Here

Transcription

Here
International Journal of Research In Science & Engineering
Volume: 1 Special Issue: 1
e-ISSN: 2394-8299
p-ISSN: 2394-8280
REVIEW PAPER ON ENTERPRISE RESOURCE PLANNING SYSTEMS
FOR PROTECTION
Sagar S.kaware 1 , Prof.Mr.O.V.Chandure 2
1
B.E Final Year, Information Technology, JDIET Yavatmal, [email protected]
2
Asst.prof, Information Technology, JDIET Yavatmal, [email protected]
ABSTRACT
This paper describe the Enterprise Resource Planning (ERP) the technology that provides an integration of lot
of tasks, and the flexibility to perform those tasks at enterprises with enormously changing needs. But, only few
of these ERP systems developed have actually considered mai ntenance strategies. Repairs(Maintenance) is a
difficult process that is triggered by planned periodic repair (scheduled or planned maintenance), tools
breakdown or deterioration indicated by a monitored parameter (unplanned or emergency maintenance).This
process includes development, arrangement, monitoring, quality assurance and the development of necessary
resources such as workshop, labour, machines, equipment, tools, spare parts and materials. The ERP system is
becoming the system with high vulnerability and high confidentiality in which the security is critical issue for it to
operate. Many ERP systems have already integrated their security solution, which work internally; but for open
environment, we need new technical support to secure ERP system. This introduces the ERP system and its
evolution. The security issue of ERP system as well as directions for secure ERP systems is presented.
Keywords: Authorization, Enterprise Resource Planning, exchange infrastructure, policies, RBAC, Web
services
---------------------------------------------------------------------------------------------------------------------------1 INTRODUCTION
ERP stands for Enterprise Resource Planning (ERP). ERP is an enterprise-large information system that
facilitates the flow of information and coordinates all resources and activities within the business. Functions in
generally supported by the system include manufacturing, account, transport, logistics, sharing, invoicing. Some
solutions now insert customer relationship management functionality. A large variety of business actions including
sales, advertising, production, record management, human resource management, and quality control depend on
ERP systems. The ERP system assists in control the relations to outside stakeholders as well as enhancing routine
management. It uses a central database and usually relies on a common computing policy. It provides the user a
combined, consistent, uniform environment. ERP solutions evolved from applications focused on materials
requirements and resource planning and computer integrated manufacturing. The Enterprise Resource Planning
(ERP) word came about when software developers were searching for a name that would more appropriately
describe these broader systems .
Fig-1:of ERP modules
IJRISE| www.ijrise.org|[email protected] [299-303]
International Journal of Research In Science & Engineering
Volume: 1 Special Issue: 1
e-ISSN: 2394-8299
p-ISSN: 2394-8280
2. SECURITY IN ERP
Security is one of important issue for ERP system, as we know it’s used in many of organisation, intellect,
medical and economic. For this we need to developed security policies and model of security system. Modern ERP
system mainly focuses on the confidentiality and protection. In this section, we discuss the development of modern
trends in security for ERP system. While “Giving the Security” we need to discuss what to be secured. In current
section “Current solution”, we discuss current development, including security, for SAP. In the concluding section
“direction on ERP safety”, also consist of discussion of precaution policies and Web Security.
3. APPROACHES TO SECURITY
Security trouble exists in ERP system. These troubles can be present in the following:
Network layer, presentation layer, and application layer, which consist of business processes, internal interfaces, and
database. When a customer/partner communicates with an ERP system, or the business mechanism placed in
different places interrelates among every other, the protection trouble in these cases is classified into the network
protection area. ERP experts will not face with these belongings directly, instead this function will be provided by
purchasing from other who are experts at network security. The presentation layer refers to the graphical user
interface, browsers, and PCs. Since the programme of GUI packets is impossible to control, ERP experts can not
safe the system by restrictive user access to GUI. The better way to provide safety may be to place a CITRIX server
between the user and the ERP system. The security in application layer invests large efforts of the ERP experts to
offer an effective way to secure the business data and processes. The technicians will also choose to
activate/deactivate the security functions provided by the database vendor according to the overall security
summarized some of the security aspects in an ERP system:







Security policy and manager: ERP experts have to provide such a way that open and well defined safety
policies can be easily defined and maintained. The protection policies will offer the set of laws for the
access of topic to thing, and these are the things put on the manager when they are granting/denying
permissions to the users.
User verification: to verify whether the user is the legal person as he claims.
Division of duties: tasks must be classified such that certain tasks can only be performed by certain users or
role.
Authorization: to verify whether the user has access to the rele vant resources. Depending o the
authorization rules, the user is granted access.
Time restriction: the access is permissible only during certain time.
Log and trace: the logging and tracing of relevant events has to be done with preventing the log files from
breach.
Database security.
4. CURRENT SOLUTIONS
4.1 Role-Based Access Control
Many of the modern systems are based on Role-Based Access Control (RBAC), even if they may have
different settings of either enhancements (Kern et al., 2002) or simplifications. (Figure 2)This model defines roles
and grants certain access rights. According to Sandhu et al. (1996), an RBAC model consists of the following
components:
Fig-2: The Model of Role-based Access Control [6]
IJRISE| www.ijrise.org|[email protected] [299-303]
International Journal of Research In Science & Engineering
Volume: 1 Special Issue: 1




e-ISSN: 2394-8299
p-ISSN: 2394-8280
Permissions: Permission is the access to one or more objects in the system. The permission has different
meanings in different environment. If in a database system, the permission refers to the rights such as
select, update, delete, or insert a record. If an accounting application, it may be the rights such as account
creation/deletion, credit/debit, and transfer (Sandhu et al., 1996).
Roles: A role is a named job function within the organization. A role may be hierarchical. For Example, an
engineer role is also an employee role.
Users: A user is a person who may be assigned one or more roles.
Constraints: In the system where there is only one single administrator, the constraints may be meaningless.
If the administration is decentralized, meaning there are several administrators, the constraints will be used
by the senior administrator to restrict the junior administrator’s right to grant/deny the permissions.
Fig-3:The Model of Authorization in r/3
Furthermore, Logging and Tracing is also a required component to secure the ap plication layer of ERP
system, although it is not the key function.
5. BAAN SECURITY USING DEM
In Baan (bought by SSA) security architecture (Valente, 1999), we can easily determine if the solution is
based on the RBAC model. Baan security solution uses a tool called Dynamic Enterprise Modeler (DEM) to help the
security arrangement of Baan. DEM is used to model company process or functions of an association and describe
the roles. Within the construction of Baan’s protection solution, there are four concepts: User worker, function, and
procedure.




User: Baan user is the profile including all of an employee’s personal information.
Employee: The person who works in the organization.
Role: Defined to indicate the position and the assignments of the employee. All workers should be assigned
to a job, and job will be assigned to the business processes.
Procedure: Once a procedure is modelled in Baan ERP, roles will be attached to that procedure.
6. Usage Control Model (UCON)
In modern years, a new model, Usage Control Model (UCON), was proposed in order to set up a
framework for the future defence Idea in ERP. UCON not only combine three functional things (permission,
responsibility, and situation) but also brings in the idea of point in time. This feature allows a protection component
in ERP system to be far more dynamic (Park and Sandhu, 2004). The UCON model consists of the following core
components:
 Subject and subject attributes: An entity with associated attributes which holds or exercises some certain
rights on objects.
 Object and object attributes: An entity with associated attributes which one or several subjects hold or
exercise rights on.
 Rights: Privileges that a subject can or cannot access an object.
 Authorization: Functional predicate determining whether a subject is allowed to perform some right on an
object.
IJRISE| www.ijrise.org|[email protected] [299-303]
International Journal of Research In Science & Engineering
Volume: 1 Special Issue: 1


e-ISSN: 2394-8299
p-ISSN: 2394-8280
Obligation: Functional predicate verifying whether the mandatory requirements have been fulfilled before a
subject performs some right on an object.
Condition: Functional predicate that checks whether the current environmental or system status allows a
subject to perform some right on an object.
7. SECURE ISSUE AND INFORNATION SHARING
The exchanging infrastructure sets up the cornerstone for an ERP system; effective coordination becomes a
stringent requirement that needs to be fulfilled in today’s ERP system. Therefore, securing the exchanged document
is the cornerstone for ERP security; appropriate schema integrating encryption and digital signature technologies
into XML framework is necessary to achieve this goal. Furthermore, appropriate security architecture or model has
to be designed so as to support sharing the knowledge in an open and multi-organizational environment. Much work
has been done in this area, such as trust management and the UCON model, although these security frameworks
have not yet been applied in most commercial ERP products. As we mentioned earlier, the cost and return must be
evaluated before implementing such technologies.
8. WEB SERVICES PROTECTION
As we mentioned in the “ERP Technology” section, Web services and service -oriented architectures are
key technologies for ERP systems. Therefore, securing Web services and service -oriented architectures are needed.
Lot of efforts have been reported on securing Web services (Bertino et al., 2004). Furthermore, standards such as
OASIS have developed security specifications including SAML (Security Assertion Mark-up Language) and
XACML (XML Access Control Mark-up Language) (OASIS Security Specifications, 2003). In addition, securing
XML documents as well as securing semantic Web technologies have received attention (Bertino et al., 2004;
Thuraisingham, 2005). Program such as the Department of Defence Global Information Grid have focused on
security for service-oriented architectures GIG/ IA National Security Agency Presentation, 2005). However, little
work has been reported on adapting the various technologies for securing ERP. This will be the major challenge.
9. CONCLUSION
Enterprise resource planning is technology that improves the area of organisation and lot of impact on the people’s
life style of buying and selling indirectly. ERP system in today’s life is very improved technology that done th e
work more quick and easy. Most of work done even through wireless communication, therefore the security issue
occurred, while doing the business. In open network environment there maximum number of chances of data can be
hacked by unauthorised person. For the we require to use latest developed ERP system and mechanism which has
been developed for security of ERP system, such as we required to use newly developed policy, hand shake method
and OTP(One Time password) technology to secure the our confidential data. Also we required to developed new
policy of security continuously to do the secure transaction through ERP.
REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
G. Eason, B. Noble, and I. N. Sneddon, “On certain integrals of Lipschitz-Hankel type involving products of
Bessel functions,” Phil. Trans. Roy. Soc. London, vol. A247, pp. 529–551, April 1955. (references)
J. Clerk Maxwell, A Treatise on Electricity and Magnetism, 3rd ed., vol. 2. Oxford: Clarendon, 1892, pp.68–73.
I. S. Jacobs and C. P. Bean, “Fine particles, thin films and exchange anisotropy,” in Magnetism, vol. III, G. T.
Rado and H. Suhl, Eds. New York: Academic, 1963, pp. 271–350.
K. Elissa, “Title of paper if known,” unpublished.
R. Nicole, “Title of paper with only first word capitalized,” J. Name Stand. Abbrev., in press.
Y. Yorozu, M. Hirano, K. Oka, and Y. Tagawa, “Electron spectroscopy studies on magneto -optical media and
plastic substrate interface,” IEEE Transl. J. Magn. Japan, vol. 2, pp. 740–741, August 1987 [Digests 9th Annual
Conf. Magnetics Japan, p. 301, 1982].
M. Young, The Technical Writer’s Handbook. Mill Valley, CA: University Science, 1989.
https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&ved=0CCMQFjA
B&url=http%3A%2F%2Fwww.tandfonline.com%2Fdoi%2Ffull%2F10.1080%2F10658980701401959&ei=vIv
8VM7aFMiNuATpu4K4Aw&usg=AFQjCNGcbYU37oFe0_EWCR3DUVBeO3Q1fA&bvm=bv.87611401,d.c2
E
IJRISE| www.ijrise.org|[email protected] [299-303]
International Journal of Research In Science & Engineering
Volume: 1 Special Issue: 1
e-ISSN: 2394-8299
p-ISSN: 2394-8280
http://www.utdallas.edu/~bxt043000/Publications/JournalPapers/DAS/J46_Security_for_Enterprise_Resource_
Planning_Systems.pdf
[10] http://www.utdallas.edu/~bxt043000/Publications/JournalPapers/DAS/J46_Security_for_Enterprise_Resource_
Planning_Systems.pdf
[11] http://www.managementparadise.com/Kirtisoni/documents/22140/study -on-security-for-enterprise-resourceplanning-systems/
[9]
IJRISE| www.ijrise.org|[email protected] [299-303]