Architecture approach for ICT supply chain integrity

With the rapid pace of globalization and outsourcing, supply chain integrity of ICT system is gaining more and more attentions. Integrity of ICT Supply Chain has a slightly different focus from network security. Due to the increasing complexity and formidable cost and timing, it´s by no means enough to guarantee the integrity of a modern ICT product through technical testing and vendor screening. An architectural approach, named as Architectural Solution Integration (ASI), has been proposed to improve the supply chain integrity during the topology design stage of ICT systems. In this paper, the architecture design methodology for ASI is proposed. Supplier trust model and supply chain integrity model are established with an algorithm based on ranked attack graph to quantitatively evaluate the integrity of ICT supply chain. Finally, a case study is presented to demonstrate the feasibility of the proposed ICT supply chain integrity model and evaluation algorithm, which are the key elements of the ASI approach.