1. Field of the Invention
Embodiments of the invention are related to computer databases. More specifically, embodiments of the invention are related to an abstraction based audit and security model that provides increased role and security enforcement for database log files.
2. Description of the Related Art
Auditing, tracking, and monitoring use of computer systems is crucial for computer systems used to capture, store, and manage sensitive data. Knowledgeable administrators frequently need to review audit logs and monitor user actions in order to keep a system running smoothly and allow end users to perform their day to day tasks.
Historically, administrators have been the ‘trusted ones’ and have frequently been given unfettered access to any information related to the function or operations of a computing environment. For example, a database administrator may have access to all of the data stored in a database managed by the administrator, as well as any information captured in log files. While security requirements are strictly enforced on the end users of a database system, the administrator often needs to be able to “peek behind the curtain” in order to monitor system operations and to resolve any issues that may arise. The need for complete trust in the system administrator, however, exposes an organization to undesirable risks. For example, in the medical field, inappropriate disclosure of an individual's medical records may permanently damage the reputation of an organization, as well as potentially expose the organization to civil and criminal liability. Similarly, inappropriate disclosure or misuse of financial records may lead to all kinds of mischief.
At the same time, however, auditing has to be done. A record of what has been done to a system (e.g., a database), what users have seen/accessed what data records, etc., needs to be available. That is, database logs are frequently required to ensure accountability for user actions as well as for managing system performance issues. From a database administrator's perspective, the data that should be tracked usually includes what users have executed what queries and what data points were returned in the results. Typically this information is stored in log files as textual output directly into a log or into other database records.
Storing this information in a log file creates an avenue for unwanted information compromise, both from the outside an organization (e.g., unauthorized access to the log file) as well as from within (e.g., misuse of information by users with authorized access to the log file). Put simply, an organization should not have to leave the security of sensitive data in database log files up to the trust placed in the administrator, and storing this information in a text-based log file may create unacceptable risks for sensitive data maintained by medical, research, financial, legal, and other types of organizations.
Accordingly, as the foregoing discussion demonstrates, there remains a need in the art for security mechanisms to protect sensitive data in system log files without unduly disrupting the ability of a system administrator from maintaining a running database system.