Modernization Framework to Enhance the Security of Legacy Information Systems

: Due to various issues such as lack of agility, low performance, security issues, and high maintenance costs, the organization replaces its legacy information system (LIS). However, with the expansion of information technology, the security of the old system has received great attention. The protection of legacy data and information is critical to the organization. However, achieving safety through modernization, redevelopment, or redesign of LIS is a time-consuming and costly solution, especially in small and medium enterprises (SMEs). In addi-tion, newly developed systems often lose inherent business rules, data integrity, and user trust. In this paper, we propose a Security Modernization Framework (SMF) to inject security measures into LIS without modernizing the existing solution. Fundamentally speaking, SMF is a collection of methods and technologies that enhance the security structure of LIS to protect applications and old data. SMF consists of two layers of security control: data audit trail and user access authorization. This contribution has two key advantages. First, it can help SMEs protect their data and applications from unauthorized access. Second, it is the low-est cost solution to implement security measures in LIS instead of modernizing or replacing the system. SMF has used the oracle technology for authentication, but the examples are also shown in pseudocode to facilitate easy positioning of other technologies.


Introduction
The traditional information system (LIS) is a data-intensive system, composed of a large number of data files, and has significant resistance to alteration [1]. LIS resists changes caused by changing business needs [2,3]. The traditional system can meet the business needs of the enterprise and meet the functional requirements, but it lacks architecture standards [4]. Although LIS lacks various quality attributes such as availability, maintainability, and interoperability, security is one of the key attributes it lacks. Over time, access vulnerabilities will appear in LIS, because security is one of the most targeted areas of unauthorized agents. Intruders use these vulnerabilities to access valuable data. Software security means that although software failures continue to occur in the real world, the software should still run correctly in the case of harmful attacks [5]. Organizations can minimize information risks by implementing an effective information system security infrastructure [6]. Today's small and medium enterprises urgently need security systems, even if many current systems lack security attributes. As we all know, SMEs are the most important and critical part of the world economy [7]. The security and protection of information systems have become very important for enterprises, especially small and medium-sized enterprises. In small and medium-sized enterprises, security is considered to be one of the main factors for economic success [8]. The security of LIS can be improved by modernizing the entire legacy system, but this is a difficult task. Many transformation and modernization models have been proposed to meet this challenge. However, replacing the old system will produce a technically inefficient and difficult to manage system [9]. Due to a lot of redevelopment work, it is not suitable to use various technologies to solve the vulnerabilities in legacy applications [10]. Therefore, switching from the old business process to the new business process is indeed a tedious task [11]. Replacing the system also risks losing a lot of business knowledge [12]. Therefore, due to these challenges, many researchers have proposed various solutions to improve the quality of existing LIS, rather than undertake the arduous task of replacing these systems. In this article, we propose a model that integrates security measures without the need to modernize or redesign the existing LIS. This model is a collection of security control methods and technologies that can help organizations overcome security vulnerabilities and control threats to corporate assets. The structure of this article is as follows. Related work has been discussed in Section 2. Section 3 introduces the proposed framework, namely SMF and its implementation details. The verification process, case studies, and results have been explained in Section 4. Finally, Section 6 summarizes this article.

Related Work
In this section, the security and access control models suggested by various researchers are discussed. Data and security are regarded as major risks, especially those that contain critical data [13]. The author proposed a Dynamic Safety Adaptive Controller (DSAC) in [14]. The controller dynamically adjusts static safety rules to configure and adjust existing conditions related to legacy systems. The author uses a whole to determine and specify access rules for any emergencies. In [15], another public/private keybased method was proposed. According to the author, when a user wants to access the old system, the attestation will be sent to the application server, which uses its private key to decrypt the data. Then, the retrieved authentication data will be further passed to the target traditional application, which will ultimately authenticate the user. Xiaowei Li et al. [10] discussed the identification of security vulnerabilities in traditional web applications. The author explains two types of security testing techniques, namely static analysis and runtime protection. In static analysis, vulnerabilities related to the source code will be identified, while in runtime protection, vulnerabilities of the function or operation level will be exploited. Alfonso Rodríguez and others proposed a model-driven conversion framework [16]. Among them, by paying special attention to security requirements, information related to secure business processes is retrieved from the old information system. These security requirements are related to access control, auditing, integrity, and privacy. Security aspects are also crucial in a cloud environment. When migrating the legacy system to the cloud environment, the author has put forward a detailed investigation on security [17]. The author believes that when migrating old systems to the cloud, security or privacy aspects are usually ignored. With the help of four research questions, the author analyzed research publications related to safety. Security is also very important in real-time systems. The author developed different techniques and a design-time evaluation framework for integrating security in real-time systems in [18]. The author further studied the measurement aspects and defined various measures to measure the effectiveness of the integration. Alain Bensoussan et al. proposed a model related to an intrusion detection system that can distinguish between legitimate and malicious traffic entering the company [19]. The author believes that when shocking attacks increase over time, the system's discriminative ability will decrease. Therefore, the proposed model proves the level of discrimination that companies should strive to achieve.

Security Modernization Framework
The Security Modernization Framework (SMF) uses two types of protection layers (i.e., database layer and application layer) to ensure that only legitimate access to old data and applications is made.
In Fig. 1, the two layers of security control are modeled. In the first layer (database layer), the proposed security methods are mainly related to data auditing. Database roles are related to user authorization and control. Database triggers audit the changes that users make to data in a specific transaction type. The DB log is a DBMS (i.e., Oracle) function used to record required information during database transactions. In the second layer (application layer), the DML recorder is used for data auditing in DML transactions, and the gateway controller manages vulnerabilities related to unauthorized access.

Database Layer
As mentioned earlier, two layers of security control are shown in Fig. 1. In the database layer, security controls and methods are applied at the back-end or database level, so in this section, we discuss security methods and technologies implemented on the database level.

DB Role
Generally, the access control security mechanism of LIS is inappropriate. The permissions on different database objects are maintained chaotically. Usually, the direct access method is adopted; in which authorized users can directly access database objects. For example, Fig. 2 depicts a grid of unmanageable permissions between users U1, U2, and U3 on Tabs. T1 and T2. The simple scenario shown in Fig. 2 is difficult to manage and control. When tens or hundreds of database objects and users are involved, this method becomes more complicated and difficult to manage. For DBAs, the complex user authorization method shown in Fig. 3 is even difficult, because managing and monitoring this type of grid is not an easy task. Therefore, using database roles for access control is a more appropriate, safe, and useful method. A role in a database is a set of permissions used to restrict user access to database objects (such as tables, views, procedures, functions, or packages, etc.). The DB role is a less complicated and easy way to group related permissions and privileges for better data and application access management. The following pseudocode illustrates setting database roles for different situations to enhance user access control mechanisms. Under the above circumstances, access to the data in the existing LIS is restricted in three different ways. There may be other similar types of scenes involving multiple objects and users. This simple role-based method is more structured, efficient, and can protect valuable old data from unauthorized access by using logical permission groups.

DB Trigger
LIS usually does not have sufficient methods to maintain records of data changes. Therefore, if an unpleasant event related to a data security breach or unauthorized access occurs, there should not be any mechanism to detect or identify clues to changes made to sensitive data. Database triggers (database triggers) are a convenient way to capture a complete data audit trail. The following scenarios show how to maintain audit trails and control user access.

DB Level (Login/Logout Triggers)
The login/logout trigger is very important to track the entry and exit of users in LIS. Whenever a user enters or exits the application, the login and logout triggers are triggered separately. Through these two types of triggers, you can easily capture "who", "when" and "where" information.

Login Scenario
We create the following table to store the information of login.
Tab. 1 contains the basic information of the logged-in user, but more information can be maintained as needed. Let us describe the purpose of each column in the table.

Define a Function
Fun_Client_Info with required arguments to capture and provide client details that are user, machine and source of transaction 4. Define a procedure Proc_Log_Error to record errors raised during the audit trail operation

DB Log
Most DBMSs usually provide a database log (DB Log) to maintain a detailed audit trail of all DML operations. This option is available in many DBMSs, and a database administrator (DBA) can use this option to maintain an audit trail. DB Log contains information related to a client computer, user, SQL statement, date, time, and operation type. However, one must use the DB Log utility with caution, because enabling this feature may adversely affect database performance.

Application Layer
After discussing the back-end security methods, we now discuss the front-end methods and techniques that can further enhance the security structure of LIS.

DML Logger
In order to enrich the data audit trail, it is necessary to apply few security controls at the application level. The DML operation performed by the user will be provided to the database trigger, which in turn inserts detailed information into the data audit trail table. The DB trigger discussed earlier has a limitation, that is, it is difficult to obtain the name of the relevant Application Server, especially in a three-tier environment. This means that not all types of information can be captured on the backend, so a small number of security methods need to be incorporated at the interface/application level so that a complete audit trail can be maintained. The following pseudocode helps to achieve the goal. /********* Pseudocode to maintain data audit trail (front-end technique) ********/ /*******************************************************************/ a. Add the following six columns to the database table for storing the audit data: c. Add code to Pre-Insert trigger of the relevant form so that: Entry_By captures the logged in data entry user; Entry_Date logs date and time of the insertion activity; Client_Machine takes the client computer/machine name stored in G_Machine; Client_OS_User takes the operating system user name stored in G_OS; d. Add code to Pre-Update trigger of the same form, so that: Updated_By logs the user updating the data; Updated_Date logs date and time of update; Client_Machine takes the client computer/machine name stored in G_Machine; Client_OS_User takes the operating system user name stored in G_OS; e. Add code to Pre-Delete trigger of the same form, so that: -Capture the old values before deletion Updated_By logs the user deleting the data; Updated_Date logs the date and time of data deletion; Client_Machine takes the client computer/machine name stored in G_Machine; Client_OS_User takes the operating system user name stored in G_OS;

Gateway Controller
The gateway controller is used to restrict unauthorized access and record illegal access attempts. This method uses two types of techniques.

Rule-Based Technique
In this technique, access rules are configured to associate authorized client computers with related application resources. Without defined rules, no user/client computer can access the application. In this technique, a separate table is maintained to store all associations between client computers and authorized application resources. Tab. 2 below shows the layout of the data store, which maintains the association rules between application resources and related client computers.
In Tab. 2, the OS_User_Account column contains the operating system user account that is authorized to use the client computer mentioned in the Client_Machine column, which can access the application resources given in the App_Resource column. For example, Manager_03 is a legitimate user account held by the financial manager. If the financial manager uses Client-Computer2 to access the financial system, it will be impossible, because only Client-Computer1 has the association rules of the defined account to access the relevant application resources.

Single Entry Point
A single point of entry is essential to a secure system. In this method, only one legal way to enter the system is defined and all other ways of entry are restricted.
As shown in Fig. 4, only one legal access point can be used to enter the LIS. This entry point is only available for users with authorized login credentials. Even if you call the corresponding URL directly, you cannot access LIS. Remote access to software resources from any process or function is not allowed. Similarly, software resources cannot be called by external systems.

Validation Questions
The security control and application methods were tested through related verification questions. As shown in Tab. 3, for each type of security control, verification questions are prepared in the form of test cases. These questions are selected from multiple functional areas.
After rigorous testing and verification of the results, the following output is given:   As shown in Tab. 3, all the descriptive questions have been successfully addressed, and the actual results are in line with the expected results. Those tests based on issues related to authorization checks were considered positive and were considered passed. In the end, we concluded that these simple security controls are very useful for enhancing the security and protection paradigm of LIS data and application in SMEs.

Vulnerability Testing
Vulnerability testing has been conducted thoroughly to ensure that SMF produces credible and accurate results. In this regard, two types of vulnerabilities are applied in the human resources, financial management, and administration domains, namely privilege vulnerabilities and transaction vulnerabilities. The results are given in Tab. 4.  Manager_03 deleted the salary account head using interface "FS-234"

Qualified
Gateway controller Direct access Can anyone directly access the interface "SM-400" without logging in to the application?
Cannot access the "SM-400" via URL

Passed
After applying relevant security controls in the corresponding LIS, the results of the vulnerability test are displayed in Tab. 4. The results plotted in the table show that all the security controls of SMF produced excellent results. The symbol "✓" indicates that the corresponding security control has been applied and the related vulnerabilities have been successfully deleted, while "✗" indicates that the corresponding security control has not been applied. The drawn results show that all security control measures have the ability to eliminate related vulnerabilities. The LIS of these three functional domains was tested under relevant security control and produced remarkable results.

Conclusion
Security is an important attribute of quality information systems. Unauthorized or malicious attacks to access valuable data and information can cause considerable losses to enterprises. Unfortunately, organizations often lack this vital quality attribute in their LIS. In order to protect their legacy data and applications, large enterprises usually choose a modern and complete LIS infrastructure. However, for small and medium enterprises (SMEs), the modernization of the entire legacy system is not an easy task, because it requires a lot of cost, a long time, and a lot of work. Therefore, instead of transforming a complete LIS into a new modern system, we propose a Security Modernization Framework (SMF), which includes a set of simple security controls that can enhance the security paradigm of LIS. SMF has two layers of security control, the first layer is the database layer, and the second layer is the application layer. The results show that with minimal effort and time, the security of LIS has been significantly improved, and existing vulnerabilities have been greatly reduced. By improving the security functions of existing information assets with minimal effort and the lowest cost, SMEs can benefit from SMF. As the example shows, SMF is implemented in the context of oracle technology; however, the pseudocode also illustrates methods that are easy to refer to in other technologies.