Presentation is loading. Please wait.

Presentation is loading. Please wait.

Adapted from Afyouni, Database Security and Auditing Database Application Auditing – Ch. 8.

Published byDarren McGee Modified over 8 years ago

Similar presentations

Presentation on theme: "Adapted from Afyouni, Database Security and Auditing Database Application Auditing – Ch. 8."— Presentation transcript:

1 Adapted from Afyouni, Database Security and Auditing Database Application Auditing – Ch. 8

2 Adapted from Afyouni, Database Security and Auditing DML Action Auditing Architecture Data Manipulation Language (DML): companies use auditing architecture for DML changes DML changes can be performed on two levels: –Row level –Column level Fine-grained auditing (FGA)

3 Adapted from Afyouni, Database Security and Auditing DML Action Auditing (cont.)

4 Adapted from Afyouni, Database Security and Auditing DML Action Auditing (cont.)

5 Adapted from Afyouni, Database Security and Auditing Oracle Triggers Stored PL/SQL procedure executed whenever: –DML operation occurs –Specific database event occurs DML events (trigger timings): INSERT, UPDATE, and DELETE Purposes: –Audits, controlling invalid data –Implementing business rules, generating values

6 Adapted from Afyouni, Database Security and Auditing Oracle Triggers (continued)

7 Adapted from Afyouni, Database Security and Auditing Oracle Triggers (continued) CREATE TRIGGER Executed in a specific order: –BEFORE triggers before AFTER triggers USER_TRIGGERS data dictionary view: all triggers created on a table A table can have unlimited triggers: do not overuse them

8 Adapted from Afyouni, Database Security and Auditing SQL Server Triggers Restrictions—Transact-SQL statements not allowed in Triggers: –ALTER and CREATE DATABASE –DISK INIT and DISK RESIZE –DROP DATABASE and LOAD DATABASE –LOAD LOG –RECONFIGURE –RESTORE DATABASE –RESTORE LOG

9 Adapted from Afyouni, Database Security and Auditing Historical Model with SQL Server Create a history table: –Same structure as original table –HISTORY_ID column Create a trigger: inserts original row into the HISTORY table

10 Adapted from Afyouni, Database Security and Auditing Oracle Fine-grained Auditing (FGA) Oracle provides column-level auditing: Oracle PL/SQL-supplied package DBMS_FGA DBMS_FGA procedures: –ADD_POLICY –DISABLE_POLICY –DROP_POLICY –ENABLE_POLICY

11 Adapted from Afyouni, Database Security and Auditing Oracle Fine-grained Auditing (FGA) ADD_POLICY parameters: –OBJECT_SCHEMA –OBJECT_NAME –POLICY_NAME –AUDIT_CONDITION –AUDIT_COLUMN –HANDLER_SCHEMA (user name that owns the procedure that is used as the event handler. NULL indicates current schema).

12 Adapted from Afyouni, Database Security and Auditing Oracle Fine-grained Auditing (FGA) ADD_POLICY parameters (continued): –HANDLER_MODULE –ENABLE –STATEMENT_TYPES DBA_FGA_AUDIT_TRAIL: view the audit trail of the DML activities

13 Adapted from Afyouni, Database Security and Auditing Oracle Fine-grained Auditing (FGA) Record data changes on the table: –Name of the person making the change –Date of the change –Time of the change Before or after value of the columns are not recorded

14 Adapted from Afyouni, Database Security and Auditing Oracle Fine-grained Auditing (FGA)

15 Adapted from Afyouni, Database Security and Auditing Oracle Fine-grained Auditing (FGA) Steps: –Use any user other than SYSTEM or SYS; with privileges to create tables, sequences, and triggers –Create the auditing table –Create a sequence object –Create the trigger that will record DML operations –Test your implementation

16 Adapted from Afyouni, Database Security and Auditing History Auditing Model w/ Oracle Historical data auditing is simple to implement; main components are TRIGGER objects and TABLE objects Keeps record of: –Date and time the copy of the record was captured –Type of operation applied to the record

17 Adapted from Afyouni, Database Security and Auditing History Auditing Model w/ Oracle Steps: –Use any user other than SYSTEM or SYS; with privileges to create tables, sequences, and triggers –Create history table –Create the trigger to track changes and record all the values of the columns –Test your implementation

18 Adapted from Afyouni, Database Security and Auditing History Auditing Model w/ Oracle Simple Auditing Model 1 Flag users, tables, or columns for auditing Requires less database administrative skills: –Application administrators can do it –User interface is built in top of the repository Auditing flags are flexible Does not record before or after column values; only registers type of DML operations Cronological record of all activities.

19 Adapted from Afyouni, Database Security and Auditing DML Auditing Using Repository with Oracle (Simple 1) Steps: –Use any user other than SYSTEM or SYS –Create triggers –Create sequence object –Build tables to use for applications –Populate application tables –Populate auditing repository with metadata –Create the stored package to be used with the trigger –Create triggers for application tables –Test your implementation

20 Adapted from Afyouni, Database Security and Auditing DML Auditing Using Repository with Oracle (Simple 2) Simple Auditing Model 2: requires a higher level of expertise in PL/SQL Stores two types of data: –Audit data: value before or after a DML statement –Audit table: name of the tables to be audited Records only column value changes.

21 Adapted from Afyouni, Database Security and Auditing DML Auditing Using Repository with Oracle (Simple 2) Steps: –Use any user other than SYSTEM or SYS; with privileges to create tables, and triggers –Create the auditing repository –Establish a foreign key in AUDIT_DATA table referencing AUDIT_TABLE table –Create a sequence object –Create the application schema

22 Adapted from Afyouni, Database Security and Auditing DML Auditing Using Repository with Oracle (Simple 2) Steps (continued): –Add data to tables –A stored PL/SQL package will be used for auditing within the triggers –Create triggers for audited tables –Add auditing metadata –Test your implementation

23 Adapted from Afyouni, Database Security and Auditing Auditing Application Errors with Oracle Application errors must be recorded for further analysis Business requirements mandate to keep an audit trail of all application errors Materials: –Repository consisting of one table –Methodology for your application

24 Adapted from Afyouni, Database Security and Auditing Auditing Application Errors with Oracle (continued) Steps: –Select any user other than SYSTEM or SYS; with privileges to create tables, and procedures –Populate tables –Create the ERROR table –Create a stored package to perform the UPDATE statement –Test your implementation: perform and update using the CREATE package

25 Adapted from Afyouni, Database Security and Auditing Oracle PL/SQL Procedure Authorization Oracle PL/SQL stored procedures are the mainstay of implementing business rules Security modes: –Invoker rights: procedure is executed using security credentials of the caller –Definer rights: procedure is executed using security credentials of the owner

26 Adapted from Afyouni, Database Security and Auditing Oracle PL/SQL Procedure Authorization Steps: –Create a new user –Select a user with CREATE TABLE and PROCEDURE privileges –Populate tables –Create stored procedure to select rows in a table –Grant EXECUTE privileges on new procedure –Log on as the new user and query the table –Execute procedure

27 Adapted from Afyouni, Database Security and Auditing Summary Primary purposes: validate authorization and authentication Two approaches for DML auditing: –Set up an audit trail for DML activities –Register all column values before or after the DML statement (column-level auditing) Fine-grained auditing (Oracle) Triggers: –Stored PL/SQL procedure automatically executed USER_TRIGGERS data dictionary view: shows all triggers FGA allows generation of audit trail of DML activities

28 Adapted from Afyouni, Database Security and Auditing Summary Server Security Database Connections Table Access Control Restricting Database Access

29 Adapted from Afyouni, Database Security and Auditing Summary (continued) FGA is capable of auditing columns or tables; Oracle PL/SQL-supplied package DBMS_FGA PL/SQL stored procedures security modes: –Invoker rights –Definer rights SQL Server 2000: –CREATE TRIGGER DDL statement –Conditional functions: UPDATE() and COLUMNS_UPDATED()

30 Adapted from Afyouni, Database Security and Auditing Summary Evaluate your purpose for auditing Audit only pertinent actions Archive audit records and purge audit trail Automated Solutions –Triggers –FGA (Oracle)

Download ppt "Adapted from Afyouni, Database Security and Auditing Database Application Auditing – Ch. 8."

Similar presentations

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.
Accounting System Design

Accounting System Design
Chapter 9 Auditing Database Activities

Chapter 9 Auditing Database Activities
Introduction to Structured Query Language (SQL)

Introduction to Structured Query Language (SQL)
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
A Guide to Oracle9i1 Advanced SQL And PL/SQL Topics Chapter 9.

A Guide to Oracle9i1 Advanced SQL And PL/SQL Topics Chapter 9.
Fundamentals, Design, and Implementation, 9/e Chapter 7 Using SQL in Applications.

Fundamentals, Design, and Implementation, 9/e Chapter 7 Using SQL in Applications.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
10 Copyright © 2005, Oracle. All rights reserved. Implementing Oracle Database Security.

10 Copyright © 2005, Oracle. All rights reserved. Implementing Oracle Database Security.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Adapted from Afyouni, Database Security and Auditing DB Auditing Examples (Ch. 9) Dr. Mario Guimaraes.

Adapted from Afyouni, Database Security and Auditing DB Auditing Examples (Ch. 9) Dr. Mario Guimaraes.
Advance Computer Programming Java Database Connectivity (JDBC) – In order to connect a Java application to a database, you need to use a JDBC driver. –

Advance Computer Programming Java Database Connectivity (JDBC) – In order to connect a Java application to a database, you need to use a JDBC driver. –
11 Copyright © 2004, Oracle. All rights reserved. Oracle Database Security.

11 Copyright © 2004, Oracle. All rights reserved. Oracle Database Security.
Project Implementation for COSC 5050 Distributed Database Applications Lab2.

Project Implementation for COSC 5050 Distributed Database Applications Lab2.
Chapter 101. 2 Oracle Server An Oracle Server consists of an Oracle database (stored data, control and log files.) The Server will support SQL to define.

Chapter Oracle Server An Oracle Server consists of an Oracle database (stored data, control and log files.) The Server will support SQL to define.
By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.

By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.
CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.

CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.

Similar presentations

Ads by Google