Adapted from Afyouni, Database Security and Auditing Database Application Auditing – Ch. 8

Adapted from Afyouni, Database Security and Auditing

Database Application Auditing – Ch. 8


DML Action Auditing Architecture

• Data Manipulation Language (DML): companies use auditing architecture for DML changes

• DML changes can be performed on two levels:– Row level– Column level

• Fine-grained auditing (FGA)


DML Action Auditing (cont.)


DML Action Auditing (cont.)


Oracle Triggers

• Stored PL/SQL procedure executed whenever:– DML operation occurs – Specific database event occurs

• DML events (trigger timings): INSERT, UPDATE, and DELETE

• Purposes:– Audits, controlling invalid data– Implementing business rules, generating

values


Oracle Triggers (continued)


Oracle Triggers (continued)

• CREATE TRIGGER• Executed in a specific order:

– BEFORE triggers before AFTER triggers• USER_TRIGGERS data dictionary view: all

triggers created on a table• A table can have unlimited triggers: do

not overuse them


SQL Server Triggers

• Restrictions—Transact-SQL statements not allowed in Triggers:– ALTER and CREATE DATABASE– DISK INIT and DISK RESIZE– DROP DATABASE and LOAD DATABASE– LOAD LOG– RECONFIGURE– RESTORE DATABASE– RESTORE LOG


Historical Model with SQL Server

• Create a history table:– Same structure as original table– HISTORY_ID column

• Create a trigger: inserts original row into the HISTORY table


Oracle Fine-grained Auditing (FGA)

• Oracle provides column-level auditing: Oracle PL/SQL-supplied package DBMS_FGA

• DBMS_FGA procedures:– ADD_POLICY– DISABLE_POLICY– DROP_POLICY– ENABLE_POLICY



• ADD_POLICY parameters:– OBJECT_SCHEMA– OBJECT_NAME– POLICY_NAME– AUDIT_CONDITION– AUDIT_COLUMN– HANDLER_SCHEMA (user name that owns the

procedure that is used as the event handler. NULL indicates current schema).



• ADD_POLICY parameters (continued):– HANDLER_MODULE– ENABLE– STATEMENT_TYPES

• DBA_FGA_AUDIT_TRAIL: view the audit trail of the DML activities



• Record data changes on the table:– Name of the person making the change– Date of the change– Time of the change

• Before or after value of the columns are not recorded





• Steps:– Use any user other than SYSTEM or

SYS; with privileges to create tables, sequences, and triggers

– Create the auditing table– Create a sequence object– Create the trigger that will record DML

operations– Test your implementation


History Auditing Model w/ Oracle

• Historical data auditing is simple to implement; main components are TRIGGER objects and TABLE objects

• Keeps record of:– Date and time the copy of the record was

captured– Type of operation applied to the record



• Steps:– Use any user other than SYSTEM or SYS;

with privileges to create tables, sequences, and triggers

– Create history table– Create the trigger to track changes and

record all the values of the columns– Test your implementation



• Simple Auditing Model 1• Flag users, tables, or columns for auditing• Requires less database administrative skills:

– Application administrators can do it– User interface is built in top of the

repository• Auditing flags are flexible• Does not record before or after column

values; only registers type of DML operations

• Cronological record of all activities.


DML Auditing Using Repository with Oracle (Simple 1)

• Steps:– Use any user other than SYSTEM or SYS– Create triggers– Create sequence object– Build tables to use for applications– Populate application tables– Populate auditing repository with

metadata– Create the stored package to be used

with the trigger– Create triggers for application tables– Test your implementation



• Simple Auditing Model 2: requires a higher level of expertise in PL/SQL

• Stores two types of data:– Audit data: value before or after a DML

statement– Audit table: name of the tables to be

audited

Records only column value changes.



• Steps:– Use any user other than SYSTEM or SYS;

with privileges to create tables, and triggers

– Create the auditing repository– Establish a foreign key in AUDIT_DATA

table referencing AUDIT_TABLE table– Create a sequence object– Create the application schema



• Steps (continued):– Add data to tables– A stored PL/SQL package will be used for

auditing within the triggers– Create triggers for audited tables– Add auditing metadata– Test your implementation


Auditing Application Errors with Oracle

• Application errors must be recorded for further analysis

• Business requirements mandate to keep an audit trail of all application errors

• Materials:– Repository consisting of one table– Methodology for your application


Auditing Application Errors with Oracle (continued)

• Steps:– Select any user other than SYSTEM or

SYS; with privileges to create tables, and procedures

– Populate tables– Create the ERROR table– Create a stored package to perform the

UPDATE statement– Test your implementation: perform and

update using the CREATE package


Oracle PL/SQL Procedure Authorization

• Oracle PL/SQL stored procedures are the mainstay of implementing business rules

• Security modes: – Invoker rights: procedure is executed

using security credentials of the caller– Definer rights: procedure is executed

using security credentials of the owner


Oracle PL/SQL Procedure Authorization

• Steps:– Create a new user– Select a user with CREATE TABLE and

PROCEDURE privileges– Populate tables– Create stored procedure to select rows in

a table– Grant EXECUTE privileges on new

procedure– Log on as the new user and query the

table– Execute procedure


Summary

• Primary purposes: validate authorization and authentication

• Two approaches for DML auditing:– Set up an audit trail for DML activities– Register all column values before or after

the DML statement (column-level auditing)

• Fine-grained auditing (Oracle)• Triggers:

– Stored PL/SQL procedure automatically executed

• USER_TRIGGERS data dictionary view: shows all triggers

• FGA allows generation of audit trail of DML activities


Summary

• Server Security • Database Connections • Table Access Control • Restricting Database Access


Summary (continued)

• FGA is capable of auditing columns or tables; Oracle PL/SQL-supplied package DBMS_FGA

• PL/SQL stored procedures security modes:– Invoker rights– Definer rights

• SQL Server 2000:– CREATE TRIGGER DDL statement– Conditional functions: UPDATE() and

COLUMNS_UPDATED()


Summary

• Evaluate your purpose for auditing • Audit only pertinent actions • Archive audit records and purge audit trail

• Automated Solutions– Triggers– FGA (Oracle)

Documents

Adapted from Afyouni, Database Security and Auditing Database Application Auditing – Ch. 8