the design of teaching management information system based on oracle security audit technology
DESCRIPTION
AUDITORIA BDTRANSCRIPT
-
The Design of Teaching Management Information System Based on Oracle Security Audit Technology
XIA Sailian1, a 1Hunan communication polytechnic,
Changsha 410004,China [email protected]
AbstractThe information system audit is to record information system user activity in the behavior of a mechanism, it is not only able to identify who access to the system, and can be how to use the recording system, so as to provide the basis for the after process of security incidents. Of oracle security audit technology is applied to the teaching management information system, on the system of information security is an important safeguard, provides an important guarantee for multi-level management, made clear the role of their duties, and especially for all kinds of personnel database administrators and academic staff's liabilities accordingly to monitor and record, it will effectively prevent illegal data change and use, to implement the responsibility of the data from problems has a key role, for the safety of the teaching management information system is very practical.
Keywords-Oracle security audit; B/S mode; Teaching management; information system
I.INTRODUCTION With the development of information technology and
teaching management in colleges and universities increasingly promote the informatization construction, teaching management information system has become the basis of the survival and development office and the school, the school has become the most important infrastructure. Teaching management information system covering all of the college educational administration work, involves the teaching plan, students admitted to the university, student achievement, teaching material management and so on many aspects, of which, such as the student's graduation certificate information, and disposition of the achievement, teaching materials and other information are relatively sensitive [1]. At present, most of the teaching management information system are bright took a certain safety protection measures to protect the security of teaching management information system, but any safety protection system is not perfect, the system the threat may be outside of the illegal invasion, also may be internal staff even database administrator deliberately falsified, security audit system arises at the historic moment [2].
At first, this paper studies the teaching management information system and the security of the database and points out that the teaching management information system is facing all kinds of security threats, the traditional security means all kinds of examination and approval
procedures, as well as the school cannot fully guarantee the safety of the system, especially for insiders such as performance management, such as a database administrator. This paper discusses the Oracle database security audit standard and Oracle database security audit technology, management information system for the teaching of different modules selected the appropriate audit technology. Finally according to the characteristics of the teaching management information system, role, formulate the corresponding security audit plan.
II.OVERVIEW OF ORACLE SECURITY AUDIT TECHNOLOGY
Safety audit is a new concept, it refers to the professional auditors in accordance with the relevant laws and regulations, commissioned by the property owner and the authorization of the authorities of the computer related activities or behavior of system under the network environment, independent inspection validation, and make the corresponding evaluation. Database level audit function is in the database operation, records related to the operation time, object and information operation behavior, etc. Database-level audit can use ORACLE database audit functions, implementation audit database in all operations [3-4]. Record the audit information including the username, user session id, operation time, and operation type and operation object name.
Audit system in the implementation of digital for Oracle database audit data pretreatment, the audit data through the analysis of the data mining algorithm, extracting user normal operation behavior characteristics, establish a rule base, use anomaly detection method, realizes the real-time monitoring and analysis of database users operating functions in order to realize the function angle to analyze, audit analysis system can be divided into five parts, respectively is audit strategy, system login, log analysis, data preprocessing, audit analysis and anomaly detection system is shown in figure 1.
687
2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA)
978-1-4799-6989-0/14/$31.002014 IEEE
-
Oracle audit analysis system
System login
Audit strategy
Data preprocessing
Data preprocessing
Database link
Log out
Association mining pretreatment
Preprocessing sequence mining
Association rule mining
Sequential pattern mining
Figure 1.Oracle audit analysis system model Due to the ORACLE database can't achieve automatic
recording data to modify the data before and after operation, can use the trigger, record the data code, can be realized on the audit data modification operations, as part of audit system database level in the audit. As a result, the database level audit by adopting ORACLE database system audit and write the audit trigger the method of combining of military database user operation, operation time, audit object and operation behavior.
III.THE TEACHING MANAGEMENT INFORMATION SYSTEM FRAMEWORK BASED ON B/S MODE B/S (Browser/Server) mode is a kind of three layer or
multilayer structure of distributed system, is by the Browser (Browser) and Server (Server). The Server includes a Web Server, database Server, application Server. In this mode, at the request of the client to the Web Server via a Browser by the Web Server to the database Server query request, a Web Server to query data in the form of a hypertext document to the Browser [5]. B/S mode application system is a kind of thin client, the client using a single Browser software, hardware configuration requirements is not high. At the same time it has good expansibility, can directly connect the Interne. So B/s mode with its easy to use, easy to maintain, high degree of information sharing are gradually replacing C/S mode.
The function of the teaching management information system overall design system should permeate every link of teaching management, school management of the practical need of give attention to two or more things and used in the system operator, which guarantees the school teaching management modernization. Our school's teaching management information system is divided into eight modules: school profile module, teaching plan management module, class management module, examination module, teacher management module, student performance management module, the teaching material management module, user management module. The system level diagram is shown in figure 2.
Educational administration management system
Entry
School profile
Browse
Print
Calendar query
Educational administration management
Program management
Process management
Entry
Query
Scheduling
Class management
Teaching task
Statistical query
Print
Examination management
Teachers management
Entry
Query
Help
Entry
Query
Statistical
Help Print
Help
Student achievement management
Entry
Query
Statistical
Print
Help
Figure 2. Teaching management information system
IV.STRUCTURE DESIGN OF ORACLE SECURITY AUDIT TEACHING MANAGEMENT INFORMATION
SYSTEM Security audit is an important part of the management
information system security control, control of data for basically based on the signature of the paper and the
operating personnel on the ethics of this operation is not only complicated, and there are a lot of security problems. To monitor and record the user, restrict the user to the operation of the data to the operation of the data, examining a suspicious operation, to prevent the illegal use of data, avoid important data leaks, illegal change and destruction, effective control of internal threats, this article put forward the development of security audit teaching management
688
2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA)
-
information system, as shown in figure 3. Teaching management information system audit subsystem design is the key to make sure must audit events, implementing software record of these events, and store it, in order to prevent the random access. Audit and record the details of the system monitoring teaching activities. For successful or unsuccessful login attempt, change of sensitive data, speaking, reading and writing, the administrator to delete important data, such as change event record.
The audit system, respectively for the database administrator, and office staff, the operation of the teaching secretary, teacher, student and so on identification, separation, auditing, record user behavior on the key activities in the teaching management information system, it not only can identify who access to the system, and can be how to use the recording system, so as to provide the basis for the after process of security incidents, to effectively prevent illegal data change and use. Auditing system can provide statistics, analysis tools, statistics of various operating frequency; Provide statistical analysis tools, analysis e in the audit records in the database; Screening and monitors suspicious users and suspicious. Audit center for auditors to provide global event view, query and analysis function, provide the audit report.
Oracle audit engine
Communication
Performance
Log
Alarm Audit
database
Performance monitoring
Session replay
Alarm events
Interface display
Audit report Analysis
Policy configuration Auditing rules Database management
Security audit
Windows Server 2003
Teaching management information system
Figure 3. Teaching management information system based on Oracle
security audit
V.CONCLUSION This paper takes the teaching management information
system as the background, based on the analysis of the existing information system audit and on the basis of the database security theory, puts forward and implements the scheme of database security audit, to a certain extent, improved the security of the teaching management information system in our school. In this paper, according to the characteristics of the Oracle database management
system, the design is suitable for the teaching management information system security audit model, and according to this model, established the audit data collection and the audit data analysis functions of security auditing system, any database engine operated on the database is recorded, and these records can be used to track and investigate illegal operation, unauthorized users to ensure the database security, integrity, and availability, with practical significance.
ACKNOWLEDGEMENTS Hunan province education planning project
achievements, subject name: based on the "dry middle school" effect of higher vocational accounting professional training leading practice teaching system research, project approval number: XJK014BGD025.
REFERENCE [1] G. Ateniese, R. Burns R, and R. Curtmola: ACM Transactions on Information and System Security (TISSEC), Vol.14 (2011) No.1, p. 12. [2] Y. Zhu, H. Hu, G.J. Ahn: Journal of Systems and Software, Vol.85 (2012) No.5, p. 1083 [3] S. Wang, Z. Cao, and Z. Cheng: Science in China Series F: Information Sciences, Vol.52 (2009) No.8, p. 1358. [4] G. Smith: Journal of Corporate Accounting & Finance, Vol.18 (2007) No.4, p.43. [5] E. Fernndez-Medina, J. Trujillo, and R. Villarroel: Decision Support Systems, Vol.42 (2006) No.3, p. 1270.
689
2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA)
/ColorImageDict > /JPEG2000ColorACSImageDict > /JPEG2000ColorImageDict > /AntiAliasGrayImages false /CropGrayImages true /GrayImageMinResolution 200 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 300 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.50000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages false /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict > /GrayImageDict > /JPEG2000GrayACSImageDict > /JPEG2000GrayImageDict > /AntiAliasMonoImages false /CropMonoImages true /MonoImageMinResolution 400 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages true /MonoImageDownsampleType /Bicubic /MonoImageResolution 600 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict > /AllowPSXObjects true /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (None) /PDFXOutputConditionIdentifier () /PDFXOutputCondition () /PDFXRegistryName () /PDFXTrapped /False
/CreateJDFFile false /Description >>> setdistillerparams> setpagedevice