Government regulations and increased awareness of security issues have increased the auditing requirements of information technology systems. The goal of an auditing system is to determine if security and other policies are being violated. It provides the way to detect intrusions into the system, including privileged users and also provide periodic report of system usage and data modifications. Auditing can also be used to detect and recover database systems in case of system failure or human errors. Thus auditing is a key part of the security infrastructure in a database system. While commercial database systems provide mechanisms such as triggers that can be used to track and log any changes made to “sensitive” data using UPDATE queries, they are not useful for tracking accesses to sensitive data using complex SQL queries, which is important for many applications given recent laws such as HIPAA. This paper focuses on a framework for auditing queries and several different notions of suspiciousness for simple SQL queries. It also focuses on notion of SELECT triggers that extends triggers to work for SELECT queries in order to facilitate data auditing.
Keywords
Data auditing, SQL query auditing, SELECT Triggers.
