Advertisement

An Approach to Multiple Security System Development Using Database Schemas

  • Pavlo ZhezhnychEmail author
  • Teodor BurakEmail author
Conference paper
First Online:
  • 175 Downloads
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1080)

Abstract

Information security is a key issue in an Enterprise Information System (EIS) development. It is important characteristic of the entire EIS and all EIS’s information subsystems. Information security effectiveness affects adequacy of enterprise decision making at all management levels and especially depends on database security. So, it is a good practice to develop a unified relational database for several subsystems of EIS. This paper discusses an approach to multiple security system development for several subsystems using one or several schemas of the unified database. The key peculiarity of the approach is an ability to evaluate “similarity” of database security systems. The “similar” database security systems should be united into the common security system, otherwise they must be separated. The “similarity” is calculated as weighted correlation between sets of user roles permissions defined as functional on sets of database tables, data operations and user roles. The proposed approach was tested on a production database of University Management Information System that allowed optimizing of its data access control through several database schemas. Also, the approach allows automation of determining the feasibility of creating new database schemas in the further development of the EIS.

Keywords

Database Database schema Information security Access control SQL Information system 
This is a preview of subscription content, log in to check access.

References

  1. 1.
    Ben-Natan, R.: Implementing Database Security and Auditing: A Guide for DBA’s, Information Security Administrators and Auditors. Elsevier Digital Press, eBook, Burlington (2009)Google Scholar
  2. 2.
    Bender, G., Kot, L., Gehrke, J.: Explainable security for relational databases. In: Proceedings of the 2014 ACM SIGMOD International Conference on Management of Data, Snowbird, Utah, USA (2014).  https://doi.org/10.1145/2588555.2593663
  3. 3.
    Bertino, E., Ghinita, G., Kamra, A.: Access control for databases: concepts and systems. Found. Trends® Databases 3(1–2), 1–148 (2011)zbMATHGoogle Scholar
  4. 4.
    Blazhko, A.A., Antoshchuk, S.G., Saoud, E.: Automated design method of hierarchical access control in database. In: Proceedings of 5th IEEE International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, 21–23 September, Rende (Cosenza), Italy, pp. 361–363 (2009)Google Scholar
  5. 5.
    Brodersen, K., Rothwein, T.M., Malden, M.S., Chen, M.J., Annadata, A.: Database access method and system for user role defined access. United States Patent, No.US6732100B1, 4 May 2004. https://patents.google.com/patent/US6732100B1/en
  6. 6.
    Grachev, V.M., Esin, V.I., Polukhina, N.G., Rassomakhin, S.G.: Data security mechanisms implemented in the database with universal model. Bull. Lebedev. Phys. Inst. 41(5), 123–126 (2014)CrossRefGoogle Scholar
  7. 7.
    Guarnieri, M., Basin, D.: Optimal security-aware query processing. Proc. VLDB Endow. 7(12), 1307–1318 (2014).  https://doi.org/10.14778/2732977.2733003CrossRefGoogle Scholar
  8. 8.
    Kagalwala, R.A., Thompson, J.P.: Database schema for structured query language (SQL) server, United States Patent, No.USOO7653652B2, 26 January 2010. https://patents.google.com/patent/US7653652B2/en
  9. 9.
    Kuhn, D.R., Coyne, E., Timothy, R.W.: Adding attributes to role-based access control. IEEE Comput. 43(6), 79–81 (2010)CrossRefGoogle Scholar
  10. 10.
    Kuji, K.: Database access system and database access method. United States Patent, No.US007778955B2, 17 August 2010. https://patents.google.com/patent/US7778955B2/en
  11. 11.
    Lucovsky, M.H., Pierce, S.D., White, S.D., Movva, R., Kalki, J., Auerbach, D.B., Ford, P.S., Jacobs, J.C., Steckler, P.A., Hsueh, W.C., Keil, K.D., Gopal, B., Kannan, S., Yi-Wen Guu, George, S.J., Hoffman, W.R., Smoot, P.M., Fang, L., Taylor, M.B., Wu, W.C., Leach, P.J., Ward, R.B., Yuan, Y.-Q.: Schema-based services for identity-based data access. United States Patent, No.USOO7302634B2, 27 November 2007. [https://patents.google.com/patent/US7302634B2/en
  12. 12.
    Olson, D.L., Subodh, K.: Enterprise information systems: contemporary trends and issues. World Scientific, 579 (2009)Google Scholar
  13. 13.
    Sandhu, R., Bertino, E.: Database security-concepts, approaches, and challenges. IEEE Trans. Dependable Secure Comput. 2, 2–19 (2005)CrossRefGoogle Scholar
  14. 14.
    Shakhovska, N.: Consolidated processing for differential information products. In: Proceedings of the VIIth International Conference “Perspective Technologies and Methods in MEMS Design”, Polyana, Ukraine, pp. 176–177 (2011)Google Scholar
  15. 15.
    Shastri, A.A., Chatur, P.N.: Efficient and effective security model for database specially designed to avoid internal threats. In: Proceedings of the International Conference Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM). IEEE (2015)Google Scholar
  16. 16.
    Tsoumas, B., Dritsas, S., Gritzalis, D.: An ontology-based approach to information systems security management. In: Computer Network Security (MMM-ACNS 2005), LNCS, vol. 3685, pp. 151–164. Springer, Berlin (2005)Google Scholar
  17. 17.
    Zhezhnych, P., Burak, T., Chyrka, O.: On the temporal access control implementation at the logical level of relational databases. In: Proceedings of the 11th International Scientific and Technical Conference on Computer Sciences and Information Technologies (CSIT), pp. 84–87 (2016)Google Scholar
  18. 18.
    Zhezhnych, P., Tarasov, D.: Methods of data processing restriction in ERP systems. In: Proceedings of the IEEE 13th International Scientific and Technical Conference on Computer Sciences and Information Technologies (CSIT), Lviv, Ukraine, vol. 1, pp. 274–277 (2018)Google Scholar
  19. 19.
    Zhezhnych, P., Tarasov, D.: On restricted set of DML operations in an ERP System’s database. In: AISC Systems and Computing III, vol. 871, pp. 256–266. Springer, Cham (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department of Social Communication and Information ActivitiesLviv Polytechnic National UniversityLvivUkraine
  2. 2.Information CenterLviv Polytechnic National UniversityLvivUkraine

Personalised recommendations

Cite paper

Buy options