Auditing compliance with a hippocratic database
First Claim
Patent Images
1. A method to perform disclosure-based database auditing, said method comprising:
- formulating one or more audit expressions specifying sensitive data to be subjected to an audit;
identifying a subset of logged queries which accessed said sensitive data with respect to said one or more audit expressions;
formulating an audit query by combining and transforming said subset of logged queries, and running said audit query against a database to identify suspicious queries that accessed said sensitive data.
3 Assignments
0 Petitions
Accused Products
Abstract
An auditing framework for determining whether a database disclosure of information adhered to its data disclosure policies. Users formulate audit expressions to specify the (sensitive) data subject to disclosure review. An audit component accepts audit expressions and returns all queries (deemed “suspicious”) that accessed the specified data during their execution.
73 Citations
16 Claims
-
1. A method to perform disclosure-based database auditing, said method comprising:
-
formulating one or more audit expressions specifying sensitive data to be subjected to an audit;
identifying a subset of logged queries which accessed said sensitive data with respect to said one or more audit expressions;
formulating an audit query by combining and transforming said subset of logged queries, and running said audit query against a database to identify suspicious queries that accessed said sensitive data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system to perform disclosure-based database auditing, said system comprising:
-
a query log storing one or more queries submitted to said system along with annotations;
a database capturing and recording updates to base tables;
an audit query generator processing one or more audit expressions specifying sensitive data to be subjected to audit, said audit query generator identifying a subset of logged queries from said query log which accessed said sensitive data with respect to said one or more audit expressions, formulating an audit query by combining and transforming said subset of logged queries, and running said audit query against said database to identify suspicious queries that accessed said sensitive data. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification