Search results

Data protection requirements heavily increased due to the rising awareness of data security, legal requirements and technological developments. Today, NoSQL databases are increasingly used in security-critical domains. Current survey works on databases and data security only consider authorization and access control in a very general way and do not regard most of today’s sophisticated requirements. Accordingly, the purpose of this paper is to discuss authorization and access control for relational and NoSQL database models in detail with respect to requirements and current state of the art.

This paper follows a systematic literature review approach to study authorization and access control for different database models. Starting with a research on survey works on authorization and access control in databases, the study continues with the identification and definition of advanced authorization and access control requirements, which are generally applicable to any database model. This paper then discusses and compares current database models based on these requirements.

As no survey works consider requirements for authorization and access control in different database models so far, the authors define their requirements. Furthermore, the authors discuss the current state of the art for the relational, key-value, column-oriented, document-based and graph database models in comparison to the defined requirements.

This paper focuses on authorization and access control for various database models, not concrete products. This paper identifies today’s sophisticated – yet general – requirements from the literature and compares them with research results and access control features of current products for the relational and NoSQL database models.

Rising operational costs and software sustainment concerns have driven the Air Force to move to newer technology to ensure that the Air Force Standard Base Supply System (SBSS) can continue to provide affordable and sustainable mission support in the years to come. This paper aims to summarize the successful software modernization effort the Air Force undertook to achieve that objective.

The paper describes the preliminary system updates that were required to isolate the SBSS software from all internal and external system and user interfaces in preparation for the subsequent successful code roll effort. Once the legacy SBSS component was fully isolated, the SBSS software modernization objective was achieved via a “code roll” conversion of the SBSS software from legacy COBOL to Java code, and movement of the integrated logistics system-supply application from a proprietary information technology (IT) platform to an open IT operating environment.

The SBSS system modernization yielded immediate and significant IT operational cost reductions and provided an important foundation for achieving Air Force logistics system consolidation and cloud computing objectives going forward.

The SBSS modernization experience should be useful in assisting similar data system software modernization efforts.

The continuous development of mobile platforms provides the opportunity to integrate and improve existing applications or to introduce new features to make life better. The purpose of this paper is to investigate the use of mobile platforms in civilization (museums) and present the design and the implementation of a mobile application that satisfies various design criteria. Through this application the visitor can navigate and tour virtually in the museum through a smartphone. In addition, features have been included in the application that make it easier for a user to visit the museum. First, we present the operating parameters and the aesthetic presentation of the application, which delimits usability and ease of access through the interfaces of a smartphone. Then we highlight the cloud features that were exploited in the application. Then, an extended evaluation of the mobile application is presented, that proves its high applicability and user acceptability.

Enterprise knowledge graphs (EKG) in resource description framework (RDF) consolidate and semantically integrate heterogeneous data sources into a comprehensive dataspace. However, to make an external relational data source accessible through an EKG, an RDF view of the underlying relational database, called an RDB2RDF view, must be created. The RDB2RDF view should be materialized in situations where live access to the data source is not possible, or the data source imposes restrictions on the type of query forms and the number of results. In this case, a mechanism for maintaining the materialized view data up-to-date is also required. The purpose of this paper is to address the problem of the efficient maintenance of externally materialized RDB2RDF views.

This paper proposes a formal framework for the incremental maintenance of externally materialized RDB2RDF views, in which the server computes and publishes changesets, indicating the difference between the two states of the view. The EKG system can then download the changesets and synchronize the externally materialized view. The changesets are computed based solely on the update and the source database state and require no access to the content of the view.

The central result of this paper shows that changesets computed according to the formal framework correctly maintain the externally materialized RDB2RDF view. The experiments indicate that the proposed strategy supports live synchronization of large RDB2RDF views and that the time taken to compute the changesets with the proposed approach was almost three orders of magnitude smaller than partial rematerialization and three orders of magnitude smaller than full rematerialization.

The main idea that differentiates the proposed approach from previous work on incremental view maintenance is to explore the object-preserving property of typical RDB2RDF views so that the solution can deal with views with duplicates. The algorithms for the incremental maintenance of relational views with duplicates published in the literature require querying the materialized view data to precisely compute the changesets. By contrast, the approach proposed in this paper requires no access to view data. This is important when the view is maintained externally, because accessing a remote data source may be too slow.

The technical feasibility of using Benford's law to assist internal auditors in reviewing the integrity of high-volume data sets is analysed. This study explores whether Benford's distribution applies to the set of numbers represented by the quantity of records (size) that comprise the different tables that make up a state-owned enterprise's (SOE) enterprise resource planning (ERP) relational database. The use of Benford's law streamlines the search for possible abnormalities within the ERP system's data set, increasing the ability of the internal audit functions (IAFs) to detect anomalies within the database. In the SOEs of emerging economies, where groups compete for power and resources, internal auditors are better off employing analytical tests to discharge their duties without getting involved in power struggles.

Records of eight databases of an SOE in Argentina are used to analyse the number of records of each table in periods of three to 12 years. The case develops step-by-step Benford's law application to test each ERP module records using Chi-squared (χ²) and mean absolute deviation (MAD) goodness-of-fit tests.

Benford's law is an adequate tool for performing integrity tests of high-volume databases. A minimum of 350 tables within each database are required for the MAD test to be effective; this threshold is higher than the 67 reported by earlier researches. Robust results are obtained for the complete ERP system and for large modules; modules with less than 350 tables show low conformity with Benford's law.

This study is not about detecting fraud; it aims to help internal auditors red flag databases that will need further attention, making the most out of available limited resources in SOEs. The contribution is a simple, cheap and useful quantitative tool that can be employed by internal auditors in emerging economies to perform the first scan of the data contained in relational databases.

This paper provides a tool to test whether large amounts of data behave as expected, and if not, they can be pinpointed for future investigation. It offers tests and explanations on the tool's application so that internal auditors of SOEs in emerging economies can use it, particularly those that face divergent expectations from antagonist powerful interest groups.

This study demonstrates that even in the context of limited information technology tools available for internal auditors, there are simple and inexpensive tests to review the integrity of high-volume databases. It also extends the literature on high-volume database integrity tests and our knowledge of the IAF in Civil law countries, particularly emerging economies in Latin America.

Inter-organisational governance is an important enabler for information processing, particularly in relationships undergoing digital transformation (DT) where partners depend on each other for information in decision-making. Based on information processing theory (IPT), the authors theoretically and empirically investigate how governance mechanisms address information asymmetry (uncertainty and equivocality) arising in capturing, sharing and interpreting information generated by digital technologies.

IPT is applied to four cases of public–private relationships in the Dutch infrastructure sector that aim to enhance the quantity and quality of information-based decision-making by implementing digital technologies. The investigated relationships are characterised by differing degrees and types of information uncertainty and equivocality. The authors build on rich data sets including archival data, observations, contract documents and interviews.

Addressing information uncertainty requires invoking contractual control and coordination. Contract clauses should be precise and incentive schemes functional in terms of information requirements. Information equivocality is best addressed by using relational governance. Identifying information requirements and reducing information uncertainty are a prerequisite for the transformation activities that organisations perform to reduce information equivocality.

The study offers insights into the roles of both governance mechanisms in managing information asymmetry in public–private relationships. The study uncovers key activities for gathering, sharing and transforming information when using digital technologies.

This study draws on IPT to study public–private relationships undergoing DT. The study links contractual control and coordination as well as relational governance mechanisms to information-processing activities that organisations deploy to reduce information uncertainty and equivocality.