DOI QR코드

DOI QR Code

Design and Implementation of SQL Inspector for Database Audit Using ANTLR

ANTLR를 사용한 데이터베이스 감리용 SQL 검사기의 설계 및 구현

  • ;
  • 김태우 (부경대학교 컴퓨터공학과) ;
  • ;
  • 여정모 (부경대학교 컴퓨터공학과)
  • Received : 2016.03.25
  • Accepted : 2016.05.13
  • Published : 2016.09.30

Abstract

As the importance of information audit is getting bigger, the public corporations invest many expenses at information system audit to build a high quality system. For this purpose, there are much research to proceed an audit effectively. In database audit works, it could audit utilizing a variety of monitoring tools. However, when auditing SQLs which might be affected to database performance, there are several limits related to SQL audit functionality. For this reason, most existing monitoring tools process based on meta information, it is difficult to proceed SQL audit works if there is no meta data or inaccuracy. Also, it can't detect problems by analysis of SQL's syntax structure. In this paper, we design and implement the SQL Inspector using ANTLR which is applied by syntax analysis technique. The overall conclusion is that the implemented SQL Inspector can work effectively much more than eye-checked way. Finally, The SQL inspector which we proposed can apply much more audit rules by compared with other monitoring tools. We expect the higher stability of information system to apply SQL Inspector from development phase to the operation phase.

Acknowledgement

Supported by : 부경대학교

References

  1. Jong-won Kim, "System Audit Improvement Through Identifying Database Query Audit Inspection Item," Master dissertation, Incheon National University, Incheon, KOREA, 2013.
  2. National Information Society Agency, "A Survey and Application Plan for Audit Tools," National Information Society Agency, 2001.
  3. T. J. PARR, "The Definitive ANTLR Reference: Building Domain-Specific languages," The Pragmatic Bookshelf, 2013.
  4. National Computerization Agency, "The Guide for Information System Auditing," National Computerization Agency, 2013.
  5. National Information Society Agency, "Information Systems Audit Cookbook V2.0," National Information Society Agency, 2007.
  6. National Information Society Agency, "Information Systems Audit Guidelines V1.0," National Information Society Agency, 2009.
  7. Oracle, Oracle Database Performance Tuning Guide 11g Release [Internet], http://docs.oracle.com/database/121/TGD BA/toc.htm.
  8. Gwangil Park, "Design and implementation of an SQL performance analyzer for DATABASE performance improvement," Master dissertation, Chungang University, Seoul, KOREA, 2010.
  9. YourDictionary [Internet], http://www.yourdictionary.com/ ad-hoc-query.
  10. Parsing [Internet], https://en.wikipedia.org/wiki/Parsing.
  11. T. J. Parr, R. W. Quong, "ANTLR: A Predicated-LL(k) Parser Generator," Software-practice and Experience, Vol.25, No.7, pp.789-810, 1995. https://doi.org/10.1002/spe.4380250705
  12. Haiyan Wang and Hebiao Yang, "ANTLR-based SQL Grammatical Analysis Strategy and its Implementation," Computer Application and Software, Vol.30, No.11, pp.68-70, 2013.
  13. Danyang Cao and Donghui Bai, "Design and implementation for SQL parser based on ANTLR," 2nd International Conference on Computer Engineering and Technology, Vol.4, pp.276-279, 2010.
  14. Xia Liu, Li Tao, Yuhong Zhou, Kevin Ma, and Xiaoqiang Liu, "The Automatic Marking Method of SQL Script Based on Syntax Analysis and Levenshtein, Distance," Software Engineering and Applications, Vol.3, pp.9-14, 2014. https://doi.org/10.12677/SEA.2014.31002
  15. Chen Liu, Taewoo Kim, Baowei Zheng, and Jeongmo Yeo, "Design and Implementation of SQL Audit Tool for Database Performance," KIPS Transactions on Software and Data Engineering, Vol.5, No.5, 2016.