Abstract
Information security is very important and critical indicator of reliability and efficiency of modern information systems. Violation of information integrity and availability usually causes to financial and reputational losses and incorrect decision making for owners of information. This paper proposes some approaches to avoid these information threads with the restricted set of DML operations that are available to users of an ERP system. These approaches are based on an analysis of semantics of data modification operations in terms of ERP-system developers and ERP security system violators that results special rules of applying certain DML operations during data processing. The analysis allowed identifying potential losses that may be caused by unauthorized usage of DML operations like inserting incorrect and redundant information, erasing necessary information, information faking, erasing the traces of previous interventions into the ERP system, blocking database data objects etc. The proposed approach to adapting the database schema to store the whole history of data records processing as regular data provides elimination of these losses because of disallowing the UPDATE operation and controlling the ability to use the DELETE operation for different types of ERP-system users.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Alagic, S.: Relational Database Technology. Springer Science & Business Media (2012)
Bagiński, J., Rostański, M.: The modeling of business impact analysis for the loss of integrity, confidentiality and availability in business processes and data. Theor. Appl. Inform. 23, 73–82 (2011)
Banyal, R., Jain P., Jain V.: Multi-factor authentication framework for cloud computing. In: Fifth International Conference on Computational Intelligence, Modelling and Simulation (CIMSim), pp. 105–110 (2013)
Basharat, I., Azam, F., Muzaffar, A.W.: Database security and encryption: a survey study. Int. J. Comput. Appl. 47(12), 28–34 (2012)
Chaudhuri, S., Kaushik R., Ramamurthy R.: Database access control and privacy: is there a common ground? In: CIDR, pp. 96–103 (2011)
Daya, B.: Network security: History, importance, and future, vol. 4. Department of Electrical and Computer Engineering, University of Florida (2013)
Deutsch, D.R.: The SQL standard: how it happened. IEEE Ann. Hist. Comput. 35(2), 72–75 (2013)
Ferretti, L., Colajanni, M., Marchetti, M.: Supporting security and consistency for cloud database. In: Cyberspace Safety and Security, pp. 179–193. Springer, Heidelberg (2012)
Govinda, K., Nelge, P., Malwade, M.: Database audit over cloud environment using forensic analysis algorithm. Int. J. Eng. Technol. 5, 696–699 (2013)
Grabski, S.V., Leech, S.A., Schmidt, P.J.: A review of ERP research: a future agenda for accounting information systems. J. Inf. Syst. 25, 37–78 (2011)
Jain, S., Ingle, M.: Software security requirements gathering instrument. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 2(7) (2011)
Künzner, F., Petković, D.: A comparison of different forms of temporal data management. In: International Conference: Beyond Databases, Architectures and Structures, pp. 92–106. Springer, Cham (2015)
Pascu, C.: Security principles in ERP systems. J. Mob. Embed. Distrib. Syst. 5(1), 36–44 (2013)
Radhakrishna, V., Kumar, P.V., Janaki, V.: A survey on temporal databases and data mining. In: Proceedings of the International Conference on Engineering & MIS 2015, p. 52. ACM (2015)
Shoewu, O., Idowu, O.: A: development of attendance management system using biometrics. Pac. J. Sci. Technol. 13(1), 300–307 (2012)
Spears, J.L., Barki, H.: User participation in information systems security risk management. MIS Q. 503–522 (2010)
Tarasov, D., Andrukhiv, A.: Algorithms of the corporate information system’s protection analyses. In: Proceedings of the International Conference on Computer Science and Information Technologies (CSIT 2006), pp. 178–183 (2006)
Teixeira, A.: Attack models and scenarios for networked control systems. In: Proceedings of the 1st International Conference on High Confidence Networked Systems, pp. 55–64. ACM (2012)
Wang, M.T.: The design and implementation of enterprise management system based on ERP. Appl. Mech. Mater. 644, 6221–6224 (2014)
Wang, X.: Network database security detection and the realized management program design. Netinfo Secur. 2, 009 (2012)
Whitman, M.E., Mattord, H.J.: Principles of information security. Cengage Learning, Boston (2011)
Zhezhnych, P., Burak, T., Chyrka, O.: On the temporal access control implementation at the logical level of relational databases. In: XIth International Scientific and Technical Conference Computer Sciences and Information Technologies (CSIT), Lviv, Ukraine, pp. 84–87 (2016)
Zhezhnych, P., Peleschychyn, A.: Time aspects of information systems. In: Proceedings of the 9th International Conference on The Experience of Designing and Application of CAD Systems in Microelectronics (CADSM), pp. 530–533 (2007)
Zhezhnych, P., Tarasov, D.: Methods of data processing restriction in ERP systems. In: Proceedings of the 13th International Scientific and Technical Conference Computer Science and Information Technologies (CSIT 2018), Lviv, Ukraine (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Zhezhnych, P., Tarasov, D. (2019). On Restricted Set of DML Operations in an ERP System’s Database. In: Shakhovska, N., Medykovskyy, M. (eds) Advances in Intelligent Systems and Computing III. CSIT 2018. Advances in Intelligent Systems and Computing, vol 871. Springer, Cham. https://doi.org/10.1007/978-3-030-01069-0_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-01069-0_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01068-3
Online ISBN: 978-3-030-01069-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)