information flow of the victim node. A semi-Markov process (SMP) based approach is proposed to model the Eclipse attack behavior and possible mitigation activities that may prevent the attack from being successful during the attack process. The SMP model is then evaluated to determine the steady-state dependability of the Bitcoin node. Numerical examples are provided to demonstrate the influence of the time to restart the Bitcoin software and time to detect and delete the malicious message on the Bitcoin node dependability.
Стилі APA, Harvard, Vancouver, ISO та ін.
7

Turjo, Manoshi Das, Mohammad Monirujjaman Khan, Manjit Kaur, and Atef Zaguia. "Smart Supply Chain Management Using the Blockchain and Smart Contract." Scientific Programming 2021 (September 28, 2021): 1–12. http://dx.doi.org/10.1155/2021/6092792.

Повний текст джерела
Анотація:
The manufacture of raw materials to deliver the product to the consumer in a traditional supply chain system is a manual process with insufficient data and transaction security. It also takes a significant amount of time, making the entire procedure lengthy. Overall, the undivided process is ineffective and untrustworthy for consumers. If blockchain and smart contract technologies are integrated into traditional supply chain management systems, data security, authenticity, time management, and transaction processes will all be significantly improved. Blockchain is a revolutionary, decentralized technology that protects data from unauthorized access. The entire supply chain management (SCM) will be satisfied with the consumer once smart contracts are implemented. The plan becomes more trustworthy when the mediator is contracted, which is doable in these ways. The tags employed in the conventional SCM process are costly and have limited possibilities. As a result, it is difficult to maintain product secrecy and accountability in the SCM scheme. It is also a common target for wireless attacks (reply attacks, eavesdropping, etc.). In SCM, the phrase “product confidentiality” is very significant. It means that only those who have been validated have access to the information. This paper emphasizes reducing the involvement of third parties in the supply chain system and improving data security. Traditional supply chain management systems have a number of significant flaws. Lack of traceability, difficulty maintaining product safety and quality, failure to monitor and control inventory in warehouses and shops, rising supply chain expenses, and so on, are some of them. The focus of this paper is on minimizing third-party participation in the supply chain system and enhancing data security. This improves accessibility, efficiency, and timeliness throughout the whole process. The primary advantage is that individuals will feel safer throughout the payment process. However, in this study, a peer-to-peer encrypted system was utilized in conjunction with a smart contract. Additionally, there are a few other features. Because this document makes use of an immutable ledger, the hacker will be unable to get access to it. Even if they get access to the system, they will be unable to modify any data. If the goods are defective, the transaction will be halted, and the customer will be reimbursed, with the seller receiving the merchandise. By using cryptographic methods, transaction security will be a feasible alternative for recasting these issues. Finally, this paper will demonstrate how to maintain the method with the maximum level of safety, transparency, and efficiency.
Стилі APA, Harvard, Vancouver, ISO та ін.
8

Johnson, Chris, and Maria Evangelopoulou. "Defending Against Firmware Cyber Attacks on Safety-Critical Systems." Journal of System Safety 54, no. 1 (April 1, 2018): 16–21. http://dx.doi.org/10.56094/jss.v54i1.83.

Повний текст джерела
Анотація:
In the past, it was not possible to update the underlying software in many industrial control devices. Engineering teams had to “rip and replace” obsolete components. However, the ability to make firmware updates has provided significant benefits to companies who use Programmable Logic Controllers (PLCs), switches, gateways and bridges, as well as an array of smart sensor/actuators. While these updates — which include security patches when vulnerabilities are identified in existing devices — can be distributed by physical media, they are increasingly downloaded over Internet connections. These mechanisms pose a growing threat to the cyber security of safety-critical applications, which is illustrated by recent attacks on safety-related infrastructures across the Ukraine. This paper explains how malware can be distributed within firmware updates. Even when attackers cannot reverse engineer the code necessary to disguise their attack, they can undermine a device by forcing it into a constant upload cycle in which the firmware installation never terminates. In this paper, we present means of mitigating the risks of firmware attacks on safety-critical systems as part of wider initiatives to secure national critical infrastructures. Technical solutions, including firmware hashing, must be augmented by organizational measures to secure the supply chain within individual plants, across companies and throughout safety-related industries.
Стилі APA, Harvard, Vancouver, ISO та ін.
9

Liu, Yuntao, Michael Zuzak, Yang Xie, Abhishek Chakraborty, and Ankur Srivastava. "Robust and Attack Resilient Logic Locking with a High Application-Level Impact." ACM Journal on Emerging Technologies in Computing Systems 17, no. 3 (May 11, 2021): 1–22. http://dx.doi.org/10.1145/3446215.

Повний текст джерела
Анотація:
Logic locking is a hardware security technique aimed at protecting intellectual property against security threats in the IC supply chain, especially those posed by untrusted fabrication facilities. Such techniques incorporate additional locking circuitry within an integrated circuit (IC) that induces incorrect digital functionality when an incorrect verification key is provided by a user. The amount of error induced by an incorrect key is known as the effectiveness of the locking technique. A family of attacks known as “SAT attacks” provide a strong mathematical formulation to find the correct key of locked circuits. To achieve high SAT resilience (i.e., complexity of SAT attacks), many conventional logic locking schemes fail to inject sufficient error into the circuit when the key is incorrect. For example, in the case of SARLock and Anti-SAT, there are usually very few (or only one) input minterms that cause any error at the circuit output. The state-of-the-art s tripped functionality logic locking (SFLL) technique provides a wide spectrum of configurations that introduced a tradeoff between SAT resilience and effectiveness. In this work, we prove that such a tradeoff is universal among all logic locking techniques. To attain high effectiveness of locking without compromising SAT resilience, we propose a novel logic locking scheme, called Strong Anti-SAT (SAS). In addition to SAT attacks, removal-based attacks are another popular kind of attack formulation against logic locking where the attacker tries to identify and remove the locking structure. Based on SAS, we also propose Robust SAS (RSAS) that is resilient to removal attacks and maintains the same SAT resilience and effectiveness as SAS. SAS and RSAS have the following significant improvements over existing techniques. (1) We prove that the SAT resilience of SAS and RSAS against SAT attack is not compromised by increase in effectiveness . (2) In contrast to prior work that focused solely on the circuit-level locking impact, we integrate SAS-locked modules into an 80386 processor and show that SAS has a high application-level impact. (3) Our experiments show that SAS and RSAS exhibit better SAT resilience than SFLL and their effectiveness is similar to SFLL.
Стилі APA, Harvard, Vancouver, ISO та ін.
10

Shinkar, Sonali V., and Dolly Thankachan. "SCMBQA: Design of a Customised SCM-Aware Sidechaining Model for QoS Enhancement under Attack Scenarios." International Journal on Recent and Innovation Trends in Computing and Communication 10, no. 1s (December 10, 2022): 200–212. http://dx.doi.org/10.17762/ijritcc.v10i1s.5824.

Повний текст джерела
Анотація:
Storing& processing data for supply chain management (SCM) systems requires design of high-security and quality of service (QoS) aware models. These modelsassist in improving traceability performance of SCM deployments via integration of transparent & distributed mechanisms. A wide variety of security models are proposed by researchers to perform these tasks, and it is observed that blockchain-based SCM implementations outperform other models in terms of security & QoS metrics.But most of these implementationsare general-purpose and do not incorporate SCM-specific consensus & mining rules. It is also observed that, mining speed& throughput performance of these blockchain-based implementations reduces exponentially w.r.t. number of SCM transactions. To resolve these issues, this paper discusses design of a novel Proof-of-Supply Chain (PoSC) based consensus model, which is specifically designed for sidechain based SCM deployments. The PoSC consensus model is used for high-efficiency SCM-based data storage and communication scenarios. The proposed PoSC consensus model is capable of resisting selfish mining, time jacking, and sybil attacks, which are targeted towards SCM deployments. The model uses temporal performance metrics of miner nodes, and combines them with relationship graphs to form an SCM miner rank. Based on this rank, miner nodes are selected, and their consensus responses are recorded. These responses are processed using an augmented deep learning model, that is trained over 8 different SCM implementations via machine learning. After successful mining, responses obtained from these miners are used to incrementally train the machine learning model which assists in continuous performance improvement. The SCMBQA model was tested on milk supply chain, agriculture supply chain, and electronic supply chain applications, in terms of computational speed, throughput, energy requirement, retrieval & verification delay, and storage requirements. It was observed that the proposed PoSC consensus was capable of improving the computational speed by 8.5%, reduce energy consumption by 4.9%, improve throughput by 9.6%, and reduce storage costs by 15.4% when compared with standard blockchain-based SCM consensus models. This is because the proposed model deploys an intelligent sidechaining approach, that is capable of optimizing number of generated sidechains via temporal QoS & security performance metrics. Due to use of smaller chain lengths, the proposed model is capable of integrating privacy-aware & secure approaches depending upon different SCM stages. Thus, distributor-level security models are different than retailer-level security models, which assists in context-sensitive block deployments. Due to use of PoSC, the proposed model was observed to be 99.5% resilient against internal and external attacks, which makes it useful for real-time SCM deployments.
Стилі APA, Harvard, Vancouver, ISO та ін.

Дисертації з теми "Software Supply Chain Attacks"

1

Vu, Duc Ly. "Towards Understanding and Securing the OSS Supply Chain." Doctoral thesis, Università degli studi di Trento, 2022. http://hdl.handle.net/11572/333508.

Повний текст джерела
Анотація:
Free and Open-Source Software (FOSS) has become an integral part of the software supply chain in the past decade. Various entities (automated tools and humans) are involved at different stages of the software supply chain. Some actions that occur in the chain may result in vulnerabilities or malicious code injected in a published artifact distributed in a package repository. At the end of the software supply chain, developers or end-users may consume the resulting artifacts altered in transit, including benign and malicious injection. This dissertation starts from the first link in the software supply chain, ‘developers’. Since many developers do not update their vulnerable software libraries, thus exposing the user of their code to security risks. To understand how they choose, manage and update the libraries, packages, and other Open-Source Software (OSS) that become the building blocks of companies’ completed products consumed by end-users, twenty-five semi-structured interviews were conducted with developers of both large and small-medium enterprises in nine countries. All interviews were transcribed, coded, and analyzed according to applied thematic analysis. Although there are many observations about developers’ attitudes on selecting dependencies for their projects, additional quantitative work is needed to validate whether behavior matches or whether there is a gap. Therefore, we provide an extensive empirical analysis of twelve quality and popularity factors that should explain the corresponding popularity (adoption) of PyPI packages was conducted using our tool called py2src. At the end of the software supply chain, software libraries (or packages) are usually downloaded directly from the package registries via package dependency management systems under the comfortable assumption that no discrepancies are introduced in the last mile between the source code and their respective packages. However, such discrepancies might be introduced by manual or automated build tools (e.g., metadata, Python bytecode files) or for evil purposes (malicious code injects). To identify differences between the published Python packages in PyPI and the source code stored on Github, we developed a new approach called LastPyMile . Our approach has been shown to be promising to integrate within the current package dependency management systems or company workflow for vetting packages at a minimal cost. With the ever-increasing numbers of software bugs and security vulnerabilities, the burden of secure software supply chain management on developers and project owners increases. Although automated program repair approaches promise to reduce the burden of bug-fixing tasks by suggesting likely correct patches for software bugs, little is known about the practical aspects of using APR tools, such as how long one should wait for a tool to generate a bug fix. To provide a realistic evaluation of five state-of-the-art APR tools, 221 bugs from 44 open-source Java projects were run within a reasonable developers’ time and effort.
Стилі APA, Harvard, Vancouver, ISO та ін.
2

Rueda, Guerrero María Ximena. "Robustness of complex supply chain networks to targeted attacks." Thesis, Massachusetts Institute of Technology, 2018. http://hdl.handle.net/1721.1/119719.

Повний текст джерела
Анотація:
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2018.
This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.
Cataloged from student-submitted PDF version of thesis.
Includes bibliographical references (pages 65-67).
In this thesis, we study the robustness of complex supply chain systems from a network science perspective. Through the simulation of targeted attacks to nodes and edges using different hierarchical measures from network science to select the most relevant components, we evaluate the extent to which local centrality measures can estimate the relevance of a node in maintaining the connectivity and the efficient communication across the network. We perform the experiments on two real-world supply chain data sets, and on an ensemble of networks generated from network growth models that share simple topological properties with the real-world networks. It is found that all models produce more robust networks than the data sets of choice. In addition, the removal of high average neighbor degree nodes seems to have little impact on the connectivity of the network, and a highly varying impact on the efficiency of the network. Finally, robustness against targeted node and edge removal is found to be more associated to the number of nodes and links in the network than to more complex network measures such as the degree distribution.
by María Ximena Rueda Guerrero.
M. Eng.
Стилі APA, Harvard, Vancouver, ISO та ін.
3

Holt, Christopher Michael Taylor 1968. "Supply chain simulator : an approach for development of software and methodology for simulation of supply chain management." Thesis, Massachusetts Institute of Technology, 1999. http://hdl.handle.net/1721.1/9495.

Повний текст джерела
Анотація:
Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Civil and Environmental Engineering, 1999.
Includes bibliographical references (leaves 94-97).
Many companies see how new strategies and technologies can enable more efficient and adaptive supply chains-but they struggle to understand how these technologies overlay with existing processes and personnel issues both during and after implementation. This thesis investigates the concept of a simulated environment where multiple constituents whether they are different parts of a company's organization or different companies within a supply chain-can come together to design and experiment with new supply chain structures. The thesis explores the argument that the supply chain can be simulated, and evaluates different approaches to developing such a simulation that would allow low-risk experimentation and accelerated learning for supply chain managers. The thesis begins with an executive summary that provides a high level treatment of the challenges and recommendations associated with supply chain simulation, then proceeds to present a definition of the elaborate interrelationships between companies, technologies and business processes that collectively shape an industry's supply chain. This is followed by a discussion of complexity theory and general simulation techniques that could be applicable to the development of a software simulation environment in this area. Then, a review of efforts to date to simulate management of the supply chain, including approach, resources required, and eventual results is followed by a recommendation and justification of the thesis' approach to supply chain simulation. Finally, operating methods are presented for development and management of the learning and decision-making processes required to best utilize the software. The conclusion of the thesis is that because of the emergence of new technologies, the supply chain can be simulated for practical experimentation and learning. It is apparent that significant supply chain performance improvement can be identified and quantified through simulation. The thesis recommends using agent-based modeling, specifically a software package called Swarm, as the software environment. The software should be supported by operating methods that can maximize its capabilities while encouraging the likelihood of adoption of solutions identified.
by Christopher Michael Taylor Holt.
M.Eng.
Стилі APA, Harvard, Vancouver, ISO та ін.
4

Sheinbein, Rachel Felice 1975. "Applying supply chain methodology to a centralized software licensing strategy." Thesis, Massachusetts Institute of Technology, 2004. http://hdl.handle.net/1721.1/34781.

Повний текст джерела
Анотація:
Thesis (M.B.A.)--Massachusetts Institute of Technology, Sloan School of Management; and, (S.M.)--Massachusetts Institute of Technology, Dept. of Civil and Environmental Engineering; in conjunction with the Leaders for Manufacturing Program at MIT, 2004.
Includes bibliographical references (p. 76).
Eleven percent of companies spend between $150K and $200K per year per engineer on software development tools and nine percent spend more than $200K, according to a Silicon Integration Initiative/Gartner/EE Times study from 2002. For Agilent Technologies, these costs result in spending tens of millions of dollars each year on software, and for Motorola, the costs are more than $100M each year. From the current trends in software spending, one can infer that companies will pay even more for software in the future, because the cost of the software itself is rising and because of the complexity of the technology needed for innovation. In order to understand whether the total spending on software is appropriate and necessary, Agilent sponsored this project to create a model that analyzes the trade-offs between the cost of software and the cost of software unavailability. The model treats software licenses as supplies to the development of a product, and thus, supply chain methodologies such as inventory (cost of licenses), stock outs (cost of unavailability) and service level are applied. The goal of the model is to minimize software costs while maintaining a satisfactory level of service. The thesis explains the model and then shows the results from applying it to four software products that Agilent currently uses. The results show that in the absence of this type of analysis, Agilent spends more than necessary for software licenses. In fact, Agilent can reduce costs by at least 5%. This model can be used by Agilent and other companies to optimize software purchases.
by Rachel Felice Sheinbein.
S.M.
M.B.A.
Стилі APA, Harvard, Vancouver, ISO та ін.
5

Tan, Chow Yin 1973. "Supply-chain software systems : current issues and imperatives in selection and implementation." Thesis, Massachusetts Institute of Technology, 1998. http://hdl.handle.net/1721.1/9932.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
6

Rouse, Vicki Henderson. "An Internship with Choice Systems, Inc., A Supply Chain Solution Software Company." Miami University / OhioLINK, 2006. http://rave.ohiolink.edu/etdc/view?acc_num=miami1146622914.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
7

Arunachalam, Raghu. "An agent based compositional framework for supply chain simulation." Thesis, University of Warwick, 2000. http://wrap.warwick.ac.uk/36393/.

Повний текст джерела
Анотація:
To survive in an ever increasing global and competitive marketplace, organisations are forging strategic alliances to gain a competitive advantage over their rivals. Consequently, it is now recognised that it is not sufficient to look at organisations in isolation, but view them in the wider context of the supply chain. In order to design arid manage supply chains it is necessary to understand and predict the behaviour of such systems. The ability to perform detailed studies of dynamic behaviour has made discrete event simulation (DES) an invaluable tool in the design and analysis of manufacturing systems. DES has been used to model individual stages of a supply chain, but rarely has it been applied comprehensively across the entire chain. The multi-faceted nature of supply chains makes the creation of a single model that represents all aspects of the chain difficult. A compositional framework, termed HerMIS (Heterogeneous Model Integration and Simulation), is proposed that allows pieces of a supply chain to not only be studied in isolation, but in the context of the other parts as well. Three requirements are identified for the development of HerMIS. These are: (1) to support a compositional approach so as to allow multi-facetted modelling, (2) to function in a distributed environment where models and information about them are distributed at different locations amongst various organisations, and (3) to provide an execution mechanism that allows the composite model to be simulated efficiently. A class based taxonomy of component models and their interaction is conceived that forms the basis of a representation scheme for composite modelling. An agent based paradigm that employs a collection of synthesis_agents and model_agents is devised to support the distributed operation of the framework. The synthesis_agents function as sources of knowledge for synthesising composite models and are used in conjunction with an interactive blackboard based system to guide the user in creating composite models. Each of the model_agents incorporate a discrete event model of a supply chain component, arid supports the distributed simulation of the composite model. Finally, a parallel discrete event simulation algorithm is proposed that enables the composite model to be simulated on a network of computer workstations. The algorithm is based on the optimistic PDES approach and takes into consideration some of the operating characteristics of a composite supply chain model.
Стилі APA, Harvard, Vancouver, ISO та ін.
8

Bredenkamp, Frederick van Biljon. "The development of a generic just-in-time supply chain optimisation software tool /." Link to the online version, 2005. http://hdl.handle.net/10019/980.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
9

Bredenkamp, F. v. B. "The development of a generic just-in-time supply chain optimisation software tool." Thesis, Stellenbosch : University of Stellenbosch, 2005. http://hdl.handle.net/10019.1/1920.

Повний текст джерела
Анотація:
The demand from modern day customers for quality products, supplied in any quantity and within a short lead-time, forces organisations to stock the correct amount of inventory in the correct locations in its supply chain. Establishing the correct inventory levels within an organisation’s supply chain is complicated by the various stochastic processes occurring in a supply chain. The thesis is aimed at the development of a generic Just-In-Time (JIT) supply chain optimisation software tool, whereby the correct inventory levels for an organisation can be determined. These inventory levels will ensure that the organisation will achieve a predefined customer service level at the minimum cost to the company. The tool was developed and satisfactory results were obtained using the Harmony Search Algorithm (HSA) for optimising the inventory levels.
Стилі APA, Harvard, Vancouver, ISO та ін.
10

Pippow, Ingo. "Software-Agenten in Distributionsnetzen : Potenziale vertikaler Informationsteilung zur Senkung von Transaktionskosten /." Wiesbaden : Dt. Univ.-Verl, 2004. http://www.gbv.de/dms/zbw/388109858.pdf.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.

Книги з теми "Software Supply Chain Attacks"

1

Enterprise software delivery: Bringing agility and efficiency to the global software supply chain. Upper Saddle River, NJ: Addison-Wesley, 2013.

Знайти повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
2

Stadtler, Hartmut. Supply Chain Management and Advanced Planning: Concepts, Models, Software and Case Studies. Berlin, Heidelberg: Springer Berlin Heidelberg, 2000.

Знайти повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
3

Hartmut, Stadtler, and Kilger Christoph 1965-, eds. Supply chain management and advanced planning: Concepts, models, software, and case studies. 2nd ed. Berlin ; New York: Springer, 2002.

Знайти повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
4

Stadtler, Hartmut. Supply Chain Management and Advanced Planning: Concepts, Models, Software and Case Studies. Berlin, Heidelberg: Springer Berlin Heidelberg, 2002.

Знайти повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
5

Valverde, Raul. Information systems reengineering for modern business systems: ERP, supply chain and e-commerce management solutions. Hershey, PA: Information Science Reference, 2012.

Знайти повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
6

Kang, Shu Gang. Multi-Agent Based Beam Search for Real-Time Production Scheduling and Control: Method, Software and Industrial Application. London: Springer London, 2013.

Знайти повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
7

Luo, Zongwei. Mechanism Design for Sustainability: Techniques and Cases. Dordrecht: Springer Netherlands, 2013.

Знайти повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
8

Kovalenko, Vladimir. Design of information systems. ru: INFRA-M Academic Publishing LLC., 2020. http://dx.doi.org/10.12737/987869.

Повний текст джерела
Анотація:
The tutorial discusses the design features of information systems (is) involved in the implementation of CALS technologies: MRP/MRPII/ERP systems, e-Commerce systems (B2B), supply chain management (SCM), customer relationship management (CRM), and decision support systems (OLAP). The issues of choosing the design technology, software tools for project development, building functional and information models in the environment of Business Studio, MS Visio, Elma, AllFusion Modeling Suite and Oracle Designer 10g, as well as the development of technical and operational documentation are highlighted. The characteristics of CASE technologies and their implementation in the Oracle Designer 10g environment are considered. A comparative analysis of the standards of the organization of the life cycle of creating and using IP, practical recommendations for the development of standard profiles, examples of the development of an IP project based on a cascading model of the life cycle, including using a process approach in the management and automation of processes. The models of the client — server architecture and the structure of cloud computing are considered. Modern approaches to the selection of ready-made is and their implementation in automated enterprises are studied in detail. Meets the requirements of the Federal state educational standards of higher education of the latest generation. It is intended for students (bachelors and specialists) and masters of higher educational institutions studying in the direction of "Applied Informatics". It is also recommended for teachers and specialists working in the field of information technology.
Стилі APA, Harvard, Vancouver, ISO та ін.
9

Supply Chain Forecasting Software. SCM Focus Press, 2012.

Знайти повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
10

Disclosure of Software Supply Chain Risks. RAND Corporation, 2022. http://dx.doi.org/10.7249/pea2072-1.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.

Частини книг з теми "Software Supply Chain Attacks"

1

Ohm, Marc, Henrik Plate, Arnold Sykosch, and Michael Meier. "Backstabber’s Knife Collection: A Review of Open Source Software Supply Chain Attacks." In Detection of Intrusions and Malware, and Vulnerability Assessment, 23–43. Cham: Springer International Publishing, 2020. http://dx.doi.org/10.1007/978-3-030-52683-2_2.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
2

Quante, Rainer, Herbert Meyr, and Moritz Fleischmann. "Revenue management and demand fulfillment: matching applications, models and software." In Supply Chain Planning, 57–88. Berlin, Heidelberg: Springer Berlin Heidelberg, 2009. http://dx.doi.org/10.1007/978-3-540-93775-3_3.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
3

Guillén-Gosálbez, Gonzalo, and Fengqi You. "Plant Location: Supply Chain Management." In Introduction to Software for Chemical Engineers, 669–80. Second edition. | Boca Raton, FL: CRC Press/Taylor & Francis: CRC Press, 2019. http://dx.doi.org/10.1201/9780429451010-16.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
4

Bick, Michael. "Einführungskonzept für Supply Chain Management Software am Beispiel von SAP APO." In Integriertes Supply Chain Management, 235–59. Wiesbaden: Gabler Verlag, 2002. http://dx.doi.org/10.1007/978-3-663-10380-6_12.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
5

Bick, Michael. "Einführungskonzept für Supply Chain Management Software am Beispiel von SAP APO." In Integriertes Supply Chain Management, 259–83. Wiesbaden: Gabler Verlag, 2004. http://dx.doi.org/10.1007/978-3-663-10381-3_13.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
6

Müller, Jörg P., Bernhard Bauer, Thomas Friese, Stephan Roser, and Roland Zimmermann. "Software Agents for Electronic Business: Opportunities and Challenges (2005 Re-mix)." In Multiagent based Supply Chain Management, 63–102. Berlin, Heidelberg: Springer Berlin Heidelberg, 2006. http://dx.doi.org/10.1007/978-3-540-33876-5_3.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
7

Hanne, Thomas, and Rolf Dornberger. "Intelligent Software for Logistics." In Computational Intelligence in Logistics and Supply Chain Management, 153–69. Cham: Springer International Publishing, 2016. http://dx.doi.org/10.1007/978-3-319-40722-7_7.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
8

Hanne, Thomas, and Rolf Dornberger. "Intelligente Software für die Logistik." In Computational Intelligence in Logistik und Supply Chain Management, 163–80. Cham: Springer International Publishing, 2023. http://dx.doi.org/10.1007/978-3-031-21452-3_7.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
9

Kortus-Schultes, Doris, and Ute Ferfer. "Beschleunigungsfaktoren im Management von Supply Chains: Software-Werkzeuge." In Logistik und Marketing in der Supply Chain, 77–79. Wiesbaden: Gabler Verlag, 2005. http://dx.doi.org/10.1007/978-3-322-82301-4_8.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
10

Espinoza-Mejía, Mauricio, Víctor Saquicela, and Victoria Abril-Ulloa. "Ensuring Traceability and Orchestration in the Food Supply Chain." In Artificial Intelligence, Computer and Software Engineering Advances, 135–49. Cham: Springer International Publishing, 2021. http://dx.doi.org/10.1007/978-3-030-68080-0_10.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.

Тези доповідей конференцій з теми "Software Supply Chain Attacks"

1

Hossain Faruk, Md Jobair, Masrura Tasnim, Hossain Shahriar, Maria Valero, Akond Rahman, and Fan Wu. "Investigating Novel Approaches to Defend Software Supply Chain Attacks." In 2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW). IEEE, 2022. http://dx.doi.org/10.1109/issrew55968.2022.00081.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
2

Wang, Xinyuan. "On the Feasibility of Detecting Software Supply Chain Attacks." In MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM). IEEE, 2021. http://dx.doi.org/10.1109/milcom52596.2021.9652901.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
3

Ohm, Marc, Arnold Sykosch, and Michael Meier. "Towards detection of software supply chain attacks by forensic artifacts." In ARES 2020: The 15th International Conference on Availability, Reliability and Security. New York, NY, USA: ACM, 2020. http://dx.doi.org/10.1145/3407023.3409183.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
4

Vu, Duc Ly, Ivan Pashchenko, Fabio Massacci, Henrik Plate, and Antonino Sabetta. "Towards Using Source Code Repositories to Identify Software Supply Chain Attacks." In CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security. New York, NY, USA: ACM, 2020. http://dx.doi.org/10.1145/3372297.3420015.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
5

Coram, Michael. "Anatomy of a Software Supply Chain Attack." In Proposed for presentation at the NLIT Summit 2020 held October 13-16, 2020 in virtual, virtual, virtual. US DOE, 2020. http://dx.doi.org/10.2172/1825030.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
6

Masum, Mohammad, Mohammad Nazim, Md Jobair Hossain Faruk, Hossain Shahriar, Maria Valero, Md Abdullah Hafiz Khan, Gias Uddin, et al. "Quantum Machine Learning for Software Supply Chain Attacks: How Far Can We Go?" In 2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC). IEEE, 2022. http://dx.doi.org/10.1109/compsac54236.2022.00097.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
7

Yan, Dapeng, Yuqing Niu, Kui Liu, Zhe Liu, Zhiming Liu, and Tegawende F. Bissyande. "Estimating the Attack Surface from Residual Vulnerabilities in Open Source Software Supply Chain." In 2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS). IEEE, 2021. http://dx.doi.org/10.1109/qrs54544.2021.00060.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
8

Coufalikova, Aneta, Ivo Klaban, and Tomas Slajs. "Complex strategy against supply chain attacks." In 2021 International Conference on Military Technologies (ICMT). IEEE, 2021. http://dx.doi.org/10.1109/icmt52455.2021.9502768.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
9

Singi, Kapil, Jagadeesh Chandra Bose R P, Sanjay Podder, and Adam P. Burden. "Trusted Software Supply Chain." In 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 2019. http://dx.doi.org/10.1109/ase.2019.00141.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
10

Ludvigsen, Kaspar Rosager, Shishir Nagaraja, and Angela Daly. "Preventing or Mitigating Adversarial Supply Chain Attacks." In CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security. New York, NY, USA: ACM, 2022. http://dx.doi.org/10.1145/3560835.3564552.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.

Звіти організацій з теми "Software Supply Chain Attacks"

1

Visker, Edward R. Improving the DoD Supply Chain Can Commercial Supply Chain Management Software Do the Job"". Fort Belvoir, VA: Defense Technical Information Center, April 2000. http://dx.doi.org/10.21236/ada378230.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
2

Chu, Tsong-Lun, Athi Varuttamaseni, Joo-Seok Baek, and Susan Pepper. An Approach for Assessing Consequences of Potential Supply Chain and Insider Contributed Cyber Attacks on Nuclear Power Plants. Office of Scientific and Technical Information (OSTI), November 2016. http://dx.doi.org/10.2172/1329799.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
3

Chandramouli, Ramaswamy. Securing the Artifacts in Software Supply Chain for Building Cloud-Native Microservices Applications. Gaithersburg, MD: National Institute of Standards and Technology, 2023. http://dx.doi.org/10.6028/nist.sp.800-204d.ipd.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
4

Lindquist, Joachim, and Henning de Haas. Creating Supply Chain Resilience Through Scenario Planning: How a Digital Twin Can Be Used To Enhance Supply Chain Resilience Through Scenario Planning. Aarhus University Library, 2021. http://dx.doi.org/10.7146/aul.435.

Повний текст джерела
Анотація:
This book focusses on the concept of supply chain disruptions and how supply chain resilience can contribute to both preparing for and reacting to the event causing disruption. For building a digital twin of a supply chain, a software named Supply Chain Guru has been used. The software is a supply chain design tool which can be used for different kinds of supply chain network optimisation. The book outlines four scenarios: Covid-19 lockdown, Brexit without deal, Conflagration at a dairy and Political regulations on transport. The scenarios all contain a problem that needs to be solved. This problem is considered as the main disruption for the supply chain. Running the scenario in Supply Chain Guru, constraints are added to the AS-IS model. The constraints are identified as implications of the event in the scenarios. By adding the constraints and running the model, Supply Chain Guru identifies suggestions to solve the problems which were described. The solutions within the scenarios are held up against the theory of supply chain resilience, to describe how the scenario planning can be used to enhance supply chain resilience. Finally, the book discuss how scenario planning can be related to supply chain resilience as well as how scenario planning can be used to increase supply chain resilience.
Стилі APA, Harvard, Vancouver, ISO та ін.
5

Lohn, Andrew. Poison in the Well: Securing the Shared Resources of Machine Learning. Center for Security and Emerging Technology, June 2021. http://dx.doi.org/10.51593/2020ca013.

Повний текст джерела
Анотація:
Modern machine learning often relies on open-source datasets, pretrained models, and machine learning libraries from across the internet, but are those resources safe to use? Previously successful digital supply chain attacks against cyber infrastructure suggest the answer may be no. This report introduces policymakers to these emerging threats and provides recommendations for how to secure the machine learning supply chain.
Стилі APA, Harvard, Vancouver, ISO та ін.
6

Hicks, Julie, Laurin Yates, and Jackie Pettway. Mat Sinking Unit supply study : Mississippi River revetment. Engineer Research and Development Center (U.S.), September 2021. http://dx.doi.org/10.21079/11681/41867.

Повний текст джерела
Анотація:
The Mississippi Valley Division (MVD) has maintained the Mississippi River banks for over 80 years. The Mat Sinking Unit (MSU), built in 1946, was considered state-of-the-art at the time. This system is still in operation today and has placed over 1,000 miles of Articulated Concrete Mats along the Mississippi River from Head of Passes, LA, to Cairo, IL. A new MSU has been designed and is expected to be fully mission capable and operational by the 2023 season, which is expected to increase the productivity from 2,000 squares/day up to 8,000 squares/day with double shifts and optimal conditions. This MSU supply study identifies and optimizes the supply chain logistics for increased production rates from the mat fields to the MSU. The production rates investigated for this effort are 2,000 squares/day, 4,000 squares/day, and 6,000 squares/day. RiskyProject® software, which utilizes a Monte Carlo method to determine a range of durations, manpower, and supplies based on logical sequencing is used for this study. The study identifies several potential supply and demand issues with the increased daily production rates. Distance to casting fields, number of barges, and square availability are the major issues to supply increased placement rates identified by this study.
Стилі APA, Harvard, Vancouver, ISO та ін.
7

Coyner, Kelley, and Jason Bittner. Automated Vehicles and Infrastructure Enablers. SAE International, March 2022. http://dx.doi.org/10.4271/epr2022008.

Повний текст джерела
Анотація:
Manufacturers and developers of automated vehicles (AVs) often maintain that no new infrastructure enablers are needed to achieve full AV deployment aside from existing infrastructure investments (e.g., connected traffic signals, designated stops, booking software, mobile applications, separated lanes). These groups hold that a state-of-good-repair and clean lane markings are sufficient; however, much of the US receives poor grades when it comes to these features. What do infrastructure owners and operators need to know about what constitutes effective lane markings or what to prioritize in terms of safety and mobility? How do policy considerations effect these choices? Automated Vehicles and Infrastructure Enablers the first in a series on AVs and infrastructure—considers ways in which infrastructure can speed or delay deployment, mitigate hazards, and capture benefits related to AV roll-out. Some of these benefits include accessibility, safety, reduced climate impacts, and integrated supply chain logistics.
Стилі APA, Harvard, Vancouver, ISO та ін.
Ми пропонуємо знижки на всі преміум-плани для авторів, чиї праці увійшли до тематичних добірок літератури. Зв'яжіться з нами, щоб отримати унікальний промокод!

До бібліографії