Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
2000-08-08
2004-04-20
Choules, Jack M. (Department: 2177)
Data processing: database and file management or data structures
Database design
Data structure types
C714S020000
Reexamination Certificate
active
06725240
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Technical Field
The present invention relates to an improved data processing system and, in particular, to a method and apparatus for managing audit logs in a data processing system. Still more particularly, the present invention provides a method and apparatus for creating and verifying audit logs in a relational database without compromising the ability to detect data tampering in a data processing system.
2. Description of Related Art
Audit logs have long been used to keep permanent records of events. The audit log can be used at some future date to reconstruct events that happened in the past. This reconstruction might be required for legal, accounting, or security purposes or for recovery after a disaster.
Audit logs are more useful if the entries can be authenticated in some way. In paper systems, the physical log itself enforces this authentication. However, modern audit logs are often kept in digital files within a computer system. Such computer audit logs differ from paper documents in that they can be more easily modified undetectably. For example, it is easy to add, delete, or modify individual entries within an audit log in a computer system in such a way that the changes will go undetected. In fact, many computer hackers who break into computer systems take specific actions to modify the audit logs to erase all traces of their actions.
Computer security manufacturers have responded to this threat in several ways. One is to force the audit log to be continuously printed out on paper. Variants of this technique involve writing the audit log to a non-erasable medium, such as a CD-ROM. Another approach uses conventional computer security techniques to guard the audit log files. Such techniques include hiding and encrypting the log files or requiring special permissions to write to them. These techniques work well in some applications—most notably when the audit log is stored on a shared computer and the malicious person trying to modify the audit log does not have full permissions on that computer—but are not without their disadvantages. For example, clever hackers can often figure out ways around the computer security techniques and make changes to the audit log.
A common implementation approach for audit subsystems is to store audit records in a flat file. Such solutions are limited in terms of scalability, transaction support, sophisticated query capabilities, and recovery. Furthermore, they are not amenable to supporting on-line integrity checking or on-line archiving.
Therefore, it would be advantageous to have an improved method and apparatus for protecting against data tampering of audit logs.
SUMMARY OF THE INVENTION
The present invention solves the problems associated with the prior art by storing audit records in a relational database comprising a primary audit log table, auxiliary tables, and a system table. Audit record level protection is achieved by including an integrity column in every audit record and by assigning a unique identifier, such as a serial number, to each audit record. System level protection is achieved by maintaining serial number range and integrity information in the system table. The present invention provides for detection of unauthorized row modification, deletion, or insertion, and incorporates extra measures to protect against administrator attacks. Using the serial number range in the system table, a snapshot may be taken of the audit log to enable integrity checking and audit log archiving without having to suspend or bring down the audit subsystem.
REFERENCES:
patent: 5032979 (1991-07-01), Hecht et al.
patent: 5412801 (1995-05-01), de Remer et al.
patent: 5485608 (1996-01-01), Lomet et al.
patent: 5561795 (1996-10-01), Sarkar
patent: 5625815 (1997-04-01), Maier et al.
patent: 5689243 (1997-11-01), Bianco
patent: 5737600 (1998-04-01), Geiner et al.
patent: 5740433 (1998-04-01), Carr et al.
patent: 5799308 (1998-08-01), Dixon
patent: 5812669 (1998-09-01), Jenkins et al.
patent: 5862318 (1999-01-01), Habben
patent: 5864665 (1999-01-01), Tran
patent: 5872844 (1999-02-01), Yacobi
patent: 5877961 (1999-03-01), Moore
patent: 5903652 (1999-05-01), Mital
patent: 5951695 (1999-09-01), Kolovson
patent: 5956404 (1999-09-01), Schneier et al.
patent: 5970143 (1999-10-01), Schneier et al.
patent: 5978475 (1999-11-01), Schneier et al.
patent: 6014673 (2000-01-01), Davis et al.
patent: 6134664 (2000-10-01), Walker
patent: 6161198 (2000-12-01), Hill et al.
“Secure Audit Logs to Support Computer Forensics”, Bruce Schneier and John Kelsey, May 1999, ACM Transactions on Information and System Security, vol. 2, No. 2, pp. 159-176.*
“A Classification-based Methodology for Planning Audit Strategies in Fraud Detection”, F. Bonchi, F. Giannotti, G. Mainetto, D. Pedreschi, 1999, ACM, pp. 175-184.*
“Secure Audit Logs to Support Computer Forensics”, Bruce Schneier and John Kelsey, May 1999, ACM Transactions on Information and System Security, vol. 1, No. 2, pp. 159-176.*
“A Classification-based Methodology for Planning Audit Strategies in Fraud Detection”, F. Bonchi, F. Giannotti, G. Mainetto, D. Pedreschi, 1999, ACM, pp. 175-184.*
“A Data Mining Framework for Buidling Intrusion Detection Models”. Wenke Lee, Salvatore J. Stolfo, Kui W. Mok. Security and Privacy, 1999. Proceedings of the 1999 IEEE Symposium on, 1999. pp.: 120-132.
Asad Khalid A.
Samuel Subodh A.
Carstens Yee & Cahoon LLP
Choules Jack M.
International Business Machines - Corporation
Ray-Yarletts Jeanine S.
LandOfFree
Apparatus and method for protecting against data tampering... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Apparatus and method for protecting against data tampering..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Apparatus and method for protecting against data tampering... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3237880