Auditing and Forensic Analysis
The goal of database auditing is to retain a secure record of database operations that can be used to verify compliance with desired security policies, to trace policy violations, or to detect anomalous patterns of access. An audit log can contain the authorization ID and time stamp of read and write operations in the database, as well as a record of server connections, login attempts and authorization changes. Government and institutional regulations for the management of sensitive information often require auditing of data disclosure and data modification.
Database forensicsis the analysis of the state of a database system to validate hypotheses about past events that are relevant to an alleged crime or violation of policy. Evidence supporting a forensic analysis may be found in an audit log (if available) but may also be recovered from any other component of a database system including table storage, the transaction log, temporary...
- 6.Lomet D, Vagena Z, Barga R. Recovery from “bad” user transactions. In: Proceedings of the ACM SIGMOD International Conference on Management of Data; 2006. p. 337–46.Google Scholar
- 7.Snodgrass RT, Collberg CS. The τ-BerkeleyDB temporal subsystem. Available at www.cs.arizona.edu/tau/tbdb/
- 8.Snodgrass RT, Collberg CS. The τ-MySQL transaction time support. Available at www.cs.arizona.edu/tau/tmysql
- 9.Stahlberg P, Miklau G, Levine B. Threats to privacy in the forensic analysis of database systems. In: Proceedings of the ACM SIGMOD International Conference on Management of Data; 2007. p. 91–102.Google Scholar
- 10.Waters B, Balfanz D, Durfee G, Smetters D. Building an encrypted and searchable audit log. In: Proceedings of the Network and Distributed System Security Symposium; 2004. p. 91–102.Google Scholar