Generalized audit trail requirements and concepts for data base applications

Abstract

Discussed is a data base audit trail. It is defined here to be a generalized recording of who did what to whom, when, and in what sequence. This information is to be used to satisfy system integrity, recovery, auditing, and security requirements of advanced integrated data base/data communication systems. This paper hypothesizes what information must be retained in the audit trail to permit recovery and audit later in time and a scheme of organizing the contents of the audit trail so as to provide the required functions at minimum overhead. Introduced are the concepts of types of audit required, DB/DC audit assumptions, time domain addressing, time sequences required to support versions of data, what constitutes an audit trail, and implementation considerations.