Generalized Audit Trail Requirements and Concepts for Data Base Applications

a data base audit trail. It is defined here to be a generalized recording of " who did what to whom, when, and in what sequence. " This information is to be used to satisfy system integrity, recovery, auditing, and security requirements of advanced integrated data baseldata communications systems. This paper hypothesizes what information must be retained in the audit trail to permit recovery and audit later in time and a scheme of organizing the contents of the audit trail so as to provide the required functions at minimum overhead. Introduced are the concepts of types of audit required, DBlDC audit assumptions, time domain addressing, time sequences required to support versions of data, what constitutes an audit trail, and implementation considerations. Auditing of a data base/data communication (D B ~ D C) application is defined as the act of monitoring the application for compliance with accounting rules and practices. Auditing an application is essentially certifying the integrity of the system by verifying that rules and policies dictated by laws, business agreements, etc., are being followed by the application. There are three basic objects of interest for audit in a DB/DC environment, namely: The user-who entered what data from what terminal, etc. The program-on a given execution of a program what version was used, what branches were taken under what conditions, etc. The data-what was a particular field value before a specific transaction updated it and what was its value after update. These objects and their interactions are usually identified as being within a common boundary for each invocation of the program. This common boundary is identified by a transaction name which usually serves multiple purposes within the system such as scheduling, recovery (backout), and auditing.'