Artificial Intelligence and Supply Chain Management: A literature review

openIl presente elaborato si propone di analizzare l’affascinante ed intricata intersezione dei due campi dell’intelligenza artificiale (IA) e della supply chain (SC), in modo da esplorarne il potenziale impatto e chiarire come le organizzazioni possono sfruttare queste tecnologie. Gli ultimi progressi e le recenti rivoluzioni hanno infatti reso evidente le capacità ed i potenziali benefici di tali strumenti, sottolineandone l’indispensabile integrazione all’interno delle aziende che vogliono aumentare l’efficienza operativa ed ottenere un vantaggio competitivo. Questo fenomeno è particolarmente enfatizzato dalla crescente complessità nel gestire catene di fornitura in un ambiente commerciale sempre più competitivo, come dimostrato anche dalla recente pandemia di Covid-19. L’IA e le altre tecnologie emergenti possono dunque creare una simbiosi ottimale per il contesto odierno, portando numerosi benefici sia in termini di costo, produttività ed efficienza. Nonostante il crescente interesse per l’argomento e la graduale implementazione di questi strumenti innovativi all’interno delle aziende, permane una carenza di ricerca fatta su questo fronte. Questo studio ha dunque l’obbiettivo di colmare alcune lacune esistenti nelle pubblicazioni disponibili ad oggi, esaminando 518 articoli di ricerca pubblicati tra il 1999 ed il 2023 dal database di Scopus. Il lavoro è strutturato come segue: Nel primo capitolo introduttivo vengono presentati i due concetti chiave dell’Intelligenza Artificiale e del Supply Chain Management. Nel secondo capitolo viene fornita una panoramica sull’importanza dell’intersezione di queste due aree e del come la letteratura corrente ha affrontato questo argomento. Il terzo capitolo è dedicato alla metodologia e spiega come è stato costruito il database di articoli e come è stato visualizzato ed analizzato tramite l’utilizzo del software VOSviewer e dell’analisi bibliometrica. Nel quarto capitolo vengono presentati i risultati della ricerca tramite l’analisi delle tre mappe create con l’apposito software. L’ultimo capitolo riporta le principali conclusioni derivabili da questo elaborato, rimarcando l’importanza dell’argomento trattato e sottolineando le limitazioni del presente studio, nonché le possibili direzioni per i ricercatori futuri.This thesis aims to analyse the fascinating and intricate intersection of the two fields of artificial intelligence (AI) and supply chain (SC), in order to explore their potential impact and clarify how organizations can leverage these technologies. Recent advancements and revolutions have indeed highlighted the capabilities and potential benefits of such tools, underscoring their essential integration within companies seeking to enhance operational efficiency and gain a competitive advantage. This phenomenon is particularly emphasized by the growing complexity of managing supply chains in an increasingly competitive business environment, as demonstrated by the recent Covid-19 pandemic. AI and other emerging technologies can thus create an optimal symbiosis for the nowadays context, yielding numerous benefits in terms of cost, productivity, and efficiency. Despite the growing interest in the topic and the gradual implementation of these innovative tools within companies, there remains a research gap in this area. Therefore, this study aims to fill some of the existing voids in the available literature, examining 518 research articles published between 1999 and 2023 from the Scopus database. The work is structured as follows: The first introductory chapter presents the two key concepts of Artificial Intelligence and Supply Chain Management. The second chapter provides an overview of the importance of these two areas and how the current literature has addressed this topic. The third chapter is dedicated to the methodology and explains how the database of articles was constructed and how it was visualized and analysed using the VOSviewer software and bibliometric analysis. The fourth chapter presents the research results through the analysis of the three maps created with the software. The final chapter outlines the main conclusions drawn from this paper, emphasizing the significance of the treated topic and highlighting the limitations of the present study, as well as suggesting potential directions for future researchers

Sub-session hijacking on the web: Root causes and prevention

Since cookies act as the only proof of a user identity, web sessions are particularly vulnerable to session hijacking attacks, where the browser run by a given user sends requests associated to the identity of another user. When n > 1 cookies are used to implement a session, there might actually be n sub-sessions running at the same website, where each cookie is used to retrieve part of the state information related to the session. Sub-session hijacking breaks the ideal view of the existence of a unique user session by selectively hijacking m sub-sessions, with m < n. This may reduce the security of the session to the security of its weakest sub-session. In this paper, we take a systematic look at the root causes of sub-session hijacking attacks and we introduce sub-session linking as a possible defense mechanism. Out of two flavors of sub-session linking desirable for security, which we call intra-scope and inter-scope sub-session linking respectively, only the former is relatively smooth to implement. Luckily, we also identify programming practices to void the need for inter-scope sub-session linking. We finally present Warden, a server-side proxy which automatically enforces intra-scope sub-session linking on incoming HTTP(S) requests, and we evaluate it in terms of protection, performances, backward compatibility and ease of deployment

Security Protocol Specification and Verification with AnBx

Designing distributed protocols is complex and requires actions at very different levels: from the design of an interaction flow supporting the desired application-specific guarantees, to the selection of the most appropriate network-level protection mechanisms. To tame this complexity, we propose AnBx, a formal protocol specification language based on the popular Alice & Bob notation. AnBx offers channels as the main abstraction for communication, providing different authenticity and/or confidentiality guarantees for message transmission. AnBx extends existing proposals in the literature with a novel notion of forwarding channels, enforcing specific security guarantees from the message originator to the final recipient along a number of intermediate forwarding agents. We give a formal semantics of AnBx in terms of a state transition system expressed in the AVISPA Intermediate Format. We devise an ideal channel model and a possible cryptographic implementation, and we show that, under mild restrictions, the two representations coincide, thus making AnBx amenable to automated verification with different tools. We demonstrate the benefits of the declarative specification style distinctive of AnBx by revisiting the design of two existing e-payment protocols, iKP and SET

CCSP: Controlled relaxation of content security policies by runtime policy composition

Content Security Policy (CSP) is a W3C standard designed to prevent and mitigate the impact of content injection vulnerabilities on websites by means of browser-enforced security policies. Though CSP is gaining a lot of popularity in the wild, previous research questioned one of its key design choices, namely the use of static white-lists to define legitimate content inclusions. In this paper we present Compositional CSP (CCSP), an extension of CSP based on runtime policy composition. CCSP is designed to overcome the limitations arising from the use of static white-lists, while avoiding a major overhaul of CSP and the logic underlying policy writing. We perform an extensive evaluation of the design of CCSP by focusing on the general security guarantees it provides, its backward compatibility and its deployment cost. We then assess the potential impact of CCSP on the web and we implement a prototype of our proposal, which we test on major websites. In the end, we conclude that the deployment of CCSP can be done with limited efforts and would lead to significant benefits for the large majority of the websites

Semantics-based analysis of content security policy deployment

Content Security Policy (CSP) is a recentW3C standard introduced to prevent and mitigate the impact of content injection vulnerabilities on websites. In this article, we introduce a formal semantics for the latest stable version of the standard, CSP Level 2. We then perform a systematic, large-scale analysis of the effectiveness of the current CSP deployment, using the formal semantics to substantiate our methodology and to assess the impact of the detected issues. We focus on four key aspects that affect the effectiveness of CSP: browser support,website adoption, correct configuration, and constant maintenance. Our analysis shows that browser support for CSP is largely satisfactory, with the exception of a few notable issues. However, there are several shortcomings relative to the other three aspects. CSP appears to have a rather limited deployment as yet and, more crucially, existing policies exhibit a number of weaknesses and misconfiguration errors. Moreover, content security policies are not regularly updated to ban insecure practices and remove unintended security violations. We argue that many of these problems can be fixed by better exploiting the monitoring facilities of CSP, while other issues deserve additional research, being more rooted into the CSP design

Dr Cookie and Mr Token - Web session implementations and how to live with them

The implementation of web sessions is a somewhat anarchic and largely unstructured process. Our goal with the present paper is to provide a disciplined perspective of which are the relative strengths and weaknesses of the most common techniques to implement web sessions, with a particular focus on their security. We clarify common misconceptions in the recent "cookies vs tokens" debate and we propose a more useful classification of web session implementations, based on where session information and session credentials are stored. We then propose a new implementation technique for web sessions which combines the strengths of existing web technologies to overcome their weaknesses and we successfully deploy our solution on top of WordPress and the Auth0 library for web authentication to demonstrate its feasibility

Italian Guidelines in diagnosis and treatment of alopecia areata

Alopecia areata (AA) is an organ-specific autoimmune disorder that targets anagen phase hair follicles. The course is unpredictable and current available treatments have variable efficacy. Nowadays, there is relatively little evidence on treatment of AA from well-designed clinical trials. Moreover, none of the treatments or devices commonly used to treat AA are specifically approved by the Food and Drug Administration. The Italian Study Group for Cutaneous Annexial Disease of the Italian Society of dermatology proposes these Italian guidelines for diagnosis and treatment of Alopecia Areata deeming useful for the daily management of the disease. This article summarizes evidence-based treatment associated with expert-based recommendations