Browse > Article
http://dx.doi.org/10.3745/KTSDE.2016.5.9.425

Design and Implementation of SQL Inspector for Database Audit Using ANTLR  

Liu, Chen (부경대학교 컴퓨터공학과)
Kim, Taewoo (부경대학교 컴퓨터공학과)
Zheng, Baowei (부경대학교 정보공학과)
Yeo, Jeongmo (부경대학교 컴퓨터공학과)
Publication Information
KIPS Transactions on Software and Data Engineering / v.5, no.9, 2016 , pp. 425-432 More about this Journal
Abstract
As the importance of information audit is getting bigger, the public corporations invest many expenses at information system audit to build a high quality system. For this purpose, there are much research to proceed an audit effectively. In database audit works, it could audit utilizing a variety of monitoring tools. However, when auditing SQLs which might be affected to database performance, there are several limits related to SQL audit functionality. For this reason, most existing monitoring tools process based on meta information, it is difficult to proceed SQL audit works if there is no meta data or inaccuracy. Also, it can't detect problems by analysis of SQL's syntax structure. In this paper, we design and implement the SQL Inspector using ANTLR which is applied by syntax analysis technique. The overall conclusion is that the implemented SQL Inspector can work effectively much more than eye-checked way. Finally, The SQL inspector which we proposed can apply much more audit rules by compared with other monitoring tools. We expect the higher stability of information system to apply SQL Inspector from development phase to the operation phase.
Keywords
SQL Audit; Audit Tool; Database Performance; SQL Audit Tool; Database Audit;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Jong-won Kim, "System Audit Improvement Through Identifying Database Query Audit Inspection Item," Master dissertation, Incheon National University, Incheon, KOREA, 2013.
2 National Information Society Agency, "A Survey and Application Plan for Audit Tools," National Information Society Agency, 2001.
3 T. J. PARR, "The Definitive ANTLR Reference: Building Domain-Specific languages," The Pragmatic Bookshelf, 2013.
4 National Computerization Agency, "The Guide for Information System Auditing," National Computerization Agency, 2013.
5 National Information Society Agency, "Information Systems Audit Cookbook V2.0," National Information Society Agency, 2007.
6 National Information Society Agency, "Information Systems Audit Guidelines V1.0," National Information Society Agency, 2009.
7 Oracle, Oracle Database Performance Tuning Guide 11g Release [Internet], http://docs.oracle.com/database/121/TGD BA/toc.htm.
8 Gwangil Park, "Design and implementation of an SQL performance analyzer for DATABASE performance improvement," Master dissertation, Chungang University, Seoul, KOREA, 2010.
9 YourDictionary [Internet], http://www.yourdictionary.com/ ad-hoc-query.
10 Parsing [Internet], https://en.wikipedia.org/wiki/Parsing.
11 T. J. Parr, R. W. Quong, "ANTLR: A Predicated-LL(k) Parser Generator," Software-practice and Experience, Vol.25, No.7, pp.789-810, 1995.   DOI
12 Haiyan Wang and Hebiao Yang, "ANTLR-based SQL Grammatical Analysis Strategy and its Implementation," Computer Application and Software, Vol.30, No.11, pp.68-70, 2013.
13 Danyang Cao and Donghui Bai, "Design and implementation for SQL parser based on ANTLR," 2nd International Conference on Computer Engineering and Technology, Vol.4, pp.276-279, 2010.
14 Xia Liu, Li Tao, Yuhong Zhou, Kevin Ma, and Xiaoqiang Liu, "The Automatic Marking Method of SQL Script Based on Syntax Analysis and Levenshtein, Distance," Software Engineering and Applications, Vol.3, pp.9-14, 2014.   DOI
15 Chen Liu, Taewoo Kim, Baowei Zheng, and Jeongmo Yeo, "Design and Implementation of SQL Audit Tool for Database Performance," KIPS Transactions on Software and Data Engineering, Vol.5, No.5, 2016.