Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Extreme Blue Eunomia HDB Compliance Auditing System Architecture © 2004 IBM Corporation Extreme Blue Eunomia system overview Two components: Component 1: the logging tool will record the extra information necessary to determine “who accessed which data?” Component 2: the audit tool will retrieve this information from the logs to answer questions about data access. Eunomia Compliance Auditing | System Architecture © 2004 IBM Corporation Extreme Blue Eunomia system overview Requests for Personal Information Chief Privacy Officer Enterprise Application Audit Tool Eunomia Interface Log Retrieval API DB2 Eunomia Compliance Auditing | System Architecture © 2004 IBM Corporation Extreme Blue Piece 1: The Logging Tool Eunomia Compliance Auditing | System Architecture © 2004 IBM Corporation Extreme Blue Overview of logging from 50,000 feet Before: Enterprise Application After: Enterprise Application DB2 Driver API JDBC Eunomia Interface JDBC DB2 Eunomia Compliance Auditing | System Architecture DB2 © 2004 IBM Corporation Extreme Blue Overview of logging from 50,000 feet We want to: minimize overhead of storing extra logging information defer as much computation expense as possible Eunomia Compliance Auditing | System Architecture © 2004 IBM Corporation Extreme Blue Overview of logging from 50,000 feet Solution: query logs – record all queries for data transaction log – record all changes to data in the database in shadow tables at audit time, calculate from the shadow tables which information was accessed by which queries Eunomia Compliance Auditing | System Architecture © 2004 IBM Corporation Extreme Blue Overview of query logging Enterprise Application Query Handler Write Log JDBC Interface Query Query Logs Eunomia Compliance Auditing | System Architecture Data © 2004 IBM Corporation Extreme Blue Overview of backlogging Personal Information Tables Triggers on Update, Insert, and Delete Shadow Tables Shadow tables maintain a temporal log of all information stored in the actual data tables. Suppose you want to know what the database looked like at a certain point in time. First select the set of records that have an earlier timestamp than your desired date From that set, then select the set of records that have the latest timestamp. Eunomia Compliance Auditing | System Architecture © 2004 IBM Corporation Extreme Blue PACT configuration wizard an automated tool for configuring a database to support logging a database administrator can specify a database connection which the wizard will analyze the wizard will generate and execute the SQL necessary to augment the existing database tables Eunomia Compliance Auditing | System Architecture © 2004 IBM Corporation Extreme Blue Eunomia configuration wizard prompt admin for database settings analyze database tables create shadow tables populate shadow tables with current table information create query log table Eunomia Compliance Auditing | System Architecture © 2004 IBM Corporation Extreme Blue Overview of logging from 1000 feet Logs Applications DBA PACT Driver Eunomia Configuration Tool Data Tables Triggers Shadow Tables Audit Tools CPO Eunomia Compliance Auditing | System Architecture © 2004 IBM Corporation Extreme Blue Overview of logging from 100 feet DBA Doctor Applications query and query results Pact Configuration Wizard Eunomia Interface JSP/GUI Interface JDBC Interface Log Setup BacklogSQLGenerator query record JDBC Interface setup query logs setup backlogs read schema Logs Data Eunomia Compliance Auditing | System Architecture Triggers Shadow Tables © 2004 IBM Corporation Extreme Blue Piece 2: The Audit Tool Eunomia Compliance Auditing | System Architecture © 2004 IBM Corporation Extreme Blue Overview of auditing from 50,000 feet Logs Shadow Tables Log Retrieval API Audit Tool Eunomia Compliance Auditing | System Architecture © 2004 IBM Corporation Extreme Blue Overview of auditing from 50,000 feet Auditing tools only care about questions like “What information was accessed by doctor X on date Y, in response to query Z.” The auditing tools would love to have the log data in the following format: Query select * from patients select * from patients select * from patients Date 2/1/2004 2/1/2004 2/1/2004 Requester Dr. Haas Dr. Haas Dr. Haas Fields Accessed record 7->name record 7->age record 7->SSN Data Returned Joseph Laws 20 123-45-6789 Note – table is just a quick illustration of how the auditing tools would like to get at the data. Don’t nit-pick it. Unfortunately, processing all of the query log and backlog data to put it in this format is computationally expensive. Instead, it is necessary to process the data on the fly using a SQL query rewrite engine. This layer of complexity is hidden within the “Log Retrieval API,” which will translate the data from the log format, to the format the audit tools want to use it in. Eunomia Compliance Auditing | System Architecture © 2004 IBM Corporation Extreme Blue Overview of auditing from 1000 feet Logs Shadow Tables JDBC and SQL Log Retrieval Layer SQL Rewrite Engine Request Processor Result Processor Log Retrieval API Audit Application Tools For Viewing Logs Eunomia Compliance Auditing | System Architecture Tools for Comparing Logs Against Privacy Policies © 2004 IBM Corporation Extreme Blue Queries and Query Sets An auditor may want to retrieve a set of queries, and then process and analyze the queries in a number of ways We will create “Query” objects and Query Sets, which will represent the query information retrieved from the database. This will eliminate repeat computation when someone wants to process a set of queries in multiple ways. Eunomia Compliance Auditing | System Architecture © 2004 IBM Corporation Extreme Blue Queries and Query Sets Database JDBC: SQL and ResultSet Objects Log Retrieval API Query and QuerySet Objects Audit Tool Eunomia Compliance Auditing | System Architecture © 2004 IBM Corporation