Extreme Blue

© 2004 IBM Corporation

EunomiaHDB Compliance Auditing

System Architecture

Extreme Blue

© 2004 IBM CorporationEunomia Compliance Auditing | System Architecture

Eunomia system overview

Two components:

Component 1: the logging tool will record the extra information necessary to determine “who accessed which data?”

Component 2: the audit tool will retrieve this information from the logs to answer questions about data access.

Extreme Blue

© 2004 IBM CorporationEunomia Compliance Auditing | System Architecture

Eunomia system overview

Enterprise Application

Eunomia Interface

DB2

Log Retrieval API

Audit Tool

Requests for Personal Information

Chief Privacy Officer

Extreme Blue

© 2004 IBM CorporationEunomia Compliance Auditing | System Architecture

Piece 1: The Logging Tool

Extreme Blue

© 2004 IBM CorporationEunomia Compliance Auditing | System Architecture

Overview of logging from 50,000 feet

Enterprise

Application

Eunomia Interface

DB2

Enterprise

Application

DB2

Before: After:

JDBC

JDBC

DB2 Driver API

Extreme Blue

© 2004 IBM CorporationEunomia Compliance Auditing | System Architecture

Overview of logging from 50,000 feet

We want to:

minimize overhead of storing extra logging information

defer as much computation expense as possible

Extreme Blue

© 2004 IBM CorporationEunomia Compliance Auditing | System Architecture

Overview of logging from 50,000 feet

Solution:

query logs – record all queries for data

transaction log – record all changes to data in the database in shadow tables

at audit time, calculate from the shadow tables which information was accessed by which queries

Extreme Blue

© 2004 IBM CorporationEunomia Compliance Auditing | System Architecture

Overview of query logging

Enterprise

Application

Query Handler

DataQuery Logs

Query

JDBC Interface

Write Log

Extreme Blue

© 2004 IBM CorporationEunomia Compliance Auditing | System Architecture

Overview of backlogging

Personal Information

Tables

Shadow Tables

Triggers on Update, Insert, and Delete

Shadow tables maintain a temporal log of all information stored in the actual data tables.

Suppose you want to know what the database looked like at a certain point in time.

First select the set of records that have an earlier timestamp than your desired date

From that set, then select the set of records that have the latest timestamp.

Extreme Blue

© 2004 IBM CorporationEunomia Compliance Auditing | System Architecture

PACT configuration wizard

an automated tool for configuring a database to support logging

a database administrator can specify a database connection which the wizard will analyze

the wizard will generate and execute the SQL necessary to augment the existing database tables

Extreme Blue

© 2004 IBM CorporationEunomia Compliance Auditing | System Architecture

Eunomia configuration wizard

prompt admin for database settings

analyze databasetables

create shadow tables

populate shadow tables with current table information

create query logtable

Extreme Blue

© 2004 IBM CorporationEunomia Compliance Auditing | System Architecture

Overview of logging from 1000 feet

PACT Driver Eunomia Configuration Tool

Logs Data Tables Shadow Tables

Audit Tools

Applications DBA

CPO

Triggers

Extreme Blue

© 2004 IBM CorporationEunomia Compliance Auditing | System Architecture

Overview of logging from 100 feet

JDBC Interface

Logs Data Shadow Tables

Eunomia Interface

Applications

JSP/GUI Interface

Log Setup

Pact Configuration Wizard

BacklogSQLGenerator

JDBC Interface

Triggers

query record

query andquery results

setup query logs

read schema

setup backlogs

DoctorDBA

Extreme Blue

© 2004 IBM CorporationEunomia Compliance Auditing | System Architecture

Piece 2: The Audit Tool

Extreme Blue

© 2004 IBM CorporationEunomia Compliance Auditing | System Architecture

Overview of auditing from 50,000 feet

Logs Shadow Tables

Log Retrieval API

Audit Tool

Extreme Blue

© 2004 IBM CorporationEunomia Compliance Auditing | System Architecture

Overview of auditing from 50,000 feet

Auditing tools only care about questions like “What information was accessed by doctor X on date Y, in response to query Z.” The auditing tools would love to have the log data in the following format:

Query Date Requester Fields Accessed Data Returnedselect * from patients 2/1/2004 Dr. Haas record 7->name Joseph Lawsselect * from patients 2/1/2004 Dr. Haas record 7->age 20select * from patients 2/1/2004 Dr. Haas record 7->SSN 123-45-6789

Unfortunately, processing all of the query log and backlog data to put it in this format is computationally expensive. Instead, it is necessary to process the data on the fly using a SQL query rewrite engine.

This layer of complexity is hidden within the “Log Retrieval API,” which will translate the data from the log format, to the format the audit tools want to use it in.

Note – table is just a quick illustration of how the auditing tools would like to get at the data. Don’t nit-pick it.

Extreme Blue

© 2004 IBM CorporationEunomia Compliance Auditing | System Architecture

Overview of auditing from 1000 feet

SQL Rewrite Engine

JDBC and SQL

Request Processor Result Processor

Log Retrieval Layer

Log Retrieval API

Tools For Viewing Logs Tools for Comparing Logs

Against Privacy Policies

Audit Application

Logs Shadow Tables

Extreme Blue

© 2004 IBM CorporationEunomia Compliance Auditing | System Architecture

Queries and Query Sets

An auditor may want to retrieve a set of queries, and then process and analyze the queries in a number of ways

We will create “Query” objects and Query Sets, which will represent the query information retrieved from the database.

This will eliminate repeat computation when someone wants to process a set of queries in multiple ways.

Extreme Blue

© 2004 IBM CorporationEunomia Compliance Auditing | System Architecture

Queries and Query Sets

Database

Log Retrieval API

Audit Tool

JDBC: SQL and ResultSet Objects

Query and QuerySet Objects