Skip to main content
SpringerLink
Log in

On Restricted Set of DML Operations in an ERP System’s Database

  • Conference paper
  • First Online:
Advances in Intelligent Systems and Computing III (CSIT 2018)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 871))

Included in the following conference series:

Abstract

Information security is very important and critical indicator of reliability and efficiency of modern information systems. Violation of information integrity and availability usually causes to financial and reputational losses and incorrect decision making for owners of information. This paper proposes some approaches to avoid these information threads with the restricted set of DML operations that are available to users of an ERP system. These approaches are based on an analysis of semantics of data modification operations in terms of ERP-system developers and ERP security system violators that results special rules of applying certain DML operations during data processing. The analysis allowed identifying potential losses that may be caused by unauthorized usage of DML operations like inserting incorrect and redundant information, erasing necessary information, information faking, erasing the traces of previous interventions into the ERP system, blocking database data objects etc. The proposed approach to adapting the database schema to store the whole history of data records processing as regular data provides elimination of these losses because of disallowing the UPDATE operation and controlling the ability to use the DELETE operation for different types of ERP-system users.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Alagic, S.: Relational Database Technology. Springer Science & Business Media (2012)

    Google Scholar 

  2. Bagiński, J., Rostański, M.: The modeling of business impact analysis for the loss of integrity, confidentiality and availability in business processes and data. Theor. Appl. Inform. 23, 73–82 (2011)

    Article  Google Scholar 

  3. Banyal, R., Jain P., Jain V.: Multi-factor authentication framework for cloud computing. In: Fifth International Conference on Computational Intelligence, Modelling and Simulation (CIMSim), pp. 105–110 (2013)

    Google Scholar 

  4. Basharat, I., Azam, F., Muzaffar, A.W.: Database security and encryption: a survey study. Int. J. Comput. Appl. 47(12), 28–34 (2012)

    Google Scholar 

  5. Chaudhuri, S., Kaushik R., Ramamurthy R.: Database access control and privacy: is there a common ground? In: CIDR, pp. 96–103 (2011)

    Google Scholar 

  6. Daya, B.: Network security: History, importance, and future, vol. 4. Department of Electrical and Computer Engineering, University of Florida (2013)

    Google Scholar 

  7. Deutsch, D.R.: The SQL standard: how it happened. IEEE Ann. Hist. Comput. 35(2), 72–75 (2013)

    Article  Google Scholar 

  8. Ferretti, L., Colajanni, M., Marchetti, M.: Supporting security and consistency for cloud database. In: Cyberspace Safety and Security, pp. 179–193. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  9. Govinda, K., Nelge, P., Malwade, M.: Database audit over cloud environment using forensic analysis algorithm. Int. J. Eng. Technol. 5, 696–699 (2013)

    Google Scholar 

  10. Grabski, S.V., Leech, S.A., Schmidt, P.J.: A review of ERP research: a future agenda for accounting information systems. J. Inf. Syst. 25, 37–78 (2011)

    Google Scholar 

  11. Jain, S., Ingle, M.: Software security requirements gathering instrument. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 2(7) (2011)

    Google Scholar 

  12. Künzner, F., Petković, D.: A comparison of different forms of temporal data management. In: International Conference: Beyond Databases, Architectures and Structures, pp. 92–106. Springer, Cham (2015)

    Google Scholar 

  13. Pascu, C.: Security principles in ERP systems. J. Mob. Embed. Distrib. Syst. 5(1), 36–44 (2013)

    Google Scholar 

  14. Radhakrishna, V., Kumar, P.V., Janaki, V.: A survey on temporal databases and data mining. In: Proceedings of the International Conference on Engineering & MIS 2015, p. 52. ACM (2015)

    Google Scholar 

  15. Shoewu, O., Idowu, O.: A: development of attendance management system using biometrics. Pac. J. Sci. Technol. 13(1), 300–307 (2012)

    Google Scholar 

  16. Spears, J.L., Barki, H.: User participation in information systems security risk management. MIS Q. 503–522 (2010)

    Article  Google Scholar 

  17. Tarasov, D., Andrukhiv, A.: Algorithms of the corporate information system’s protection analyses. In: Proceedings of the International Conference on Computer Science and Information Technologies (CSIT 2006), pp. 178–183 (2006)

    Google Scholar 

  18. Teixeira, A.: Attack models and scenarios for networked control systems. In: Proceedings of the 1st International Conference on High Confidence Networked Systems, pp. 55–64. ACM (2012)

    Google Scholar 

  19. Wang, M.T.: The design and implementation of enterprise management system based on ERP. Appl. Mech. Mater. 644, 6221–6224 (2014)

    Article  Google Scholar 

  20. Wang, X.: Network database security detection and the realized management program design. Netinfo Secur. 2, 009 (2012)

    Google Scholar 

  21. Whitman, M.E., Mattord, H.J.: Principles of information security. Cengage Learning, Boston (2011)

    Google Scholar 

  22. Zhezhnych, P., Burak, T., Chyrka, O.: On the temporal access control implementation at the logical level of relational databases. In: XIth International Scientific and Technical Conference Computer Sciences and Information Technologies (CSIT), Lviv, Ukraine, pp. 84–87 (2016)

    Google Scholar 

  23. Zhezhnych, P., Peleschychyn, A.: Time aspects of information systems. In: Proceedings of the 9th International Conference on The Experience of Designing and Application of CAD Systems in Microelectronics (CADSM), pp. 530–533 (2007)

    Google Scholar 

  24. Zhezhnych, P., Tarasov, D.: Methods of data processing restriction in ERP systems. In: Proceedings of the 13th International Scientific and Technical Conference Computer Science and Information Technologies (CSIT 2018), Lviv, Ukraine (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Social Communication and Information Activities, Lviv Polytechnic National University, Lviv, Ukraine

    Pavlo Zhezhnych & Dmytro Tarasov

Authors
  1. Pavlo Zhezhnych
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dmytro Tarasov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pavlo Zhezhnych .

Editor information

Editors and Affiliations

  1. Lviv Polytechnic National University, Lviv, Ukraine

    Natalia Shakhovska

  2. Institute of Computer Science and Information Technologies, Lviv Polytechnic National University, Lviv, Ukraine

    Mykola O. Medykovskyy

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhezhnych, P., Tarasov, D. (2019). On Restricted Set of DML Operations in an ERP System’s Database. In: Shakhovska, N., Medykovskyy, M. (eds) Advances in Intelligent Systems and Computing III. CSIT 2018. Advances in Intelligent Systems and Computing, vol 871. Springer, Cham. https://doi.org/10.1007/978-3-030-01069-0_19

Download citation

Publish with us

Policies and ethics

Search

Navigation