ABSTRACT Bell-LaPadula Model and Markov Chain Model are used for supply chain networks in the previous literature. However, Bell-LaPadula Model only considers the confidentiality aspect of security. Markov Chain Model is used to simulate the dynamics of the states. In a typical supply chain network, the integrity of business transactions should be as important as confidentiality of those transactions. The purpose of this paper is to apply Clark-Wilson model to the supply chain network integrity. The major concepts of the Clark-Wilson model such as separation of duty, constrained data items, well-formed transactions, and transform procedures are applied to different situations of a supply chain network. INTRODUCTION A supply chain is a sequence of processes that take place between customers, manufacturers/distributors and suppliers (Chopra & Meindl, 2006). Narrow definition of supply chain network, or suppliers relationship management (SRM) is limited to the management of relationship between suppliers and manufacturers (or retail-chain distributors). The broader definition of a supply chain network includes all the parties from customers to suppliers. Therefore, it further includes customer relationship management (CRM), warehousing, production, and product design. Most textbooks use the broader definition for supply chain management. Today most large manufacturers such as General Motor or retail-chain distributors such as Wal-Mart are in the form of supply chain networks. One of the major goals of supply chain management is to minimize the total system costs from customers to suppliers so it can attract and retain customers in a competitive environment. Another major goal of supply chain management is to achieve the efficiency of supply chain network so it can meet the philosophy of just-in-time manufacturing/delivery. The efficiency of a supply chain network is relied on the success of the supply network software system and IT infrastructure. A broader supply chain network system includes Enterprise Resources Planning (ERP) and Customer Relationship Management (CRM) systems. The Intranet or extranet are examples for IT infrastructure for the supply chain network. Another important issue of a supply chain network is the of the system. In a supply chain network, most suppliers may have conflict of interests so the integrity and confidentially of the is important in a supply chain network. Chen et. al. (2006) proposed the application of Bell-LaPadula model in the design of a supply chain network. In the Bell-LaPadula model a subject has a clearance and an object has a classification. The goal of the Bell-LaPadula model is to prevent read access to objects at a classification higher than the subject's clearance (Bishop, 2003). However, the Bell-LaPadula Model only considers the confidentiality aspect of security. In a typical supply chain network, the integrity of business transactions should be as important as confidentiality of those transactions. The Clark-Wilson model is one of the models for integrity for a business environment. This paper attempts to model the on a supply chain network using the Clark-Wilson Model by applying the major concepts such as separation of duty and transformation procedures (TP) in different supply chain situations. LITERATURE REVIEW Information Security The word information is defined as Knowledge obtained from investigation, study, or instruction; Intelligence, News; Facts, Data (Merriam-Webster Online, 2006). And the word security is defined as measures taken to guard against espionage or sabotage, crime, attack, or escape. Therefore, after combine these two definitions, can be defined as measures, for which knowledge obtained from investigation, study, or instruction; intelligence, news taken to guard against espionage or sabotage, crime, attack, or escape. …
Read full abstract