AUDIT OF CHANGES TO SQL SERVERDATABASE TABLES

Authors

DOI:

https://doi.org/10.18372/2410-7840.23.15432

Keywords:

database, program-driven data protection, registration and audit, cancelation of unwanted changes in the database

Abstract

The registration and audit subsystemis an inalienable
component of information systems. All modern DBMS
have the ability to register and process information about
performedoperations. SQL Server since version 2008 has
the ability to define an audit specification [1] at the server
or database level. However, the data from the system
audit does not consider the requirements of theinformation system’s business model. It becomes necessary to
customize the registration process considering the specifics of the subject area. In addition, the most important
task of database protection is to ensure data integrity. In
modern complex IS a number of tables must be protected
from unwanted change operations (inserts, updates and
deletions). Audit data can be used to cancel such unwanted actions. In this case, there is not enough information
in the system logs. This article discusses an approach to
solving the audit of changes to DB tables problem in
order to prevent unwanted data changes. This approach is
implemented in the form of a methodology of creating
database objects with the help of which user actions are
registered and unwanted changes can be canceled. To
solve the problem of user actions registration it is proposed to use a separate database schema for audit, a special audit table and triggers of the DB information tables.SQL procedures are proposed for unwanted changes
cancellation. The software implementation that makes it
possible to use it as part of automated DB protection is
given for each stage of methodology.

References

SQL Server [Електронний ресурс] – Режим доступу до ресурсу: https://docs.microsoft.com/en-us/pre vious-versions/sql/sql-server-2008/dd392015 (v=sql. 100)?redirecte dfrom=MSDN.

SQL_Server [Електронний ресурс] – Режим доступу до ресурсу: https://docs.microsoft.com/en-us/pre vious-versions/sql/sql-erver08/dd283095(v=sql.100)

?redirected from=MSDN.

Security [Електронний ресурс] – Режим доступу до ресурсу: https://docs.microsoft.com/en-us/sql/rela tional-databases/security/contained-database-users-making-your-database-portable?view=sql-server-ver 15.

SQL Server [Електронний ресурс] – Режим доступу до ресурсу: https://docs.microsoft.com/en-us/sql/ t-sql/statements/create-role-transact-sql?view=sql-se rver-ver15.

Audit_triggers [Електронний ресурс] – Режим до-ступу до ресурсу:https://github.com/ForAudit/ SQLaudit/blob/master/Audit_triggers_proc.sql.

Downloads

Published

2023-02-28

How to Cite

Kolomytsev , M., & Nosok, S. (2023). AUDIT OF CHANGES TO SQL SERVERDATABASE TABLES. Ukrainian Information Security Research Journal, 23(1), 25–30. https://doi.org/10.18372/2410-7840.23.15432

Issue

Vol. 23 No. 1 (2021)

Section

Articles

License

The scientific journal adheres to the principles of Open Access and provides free, immediate, and permanent access to all published materials without financial, technical, or legal barriers for readers.

All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.

Copyright

Authors who publish their works in the journal:

  • retain the copyright to their publications;

  • grant the journal the right of first publication of the article;

  • agree to the distribution of their materials under the CC BY 4.0 license;

  • have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.