Synonyms
Definition
The goal of database auditing is to retain a secure record of database operations that can be used to verify compliance with desired security policies, to trace policy violations, or to detect anomalous patterns of access. An audit log can contain the authorization ID and time stamp of read and write operations in the database, as well as a record of server connections, login attempts and authorization changes. Government and institutional regulations for the management of sensitive information often require auditing of data disclosure and data modification.
Database forensicsis the analysis of the state of a database system to validate hypotheses about past events that are relevant to an alleged crime or violation of policy. Evidence supporting a forensic analysis may be found in an audit log (if available) but may also be recovered from any other component of a database system including table storage, the transaction log, temporary...
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Recommended Reading
Adam N.R. and Wortmann J.C. Security-control methods for statistical databases: A comparative study. ACM Comput. Surv., 21(4):515–556, 1989.
Agrawal R., Bayardo R.J., Faloutsos C., Kiernan J., Rantzau R., and Srikant R. Auditing compliance with a hippocratic database. In Proc. 30th Int. Conf. on Very Large Data Bases, 2004, pp. 516–527.
Ammann P., Jajodia S., and Liu P. Recovery from malicious transactions. IEEE Trans, Knowl. Data Eng., 14(5):1167–1185, 2002.
Castano S., Fugini M.G., Martella G., and Samarati P. Database security. ACM/Addison-Wesley, New York, NY, USA, 1994.
Jensen C.S., Mark L., and Roussopoulos N. Incremental implementation model for relational databases with transaction time. IEEE Trans. Knowl. Data Eng., 3(4):461–473, 1991.
Lomet D., Vagena Z., and Barga R. Recovery from “bad” user transactions. In Proc. ACM SIGMOD Int. Conf. on Management of Data, 2006, pp. 337–346.
Snodgrass R.T. and Collberg C.S. The τ-BerkeleyDB temporal subsystem. Available at www.cs.arizona.edu/tau/tbdb/.
Snodgrass R.T. and Collberg C.S. The τ-MySQL transaction time support. Available at www.cs.arizona.edu/tau/tmysql.
Stahlberg P., Miklau G., and Levine B. Threats to privacy in the forensic analysis of database systems. In Proc. ACM SIGMOD Int. Conf. on Management of Data, 2007, pp. 91–102.
Waters B., Balfanz D., Durfee G., and Smetters D. Building an encrypted and searchable audit log. In Proc. Network and Dist. Syst. Security Symp., 2004, pp. 91–102.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer Science+Business Media, LLC
About this entry
Cite this entry
Levine, B., Miklau, G. (2009). Auditing and Forensic Analysis. In: LIU, L., ÖZSU, M.T. (eds) Encyclopedia of Database Systems. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-39940-9_30
Download citation
DOI: https://doi.org/10.1007/978-0-387-39940-9_30
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-35544-3
Online ISBN: 978-0-387-39940-9
eBook Packages: Computer ScienceReference Module Computer Science and Engineering