An Approach to Multiple Security System Development Using Database Schemas
Abstract
Information security is a key issue in an Enterprise Information System (EIS) development. It is important characteristic of the entire EIS and all EIS’s information subsystems. Information security effectiveness affects adequacy of enterprise decision making at all management levels and especially depends on database security. So, it is a good practice to develop a unified relational database for several subsystems of EIS. This paper discusses an approach to multiple security system development for several subsystems using one or several schemas of the unified database. The key peculiarity of the approach is an ability to evaluate “similarity” of database security systems. The “similar” database security systems should be united into the common security system, otherwise they must be separated. The “similarity” is calculated as weighted correlation between sets of user roles permissions defined as functional on sets of database tables, data operations and user roles. The proposed approach was tested on a production database of University Management Information System that allowed optimizing of its data access control through several database schemas. Also, the approach allows automation of determining the feasibility of creating new database schemas in the further development of the EIS.
Keywords
Database Database schema Information security Access control SQL Information systemReferences
- 1.Ben-Natan, R.: Implementing Database Security and Auditing: A Guide for DBA’s, Information Security Administrators and Auditors. Elsevier Digital Press, eBook, Burlington (2009)Google Scholar
- 2.Bender, G., Kot, L., Gehrke, J.: Explainable security for relational databases. In: Proceedings of the 2014 ACM SIGMOD International Conference on Management of Data, Snowbird, Utah, USA (2014). https://doi.org/10.1145/2588555.2593663
- 3.Bertino, E., Ghinita, G., Kamra, A.: Access control for databases: concepts and systems. Found. Trends® Databases 3(1–2), 1–148 (2011)zbMATHGoogle Scholar
- 4.Blazhko, A.A., Antoshchuk, S.G., Saoud, E.: Automated design method of hierarchical access control in database. In: Proceedings of 5th IEEE International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, 21–23 September, Rende (Cosenza), Italy, pp. 361–363 (2009)Google Scholar
- 5.Brodersen, K., Rothwein, T.M., Malden, M.S., Chen, M.J., Annadata, A.: Database access method and system for user role defined access. United States Patent, No.US6732100B1, 4 May 2004. https://patents.google.com/patent/US6732100B1/en
- 6.Grachev, V.M., Esin, V.I., Polukhina, N.G., Rassomakhin, S.G.: Data security mechanisms implemented in the database with universal model. Bull. Lebedev. Phys. Inst. 41(5), 123–126 (2014)CrossRefGoogle Scholar
- 7.Guarnieri, M., Basin, D.: Optimal security-aware query processing. Proc. VLDB Endow. 7(12), 1307–1318 (2014). https://doi.org/10.14778/2732977.2733003CrossRefGoogle Scholar
- 8.Kagalwala, R.A., Thompson, J.P.: Database schema for structured query language (SQL) server, United States Patent, No.USOO7653652B2, 26 January 2010. https://patents.google.com/patent/US7653652B2/en
- 9.Kuhn, D.R., Coyne, E., Timothy, R.W.: Adding attributes to role-based access control. IEEE Comput. 43(6), 79–81 (2010)CrossRefGoogle Scholar
- 10.Kuji, K.: Database access system and database access method. United States Patent, No.US007778955B2, 17 August 2010. https://patents.google.com/patent/US7778955B2/en
- 11.Lucovsky, M.H., Pierce, S.D., White, S.D., Movva, R., Kalki, J., Auerbach, D.B., Ford, P.S., Jacobs, J.C., Steckler, P.A., Hsueh, W.C., Keil, K.D., Gopal, B., Kannan, S., Yi-Wen Guu, George, S.J., Hoffman, W.R., Smoot, P.M., Fang, L., Taylor, M.B., Wu, W.C., Leach, P.J., Ward, R.B., Yuan, Y.-Q.: Schema-based services for identity-based data access. United States Patent, No.USOO7302634B2, 27 November 2007. [https://patents.google.com/patent/US7302634B2/en
- 12.Olson, D.L., Subodh, K.: Enterprise information systems: contemporary trends and issues. World Scientific, 579 (2009)Google Scholar
- 13.Sandhu, R., Bertino, E.: Database security-concepts, approaches, and challenges. IEEE Trans. Dependable Secure Comput. 2, 2–19 (2005)CrossRefGoogle Scholar
- 14.Shakhovska, N.: Consolidated processing for differential information products. In: Proceedings of the VIIth International Conference “Perspective Technologies and Methods in MEMS Design”, Polyana, Ukraine, pp. 176–177 (2011)Google Scholar
- 15.Shastri, A.A., Chatur, P.N.: Efficient and effective security model for database specially designed to avoid internal threats. In: Proceedings of the International Conference Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM). IEEE (2015)Google Scholar
- 16.Tsoumas, B., Dritsas, S., Gritzalis, D.: An ontology-based approach to information systems security management. In: Computer Network Security (MMM-ACNS 2005), LNCS, vol. 3685, pp. 151–164. Springer, Berlin (2005)Google Scholar
- 17.Zhezhnych, P., Burak, T., Chyrka, O.: On the temporal access control implementation at the logical level of relational databases. In: Proceedings of the 11th International Scientific and Technical Conference on Computer Sciences and Information Technologies (CSIT), pp. 84–87 (2016)Google Scholar
- 18.Zhezhnych, P., Tarasov, D.: Methods of data processing restriction in ERP systems. In: Proceedings of the IEEE 13th International Scientific and Technical Conference on Computer Sciences and Information Technologies (CSIT), Lviv, Ukraine, vol. 1, pp. 274–277 (2018)Google Scholar
- 19.Zhezhnych, P., Tarasov, D.: On restricted set of DML operations in an ERP System’s database. In: AISC Systems and Computing III, vol. 871, pp. 256–266. Springer, Cham (2018)Google Scholar