posted on 2003-04-01, 00:00authored byRakesh Agrawal, Roberto Bayardo, Christos Faloutsos, Jerry Kiernan, Ralf Rantzau, Ramakrishnan Srikant
We introduce an auditing framework for determining
whether a database system is adhering to its
data disclosure policies. Users formulate audit expressions
to specify the (sensitive) data subject to
disclosure review. An audit component accepts
audit expressions and returns all queries (deemed
“suspicious”) that accessed the specified data during
their execution.
The overhead of our approach on query processing
is small, involving primarily the logging of each
query string along with other minor annotations.
Database triggers are used to capture updates in
a backlog database. At the time of audit, a static
analysis phase selects a subset of logged queries
for further analysis. These queries are combined
and transformed into an SQL audit query, which
when run against the backlog database, identifies
the suspicious queries efficiently and precisely.
We describe the algorithms and data structures
used in a DB2-based implementation of this
framework. Experimental results reinforce our design
choices and show the practicality of the approach.