Trust in Merged ERP and Open Data Schemes in the ＂Cloud＂

William Caelli；劉音妙(Vicky Liu)；張碩毅(She-I Chang)

企業資源規劃 ； 雲端運算 ； Enterprise Resource Planning ； Cloud Computing

電腦稽核

30期（2014 / 07 / 01）

72 - 89

英文

企業資源規劃系統正迅速結合“巨量資料”的分析流程和公開的“開放資料集”，這些通常是超過企業的業務範疇，透過提供現有客戶更好的服務，以擴大業務範圍和識別新的機會。這些行為正廣泛地透過建立在“雲端運算”環境中的相關軟體系統進行中。然而，有一句流傳超過50年和對電腦系統不信任有關的諺語，即“垃圾進，垃圾出”是用來描述資訊系統不合格和無條件地依賴性問題。然而，一個比“垃圾進，垃圾出”更能貼切形容基於大規模資訊系統的ERP和開放資料集以及“巨量資料”分析的形容詞在稍後被提出，即“垃圾進，真理出”。特別是在雲端環境中，要驗證所使用之資料集真實性和完整性是幾乎不可能的。進而，這很容易導致我們所做的決策是基於這些可疑且無法驗證的結果。將非法的資料“假冒”和修改成合法資料集可能成為現實，在同一時間能稽核分析任何所衍伸出之結果的能力是一重要的需求，特別是在公部門。在這個新興的環境下迫切需要提高對身份、可靠性、真實性和稽核服務的需求，包括命名和定址服務都在本文中進行了討論。目前是提供了一些當代和適當的技術，但同時這些技術也還在被驗證。然而，在解決這些問題時發現了一些嚴重的限制，所以本文提出及建譯未來必要的研究。

Enterprise resource planning (ERP) systems are rapidly being combined with ＂big data＂ analytics processes and publicly available ＂open data sets＂, which are usually outside the arena of the enterprise, to expand activity through better service to current clients as well as identifying new opportunities. Moreover, these activities are now largely based around relevant software systems hosted in a ＂cloud computing＂ environment. However, the over 50-year old phrase related to mistrust in computer systems, namely ＂garbage in, garbage out＂ or ＂GIGO＂, is used to describe problems of unqualified and unquestioning dependency on information systems. However, a more relevant GIGO interpretation arose sometime later, namely ＂garbage in, gospel out＂ signifying that with large scale information systems based around ERP and open datasets as well as ＂big data＂ analytics, particularly in a cloud environment, the ability to verify the authenticity and integrity of the data sets used may be almost impossible. In turn, this may easily result in decision making based upon questionable results which are unverifiable. Illicit ＂impersonation＂ of and modifications to legitimate data sets may become a reality while at the same time the ability to audit any derived results of analysis may be an important requirement, particularly in the public sector. The pressing need for enhancement of identity, reliability, authenticity and audit services, including naming and addressing services, in this emerging environment is discussed in this paper. Some current and appropriate technologies currently being offered are also examined. However, severe limitations in addressing the problems identified are found and the paper proposes further necessary research work for the area. (Note: This paper is based on an earlier unpublished paper/presentation ＂Identity, Addressing, Authenticity and Audit Requirements for Trust in ERP, Analytics and Big/Open Data in a 'Cloud' Computing Environment: A Review and Proposal＂ presented to the Department of Accounting and IT, College of Management, National Chung Chen University, 20 November 2013.)

1. Wikipedia 2013. "Wikipedia, the free encyclopedia " in Garbage in, garbage out, Wikipedia.
2. Mockapetris, P. 1983. "RFC 882 Domain Names -Concepts and Facilities," Internet Engineering Task Force..
3. Open Knolwedge Foundation "The open source data portal software.".
4. Davis, P., and Reed, D. "OASIS Extensible Resource Identifier (XRI).".
5. Réseaux IP Européens "RIPE ENUM Working group, ."
6. Eastlake, D., and Kaufman, C. 1997. " Domain Name System Security Extensions.".
7. Van der Berg, R. 2010. "ENUM: Dragging telephone numbers into the Internet Age.".
8. Department of Defense 1985. "Trusted Computer System Evaluation Criteria (TCSEC), USA 1983/1985, DoD 5200.28-STD Supersedes CSC-STD-00l-83, dated l5 Aug 83, Library No. S225,7ll, 26 December 1985 "..
9. Queensl and Government 2013. "Queensland Government data.".
10. Rodriguez, A. 2008. "RESTful Web services: The basics," IBM..
11. Almeida, F.,Lourenço, J.(2011).Security Issues in Unified Communications.International journal of research and reviews in computer science,2(2),403.
12. Armbrust, M.,Fox, A.,Griffith, R.,Joseph, A. D.,Katz, R.,Konwinski, A.,Lee, G.,Patterson, D.,Rabkin, A.,Stoica, I.(2010).A view of cloud computing.Communications of the ACM,53(4),50-58.
13. Barnes, R.(2012).Domain Name Authentication with DNSSEC and DANE.The Internet Protocol Journal,15
14. Bradely, T.,Shah, S.(2010).Unified Communications for Dummies.Wiley Publishing Inc..
15. Celesti, A.,Villari, M.,Puliafito, A.(2010).Ecosystem of Cloud Naming Systems: an Approach for the Management and Integration of Independent Cloud Name Spaces.Network Computing and Applications (NCA), 2010 Ninth IEEE International Symposium on Network Computing and Applications
16. Croll, P.,Henricksen, M.,Caelli, W.,Liu, V.(2007).Utilizing SELinux to Mandate Ultra-secure Access Control of Medical Records.12th World Congress on Health (Medical) Informatics, Medinfo2007,Brisbane Australia:
17. Dong, Y.,Yajuan, Q.,Hongke, Z.,Huachun, Z.,Bo, W.(2006).URNS: A new name service for uniform network resource location.Wireless, Mobile and Multimedia Networks, 2006 IET International Conference on
18. Goode, B.(2002).Voice over Internet protocol (VoIP).Proceedings of the IEEE,90(9),1495-1517.
19. Henricksen, M.,Caelli, W.,Croll, P.(2007).Securing Grid Data Using Mandatory Access Controls.5th Australian Symposium on Grid Computing and e-Research (AusGrid),Ballarat Australia:
20. IBM Corporation(1993).Dictionary of IBM & Computing Technology.
21. Liu, J.,Ansari, N.(2008).Public Switched Telephone Network.John Wiley & Sons.
22. Liu, V.(2011).Brisbane,Queensland University of Technology.
23. Liu, V.,Caelli, W.,May, L.,Croll, P.(2008).Open Trusted Health Informatics Structure.Australasian Workshop on Health Data and Knowledge Management, the Australian Computer Science Week ACM,Wollongong Australia:
24. Liu, V.,Caelli, W.,May, L.,Croll, P.(2007).A Sustainable Approach to Security and Privacy in Health Information Systems.18th Australasian Conference on Information Systems (ACIS),Toowoomba, Australia:
25. Liu, V.,Caelli, W.,May, L.,Croll, P.(2008).Strengthening Legal Compliance for Privacy in Electronic Health Information Systems: A Review and Analysis.The Electronic Journal of Health Informatics (eJHI),3(1),e3.
26. Liu, V.,Caelli, W.,May, L.,Croll, P.,Henricksen, M.(2007).Current Approaches to Secure Health Information Systems are Not Sustainable: an Analysis.12th World Congress on Health (Medical) Informatics, Medinfo,Brisbane, Australia:
27. Liu, V.,Caelli, W.,May, L.,Sahama, T.(2009).Privacy and Security in Open and Trusted Health Information Systems.Third Australasian Workshop on Health Informatics and Knowledge Management (HIKM 2009),Wellington, New Zealand:
28. Liu, V.,Caelli, W.,Smith, J.,May, L.,Lee, M.,Ng, Z.,Foo, J.,Li, W.(2010).Secure Architecture for Australia's Index Based E-health Environment.The Australasian Workshop on Health Informatics and Knowledge Management in conjunction with the 33rd Australasian Computer Science Conference Conferences in Research and Practice in Information Technology (CRPIT),Brisbane, Australia:
29. Liu, V.,Franco, L.,Caelli, W.,May, L.,Sahama, T.(2009).Open and Trusted Information Systems/Health Informatics Access Control (OTHIS/HIAC).the 32nd Australasian Computer Science Conference (ACSC 2009),Wellington, New Zealand:
30. Miller, P.(2010).TCP/IP -the Ultimate Protocol Guide: Complete 2 Volume Set.Brown Walker Press.
31. Miller, P.,Styles, R.,Heath, T.(2008).Open Data Commons, a License for Open Data.LDOW 2008
32. Muller, N.(2002).Desktop Encyclopedia of Telecommunications.McGraw-Hill.
33. Potts, M.(2012).The state of information security.Network Security,7,9-11.
34. Riemer, K.,Taing, D.-I. S.(2009).Unified Communications.Business & Information Systems Engineering,1(4),326-330.
35. Rosenblum, M.,Garfinkel, T.(2005).Virtual machine monitors: current technology and future trends.Computer,38(5),39-47.
36. She, W.,Thuraisingham, B.(2007).Security for Enterprise Resource Planning Systems.Information Systems Security,16(3),152-163.
37. Skalak, S. L.,Golden, T. W.,Clayton, M. M.,Pill, J.S.(2011).Aguidet of orensic accounting investigation.John Wiley & Sons.
38. Weber, R. H.(2010).Internet of Things - New security and privacy challenges.Computer Law & Security Review,26(1),23-30.