-
The Design of Teaching Management Information System Based on
Oracle Security Audit Technology
XIA Sailian1, a 1Hunan communication polytechnic,
Changsha 410004,China [email protected]
AbstractThe information system audit is to record information
system user activity in the behavior of a mechanism, it is not only
able to identify who access to the system, and can be how to use
the recording system, so as to provide the basis for the after
process of security incidents. Of oracle security audit technology
is applied to the teaching management information system, on the
system of information security is an important safeguard, provides
an important guarantee for multi-level management, made clear the
role of their duties, and especially for all kinds of personnel
database administrators and academic staff's liabilities
accordingly to monitor and record, it will effectively prevent
illegal data change and use, to implement the responsibility of the
data from problems has a key role, for the safety of the teaching
management information system is very practical.
Keywords-Oracle security audit; B/S mode; Teaching management;
information system
I.INTRODUCTION With the development of information technology
and
teaching management in colleges and universities increasingly
promote the informatization construction, teaching management
information system has become the basis of the survival and
development office and the school, the school has become the most
important infrastructure. Teaching management information system
covering all of the college educational administration work,
involves the teaching plan, students admitted to the university,
student achievement, teaching material management and so on many
aspects, of which, such as the student's graduation certificate
information, and disposition of the achievement, teaching materials
and other information are relatively sensitive [1]. At present,
most of the teaching management information system are bright took
a certain safety protection measures to protect the security of
teaching management information system, but any safety protection
system is not perfect, the system the threat may be outside of the
illegal invasion, also may be internal staff even database
administrator deliberately falsified, security audit system arises
at the historic moment [2].
At first, this paper studies the teaching management information
system and the security of the database and points out that the
teaching management information system is facing all kinds of
security threats, the traditional security means all kinds of
examination and approval
procedures, as well as the school cannot fully guarantee the
safety of the system, especially for insiders such as performance
management, such as a database administrator. This paper discusses
the Oracle database security audit standard and Oracle database
security audit technology, management information system for the
teaching of different modules selected the appropriate audit
technology. Finally according to the characteristics of the
teaching management information system, role, formulate the
corresponding security audit plan.
II.OVERVIEW OF ORACLE SECURITY AUDIT TECHNOLOGY
Safety audit is a new concept, it refers to the professional
auditors in accordance with the relevant laws and regulations,
commissioned by the property owner and the authorization of the
authorities of the computer related activities or behavior of
system under the network environment, independent inspection
validation, and make the corresponding evaluation. Database level
audit function is in the database operation, records related to the
operation time, object and information operation behavior, etc.
Database-level audit can use ORACLE database audit functions,
implementation audit database in all operations [3-4]. Record the
audit information including the username, user session id,
operation time, and operation type and operation object name.
Audit system in the implementation of digital for Oracle
database audit data pretreatment, the audit data through the
analysis of the data mining algorithm, extracting user normal
operation behavior characteristics, establish a rule base, use
anomaly detection method, realizes the real-time monitoring and
analysis of database users operating functions in order to realize
the function angle to analyze, audit analysis system can be divided
into five parts, respectively is audit strategy, system login, log
analysis, data preprocessing, audit analysis and anomaly detection
system is shown in figure 1.
687
2014 IEEE Workshop on Advanced Research and Technology in
Industry Applications (WARTIA)
978-1-4799-6989-0/14/$31.002014 IEEE
-
Oracle audit analysis system
System login
Audit strategy
Data preprocessing
Data preprocessing
Database link
Log out
Association mining pretreatment
Preprocessing sequence mining
Association rule mining
Sequential pattern mining
Figure 1.Oracle audit analysis system model Due to the ORACLE
database can't achieve automatic
recording data to modify the data before and after operation,
can use the trigger, record the data code, can be realized on the
audit data modification operations, as part of audit system
database level in the audit. As a result, the database level audit
by adopting ORACLE database system audit and write the audit
trigger the method of combining of military database user
operation, operation time, audit object and operation behavior.
III.THE TEACHING MANAGEMENT INFORMATION SYSTEM FRAMEWORK BASED
ON B/S MODE B/S (Browser/Server) mode is a kind of three layer
or
multilayer structure of distributed system, is by the Browser
(Browser) and Server (Server). The Server includes a Web Server,
database Server, application Server. In this mode, at the request
of the client to the Web Server via a Browser by the Web Server to
the database Server query request, a Web Server to query data in
the form of a hypertext document to the Browser [5]. B/S mode
application system is a kind of thin client, the client using a
single Browser software, hardware configuration requirements is not
high. At the same time it has good expansibility, can directly
connect the Interne. So B/s mode with its easy to use, easy to
maintain, high degree of information sharing are gradually
replacing C/S mode.
The function of the teaching management information system
overall design system should permeate every link of teaching
management, school management of the practical need of give
attention to two or more things and used in the system operator,
which guarantees the school teaching management modernization. Our
school's teaching management information system is divided into
eight modules: school profile module, teaching plan management
module, class management module, examination module, teacher
management module, student performance management module, the
teaching material management module, user management module. The
system level diagram is shown in figure 2.
Educational administration management system
Entry
School profile
Browse
Print
Calendar query
Educational administration management
Program management
Process management
Entry
Query
Scheduling
Class management
Teaching task
Statistical query
Print
Examination management
Teachers management
Entry
Query
Help
Entry
Query
Statistical
Help Print
Help
Student achievement management
Entry
Query
Statistical
Print
Help
Figure 2. Teaching management information system
IV.STRUCTURE DESIGN OF ORACLE SECURITY AUDIT TEACHING MANAGEMENT
INFORMATION
SYSTEM Security audit is an important part of the management
information system security control, control of data for
basically based on the signature of the paper and the
operating personnel on the ethics of this operation is not only
complicated, and there are a lot of security problems. To monitor
and record the user, restrict the user to the operation of the data
to the operation of the data, examining a suspicious operation, to
prevent the illegal use of data, avoid important data leaks,
illegal change and destruction, effective control of internal
threats, this article put forward the development of security audit
teaching management
688
2014 IEEE Workshop on Advanced Research and Technology in
Industry Applications (WARTIA)
-
information system, as shown in figure 3. Teaching management
information system audit subsystem design is the key to make sure
must audit events, implementing software record of these events,
and store it, in order to prevent the random access. Audit and
record the details of the system monitoring teaching activities.
For successful or unsuccessful login attempt, change of sensitive
data, speaking, reading and writing, the administrator to delete
important data, such as change event record.
The audit system, respectively for the database administrator,
and office staff, the operation of the teaching secretary, teacher,
student and so on identification, separation, auditing, record user
behavior on the key activities in the teaching management
information system, it not only can identify who access to the
system, and can be how to use the recording system, so as to
provide the basis for the after process of security incidents, to
effectively prevent illegal data change and use. Auditing system
can provide statistics, analysis tools, statistics of various
operating frequency; Provide statistical analysis tools, analysis e
in the audit records in the database; Screening and monitors
suspicious users and suspicious. Audit center for auditors to
provide global event view, query and analysis function, provide the
audit report.
Oracle audit engine
Communication
Performance
Log
Alarm Audit
database
Performance monitoring
Session replay
Alarm events
Interface display
Audit report Analysis
Policy configuration Auditing rules Database management
Security audit
Windows Server 2003
Teaching management information system
Figure 3. Teaching management information system based on
Oracle
security audit
V.CONCLUSION This paper takes the teaching management
information
system as the background, based on the analysis of the existing
information system audit and on the basis of the database security
theory, puts forward and implements the scheme of database security
audit, to a certain extent, improved the security of the teaching
management information system in our school. In this paper,
according to the characteristics of the Oracle database
management
system, the design is suitable for the teaching management
information system security audit model, and according to this
model, established the audit data collection and the audit data
analysis functions of security auditing system, any database engine
operated on the database is recorded, and these records can be used
to track and investigate illegal operation, unauthorized users to
ensure the database security, integrity, and availability, with
practical significance.
ACKNOWLEDGEMENTS Hunan province education planning project
achievements, subject name: based on the "dry middle school"
effect of higher vocational accounting professional training
leading practice teaching system research, project approval number:
XJK014BGD025.
REFERENCE [1] G. Ateniese, R. Burns R, and R. Curtmola: ACM
Transactions on Information and System Security (TISSEC), Vol.14
(2011) No.1, p. 12. [2] Y. Zhu, H. Hu, G.J. Ahn: Journal of Systems
and Software, Vol.85 (2012) No.5, p. 1083 [3] S. Wang, Z. Cao, and
Z. Cheng: Science in China Series F: Information Sciences, Vol.52
(2009) No.8, p. 1358. [4] G. Smith: Journal of Corporate Accounting
& Finance, Vol.18 (2007) No.4, p.43. [5] E. Fernndez-Medina, J.
Trujillo, and R. Villarroel: Decision Support Systems, Vol.42
(2006) No.3, p. 1270.
689
2014 IEEE Workshop on Advanced Research and Technology in
Industry Applications (WARTIA)
/ColorImageDict > /JPEG2000ColorACSImageDict >
/JPEG2000ColorImageDict > /AntiAliasGrayImages false
/CropGrayImages true /GrayImageMinResolution 200
/GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true
/GrayImageDownsampleType /Bicubic /GrayImageResolution 300
/GrayImageDepth -1 /GrayImageMinDownsampleDepth 2
/GrayImageDownsampleThreshold 1.50000 /EncodeGrayImages true
/GrayImageFilter /DCTEncode /AutoFilterGrayImages false
/GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict >
/GrayImageDict > /JPEG2000GrayACSImageDict >
/JPEG2000GrayImageDict > /AntiAliasMonoImages false
/CropMonoImages true /MonoImageMinResolution 400
/MonoImageMinResolutionPolicy /OK /DownsampleMonoImages true
/MonoImageDownsampleType /Bicubic /MonoImageResolution 600
/MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000
/EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode
/MonoImageDict > /AllowPSXObjects true /CheckCompliance [ /None
] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false
/PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000
0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true
/PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ]
/PDFXOutputIntentProfile (None) /PDFXOutputConditionIdentifier ()
/PDFXOutputCondition () /PDFXRegistryName () /PDFXTrapped
/False
/CreateJDFFile false /Description >>>
setdistillerparams> setpagedevice