The Design of Teaching Management Information System Based on Oracle Security Audit Technology

The Design of Teaching Management Information System Based on Oracle Security Audit Technology

XIA Sailian1, a 1Hunan communication polytechnic,

Changsha 410004,China [email protected]

AbstractThe information system audit is to record information system user activity in the behavior of a mechanism, it is not only able to identify who access to the system, and can be how to use the recording system, so as to provide the basis for the after process of security incidents. Of oracle security audit technology is applied to the teaching management information system, on the system of information security is an important safeguard, provides an important guarantee for multi-level management, made clear the role of their duties, and especially for all kinds of personnel database administrators and academic staff's liabilities accordingly to monitor and record, it will effectively prevent illegal data change and use, to implement the responsibility of the data from problems has a key role, for the safety of the teaching management information system is very practical.

Keywords-Oracle security audit; B/S mode; Teaching management; information system

I.INTRODUCTION With the development of information technology and

teaching management in colleges and universities increasingly promote the informatization construction, teaching management information system has become the basis of the survival and development office and the school, the school has become the most important infrastructure. Teaching management information system covering all of the college educational administration work, involves the teaching plan, students admitted to the university, student achievement, teaching material management and so on many aspects, of which, such as the student's graduation certificate information, and disposition of the achievement, teaching materials and other information are relatively sensitive [1]. At present, most of the teaching management information system are bright took a certain safety protection measures to protect the security of teaching management information system, but any safety protection system is not perfect, the system the threat may be outside of the illegal invasion, also may be internal staff even database administrator deliberately falsified, security audit system arises at the historic moment [2].

At first, this paper studies the teaching management information system and the security of the database and points out that the teaching management information system is facing all kinds of security threats, the traditional security means all kinds of examination and approval

procedures, as well as the school cannot fully guarantee the safety of the system, especially for insiders such as performance management, such as a database administrator. This paper discusses the Oracle database security audit standard and Oracle database security audit technology, management information system for the teaching of different modules selected the appropriate audit technology. Finally according to the characteristics of the teaching management information system, role, formulate the corresponding security audit plan.

II.OVERVIEW OF ORACLE SECURITY AUDIT TECHNOLOGY

Safety audit is a new concept, it refers to the professional auditors in accordance with the relevant laws and regulations, commissioned by the property owner and the authorization of the authorities of the computer related activities or behavior of system under the network environment, independent inspection validation, and make the corresponding evaluation. Database level audit function is in the database operation, records related to the operation time, object and information operation behavior, etc. Database-level audit can use ORACLE database audit functions, implementation audit database in all operations [3-4]. Record the audit information including the username, user session id, operation time, and operation type and operation object name.

Audit system in the implementation of digital for Oracle database audit data pretreatment, the audit data through the analysis of the data mining algorithm, extracting user normal operation behavior characteristics, establish a rule base, use anomaly detection method, realizes the real-time monitoring and analysis of database users operating functions in order to realize the function angle to analyze, audit analysis system can be divided into five parts, respectively is audit strategy, system login, log analysis, data preprocessing, audit analysis and anomaly detection system is shown in figure 1.

687

2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA)

978-1-4799-6989-0/14/$31.002014 IEEE

Oracle audit analysis system

System login

Audit strategy

Data preprocessing

Data preprocessing

Database link

Log out

Association mining pretreatment

Preprocessing sequence mining

Association rule mining

Sequential pattern mining

Figure 1.Oracle audit analysis system model Due to the ORACLE database can't achieve automatic

recording data to modify the data before and after operation, can use the trigger, record the data code, can be realized on the audit data modification operations, as part of audit system database level in the audit. As a result, the database level audit by adopting ORACLE database system audit and write the audit trigger the method of combining of military database user operation, operation time, audit object and operation behavior.

III.THE TEACHING MANAGEMENT INFORMATION SYSTEM FRAMEWORK BASED ON B/S MODE B/S (Browser/Server) mode is a kind of three layer or

multilayer structure of distributed system, is by the Browser (Browser) and Server (Server). The Server includes a Web Server, database Server, application Server. In this mode, at the request of the client to the Web Server via a Browser by the Web Server to the database Server query request, a Web Server to query data in the form of a hypertext document to the Browser [5]. B/S mode application system is a kind of thin client, the client using a single Browser software, hardware configuration requirements is not high. At the same time it has good expansibility, can directly connect the Interne. So B/s mode with its easy to use, easy to maintain, high degree of information sharing are gradually replacing C/S mode.

The function of the teaching management information system overall design system should permeate every link of teaching management, school management of the practical need of give attention to two or more things and used in the system operator, which guarantees the school teaching management modernization. Our school's teaching management information system is divided into eight modules: school profile module, teaching plan management module, class management module, examination module, teacher management module, student performance management module, the teaching material management module, user management module. The system level diagram is shown in figure 2.

Educational administration management system

Entry

School profile

Browse

Print

Calendar query

Educational administration management

Program management

Process management

Entry

Query

Scheduling

Class management

Teaching task

Statistical query

Print

Examination management

Teachers management

Entry

Query

Help

Entry

Query

Statistical

Help Print

Help

Student achievement management

Entry

Query

Statistical

Print

Help

Figure 2. Teaching management information system

IV.STRUCTURE DESIGN OF ORACLE SECURITY AUDIT TEACHING MANAGEMENT INFORMATION

SYSTEM Security audit is an important part of the management

information system security control, control of data for basically based on the signature of the paper and the

operating personnel on the ethics of this operation is not only complicated, and there are a lot of security problems. To monitor and record the user, restrict the user to the operation of the data to the operation of the data, examining a suspicious operation, to prevent the illegal use of data, avoid important data leaks, illegal change and destruction, effective control of internal threats, this article put forward the development of security audit teaching management

688

2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA)

information system, as shown in figure 3. Teaching management information system audit subsystem design is the key to make sure must audit events, implementing software record of these events, and store it, in order to prevent the random access. Audit and record the details of the system monitoring teaching activities. For successful or unsuccessful login attempt, change of sensitive data, speaking, reading and writing, the administrator to delete important data, such as change event record.

The audit system, respectively for the database administrator, and office staff, the operation of the teaching secretary, teacher, student and so on identification, separation, auditing, record user behavior on the key activities in the teaching management information system, it not only can identify who access to the system, and can be how to use the recording system, so as to provide the basis for the after process of security incidents, to effectively prevent illegal data change and use. Auditing system can provide statistics, analysis tools, statistics of various operating frequency; Provide statistical analysis tools, analysis e in the audit records in the database; Screening and monitors suspicious users and suspicious. Audit center for auditors to provide global event view, query and analysis function, provide the audit report.

Oracle audit engine

Communication

Performance

Log

Alarm Audit

database

Performance monitoring

Session replay

Alarm events

Interface display

Audit report Analysis

Policy configuration Auditing rules Database management

Security audit

Windows Server 2003

Teaching management information system

Figure 3. Teaching management information system based on Oracle

security audit

V.CONCLUSION This paper takes the teaching management information

system as the background, based on the analysis of the existing information system audit and on the basis of the database security theory, puts forward and implements the scheme of database security audit, to a certain extent, improved the security of the teaching management information system in our school. In this paper, according to the characteristics of the Oracle database management

system, the design is suitable for the teaching management information system security audit model, and according to this model, established the audit data collection and the audit data analysis functions of security auditing system, any database engine operated on the database is recorded, and these records can be used to track and investigate illegal operation, unauthorized users to ensure the database security, integrity, and availability, with practical significance.

ACKNOWLEDGEMENTS Hunan province education planning project

achievements, subject name: based on the "dry middle school" effect of higher vocational accounting professional training leading practice teaching system research, project approval number: XJK014BGD025.

REFERENCE [1] G. Ateniese, R. Burns R, and R. Curtmola: ACM Transactions on Information and System Security (TISSEC), Vol.14 (2011) No.1, p. 12. [2] Y. Zhu, H. Hu, G.J. Ahn: Journal of Systems and Software, Vol.85 (2012) No.5, p. 1083 [3] S. Wang, Z. Cao, and Z. Cheng: Science in China Series F: Information Sciences, Vol.52 (2009) No.8, p. 1358. [4] G. Smith: Journal of Corporate Accounting & Finance, Vol.18 (2007) No.4, p.43. [5] E. Fernndez-Medina, J. Trujillo, and R. Villarroel: Decision Support Systems, Vol.42 (2006) No.3, p. 1270.

689

2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA)

/ColorImageDict > /JPEG2000ColorACSImageDict > /JPEG2000ColorImageDict > /AntiAliasGrayImages false /CropGrayImages true /GrayImageMinResolution 200 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 300 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.50000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages false /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict > /GrayImageDict > /JPEG2000GrayACSImageDict > /JPEG2000GrayImageDict > /AntiAliasMonoImages false /CropMonoImages true /MonoImageMinResolution 400 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages true /MonoImageDownsampleType /Bicubic /MonoImageResolution 600 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict > /AllowPSXObjects true /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (None) /PDFXOutputConditionIdentifier () /PDFXOutputCondition () /PDFXRegistryName () /PDFXTrapped /False

/CreateJDFFile false /Description >>> setdistillerparams> setpagedevice