Secure DBMS Auditor

Abstract

This report describes a study conducted in the area of auditing for trusted database management systems (TDBMS). Initially, a state-of-the-art survey was conducted to examine approaches to auditing in commercial TDBMS products and prototype TDBMS efforts. Some of the initial findings of this study based upon the extensive state-of-the-art survey include: (1) the objectives of auditing and the data of greatest value for auditing appear highly dependent upon the TDBMS application, security policy and environmental threats, (2) little evidence was found to corroborate the assumption that audit information collected by currently available operating systems is actually of use to auditors interested in the actions of database users, (3) to permit meaningful audit analysis, it may be necessary to be able to collect and correlate audit data from a number of different stages in the processing of a query, (4) intrusion detection technology may be a fruitful topic for future research, and (5) the audit system should be examined, in detail, concerning the credibility of what it records its log. Keywords: Multilevel security, Computer security, Auditing, Prototyping.

Document Details

Document Type

Technical Report

Publication Date

Jul 01, 1990

Accession Number

ADA225528

Entities

Tags