Modeling and evaluating information leakage caused by inferences in supply chains

Abstract

While information sharing can benefit supply chains significantly, it may also have an adverse effect, namely, information leakage. A limitation common to many existing solutions for preventing information leakage in supply chains is that they rely, either implicitly or explicitly, upon two unrealistic assumptions. First, what information is confidential is well known. Second, confidential information will not be revealed, if only it is not shared, regardless of how much other information is being shared. As we shall show in this paper, those assumptions are not always true due to potential information leakage caused by inferences. Specifically, we propose a conceptual model of such information leakage. The model will enable companies in a supply chain to better understand how their confidential information may be leaked through inferences. On the basis of the proposed conceptual model, we then devise a quantitative approach to evaluating the risk of information leakage caused by inferences when a given amount of information is shared. The quantitative approach will allow companies in a supply chain to measure and consequently mitigate the risk of information leakage. Finally, we discuss a case study to illustrate how the proposed approaches work in practice.