Paper-5 Improved Data Integrity Through Integrated Database Trigger Model

7/28/2019 Paper-5 Improved Data Integrity Through Integrated Database Trigger Model

1/7

International J ournal of Computational Intelligence and Information Security, March 2013, Vol. 4 No. 3,ISSN: 1837-7823

44

Improved Data Integrity Through Integrated Database Trigger Model

Yaya Itai (PHD student of Babcock University)Computer Science & Math Department Babcock University, Nigeria

AWODELE OLUDELE PhDComputer Science & Math Department Babcock University, Nigeria

OKOLIE S.O. PhDComputer Science & Math Department Babcock University, Nigeria

NICOLAE GOGA PhDMolecular Dynamics Group University of Groningen, the Netherlands and

Faculty of Engineering Politehnica University of Bucharest RomaniaBujor Pavaloiu

Politehnica University of Bucharest Romania

Abstract

Database integrity ensures data entered into the database is accurate, valid, and consistent. The need to continuously

audit database modifications cannot be overemphasize. The challenges faced in-terms of insufficient audit trail logbeing captured as a result of using the Data Manipulation Language (DML) commands, by privileged users has notbeen adequately addressed by the traditional database audit set up currently in place. Most business consultingauditors has raised concerns regarding the increasing level of database updates by information technology staff. Asthe auditors have no way of knowing what were inserted, deleted or updated in the database by privileged users. Anintegrated database trigger model developed using the benchmarked dynamic object technology model tosupplement the built-in auditing features of the database. The resultant output from the proposed model wasmeasured and analyzed using the oracle toad analyzer with a structured statistical questionnaire feedbackmechanism. This model enhances Database Integrity, yield business systems with higher levels of integrity. Theimproved systems will allow financial auditors to rely more heavily on these techniques, which will improve auditquality and decrease costs.

Keywords: DML, Event Condition Action (ECA), Trigger, Data Integrity.

1.0 IntroductionData integrity is a fundamental component of information security. In its broadest use, data integrity refers to theaccuracy and consistency of data stored in a database, data warehouse, data mart or other construct; however it couldalso be used as a proxy for data quality. Data with integrity is said to have a complete or whole structure. Allcharacteristics of the data must be correct; including business rules, relations, dates, definitions and lineage for thedata to be complete. Data integrity is imposed within a database when it is designed and is authenticated through theongoing use of error checking and validation routines.Integrity, in database terms, is therefore the quality of trustworthiness that the data in a database is imbued with;high levels of integrity. Database technologies are a core component of many computing systems. They allow datato be retained and shared electronically and the amount of data contained in these systems continues to grow at anexponential rate. So does the need to ensure the integrity of the data and secure the data from unintended access.Data modeling in terms of integrity is one of the most critical tasks in building an information system. Pair a well-

developed and solid database design with extensive but appropriate integrated database triggers; the end result willbe a database implementation that consistently yields accurate and timely information. Additionally, the databaseand its underlying data will realize greater data integrity with the reliance on external and sometimes faultyapplications minimized, which will in turn contribute to higher audit quality and decreased business costs[1].

One of the most interesting types of integrity concerns is adherence to business rules. Those standard operatingprocedures and policies that dictate how an organization conducts transactions in its business environment. Whilesuch rules can be enforced in programs that use the database. If the business rules are implemented within the


2/7


45

database, they need not be recreated when new applications are developed but will be automatically enforced for allapplications.

The default database Audit trail that captures the DML activities entries (Update, Delete and Insert), does notcapture the details of what were modified. It merely shows that entries were modified on database tables. FinancialInstitution auditors therefore have no way of knowing what were inserted, deleted or updated in the financialdatabase tables which are risky to the business. Most business consultant /auditors today have raised concernsregarding the increasing level of database updates.

For the purpose of this paper an integrated database trigger model developed using the benchmarked dynamicobject technology model will supplement the built-in auditing features of the database. This model will enhanceDatabase Integrity, yield business systems with higher levels of integrity.

The importance of this paper cannot be overemphasized because of its significance to different groups of people thatwill benefit from the findings of this research work. The beneficiaries of this study include but are not limited toFinancial Auditors, Financial Accountants, Auditing Companies, Regulators, Revenue Assurance experts etc. It willalso serve as secondary source to those intending to carry out similar study in the same area. A better triggerexceptions handling capability will be used in this research, with ability to capture real values during DMLoperations. Update of transactions effectively limits the total number of triggers that can be specified forperformance reasons. With a trigger, it is possible to check conditions such as did not change or did not change

within a certain percentage of a given period. These conditions can be true even if the relevant data is not updated,so they cannot be checked correctly in a trigger system driven by update events.

2.0 Literature ReviewMartin Leissler, 2009 describe database triggers as a mechanism used to define a set of operations which are to beexecuted by the DBMS as soon as a given part of the data in the database changes. Using triggers to update aninformation visualization client has some advantage that no unnecessary database requests have to be made. That thedelay in updating the information visualization on the client side is only dependent on the time it takes to send amessage from the server to the client.

Don Schlichting, 2009 defined triggers are stored TSQL code that is used to automatically perform a task whensome type of SQL Server action occurs. As their name implies, a trigger is triggered or set off by some monitoredaction. These monitored actions can be one of three categories: DML, DDL, or a Logon Event. A DML trigger fires

when an Insert, Update, or Delete statement is performed. DDL Triggers (Data Definition Language) are activatedby a schema level event such as creating a table or altering an index. The last trigger type, Logon Trigger, isexecuted when a user begins a SQL Server session.

David H. Olsen, 2009 defined data integrity as the quality of trustworthiness that the data in a database is imbuedwith high levels of integrity. It is axiomatic that integrity is crucial to accountants that use and audit such systemsbecause no one would use or rely on a suspect accounting system. One of the most interesting types of integrityconcerns is adherence to business rules; those standard operating procedures and policies that dictate how anorganization conducts transactions in its business environment.

Mahi Sony, 2006 describes database trigger as a set of instructions that runs automatically when a particular changeoperation is executed on a table in the database. This change operation happens when a SQL update, delete or insertoperation is performed. Numerous corporate users use SQL triggers to enforce certain business guidelines, keep

review check and validate input data. The basic problem that a user might encounter while executing a trigger is -change in the programming code of the trigger while executing numerous set of instructions. The errors inprogramming code might occur due to improper shutdown, fatal virus attacks and more. Once the programmingcode of the trigger gets changed, the set of instructions followed by the trigger also changes, which might lead toserious database corruption. For example, a user is working in a bank and has created a SQL trigger which includescertain set of instructions to update the account of the user every time a user deposits some money. In such ascenario due to trigger corruption, instead of amount getting updated in the account, the amount might get deleted.Also, the account gets updated by some other amount. There can be numerous scenarios like this, which can corruptthe entire database. To resolve the above issue, the user needs to use effective SQL repair tool. This tool usesadvanced scanning algorithms and extracts the valuable data from the database. This SQL recovery utility is


3/7


46

extremely useful when the database gets corrupted due to internal program errors, hardware malfunctioning,accidental deletion of data and more. Stellar Information Systems Ltd. provides the best SQL database recoverysoftware. Stellar Phoenix SQL Database Recovery uses effective scanning algorithms, which enables perfectextraction of your critical data from SQL Server database.

Steve Callan, 2004 categorized System triggers into two: those based on Data Definition Language (DDL)statements, and those based upon database events. Use of system triggers can greatly expand a DBA's ability tomonitor database activity and events. Moreover, after having read this article, you'll be able to sharp shoot someonewho asks, "How many triggers does Oracle have?" Most people will seize upon the before/during/afterinsert/update/delete on row/table easy-to-answer OCP test type of question (and answer), which is largely correctwhere plain vanilla DML triggers are concerned. How would you count INSTEAD-OF triggers when it comes toDML? So, how many other triggers does Oracle have or allow? There are a great many things you can do withtriggers, whether they are based on DML statements or system events. As a developer or DBA (or both), there is nosuch thing as having too many tricks up your sleeve. In terms of job or role separation, think of the DML triggers asbeing in the purview of the developer, and the system event triggers being in the DBA's, but a good DBA shouldpossess some decent programming skills of his or her own, and that's where knowing how to avoid problems withDML triggers comes into play.

Decker, 2000 described a detailed method for generating provably correct triggers from declarative integrityconstraints specified as first-order predicate calculus sentences. The method essentially consists of a translation of

the results of the sound check approach (Decker, 1987) to SQL.Thibault Dambrine, 2001described database trigger automation as new for most researchers as they have onlyskimmed the surface. The concept is simple enough: Attach the process to the database level, and forget having toput it at the application level, but then there are so many other considerations. Commitment control can be a keycomponent of a trigger-driven strategy for database integrity. It must however, be well understood and plannedbefore starting out. A referential constraint is another powerful new tool available and it seems like a natural to workhand-in-hand with triggers. These two examples are obvious ones, but truly, the potential for using trigger process indaily data processing situations can be much wider.

2.1 The need for data integrityData integrity is the assurance that data is consistent, correct, and accessible, as we move into the database world,data integrity comes in many different types: null rules, unique column values, primary key values, referentialintegrity rules and complex integrity checking [13].

Without data integrity, we cannot even begin to be concerned with data quality since it assumes that we might nothave all the data, or that we cannot access it either physically or logically, or that we can have no certitude of itscondition.It becomes important to track logical data integrity as applications are implemented on architectures where datamovement, operations or migrations might altar, truncate, delete or corrupt the data. This is particularly important inthe context of systems of record. These are information storage systems that are considered the authoritative datasource for a given piece of data or information.As a process, Data integrity verifies that data has remained unaltered in transit from creation to reception. As a stateor condition, Data Integrity is a measure of the validity and fidelity of a data object. As a function related to security,a data integrity service maintains information exactly as it was inputted, and is auditable to affirm its reliability.Data undergoes any number of operations in support of decision-making, such as capture, storage, retrieval, updateand transfer. Data integrity can also be a performance measure during these operations based on the detected errorrate.

Data must be kept free from corruption, modification or unauthorized disclosure to drive any number of mission-critical business processes with accuracy. Inaccuracies can occur either accidentally (e.g. through programmingerrors), or maliciously (e.g. through breaches or hacks) [9].

Businesses sometimes choose to use triggers over standard Oracle audit features because triggers offer the flexibilityto tailor the audit transactions in the database to the unique business requirements. Using atrigger also presents thepossibility to tune the performance of auditing activities and the option to store the audit trail in a user-definedtablespace to alleviate maintenance burdens on the SYSTEM tablespace.


4/7


47

2.2 Application of Triggers in data integrity Enforcement of Business Rules Provide sophisticated auditing Automatic generation of derived column values Prevention of Invalid Transactions. Fine-grained access control security policies

3.0 Methodology3.1 Cheque management systems: model business rules explained.

The Integrated Cheque Management System is a web based application used in Cheque Management Center (CMC).The application is meant to automate the manual processes involve in cheque requisition and encoding. Theapplication interacts with an Encoder machine to prints a branchs name, customers name and the MICRCODELINE which are sent on-line from the branches on a physical Cheque.

The prototype system illustrates using integrated database triggers. The company uses the following business rules:1. Customer submits his/her reorder slip to request for a new chequebook at the branch.2. The branch customer service officer captures the customers details in the reorder slip into systems using

the appropriate menu, and then passes the slip to the head customer service.3. The head customer service verifies the captured indents and post it if all entries are okay. A transaction-id

is generated once the indent is verified. The transaction-id is written at the back of the customers reorderslip for record purposes. A transaction-id is generated because of the transaction that took place, thecustomers account is debited for the cost of chequebook and the branchs cheque draft suspense account iscredited on application.

4. Once the request is verified at the branch, it is available for the cheque management systems to process.5. At the Cheque Management Center, the indent can be seen on the server database using the indent status

enquiry menu on the application browser. The workstations connect to the server using the TNS name onthe database to pull the record to the Encoder machine for printing.

6. After printing and binding at the Cheque Management Center, the cheque booklets are dispatch per branchusing the Dispatch menu. The dispatch process batches the cheque booklets, with each batch having adispatch number and a print-out. The printing and dispatch processes updates a table Job_queue on thecheque management database. All records tagged dispatched in the Job_queue table are moved by thefeedback service back to host database.

7. Branches come to collect their physical cheque booklets from Cheque management center or from otherlocations. Do call over using the dispatch print-out and signs-off.

8. The Customer service officer at the branch receives the cheque booklets per customer on the application.Those that appear on the menu but the physical is not yet available are skipped.

9. The Customer service officer then ranges all the received cheque booklets in the host application. Duringranging, the branchs cheque draft suspense account is debited and the account of the cheque managementcenter concerned is credited. Also the customers cheque range is uploaded to the account verified andacknowledged.

10. Customer comes to pick up his /her cheque book and signs on the print-out for collection.

3.2 SampleThe participants were 50 Database Administrators, IT Security personnel, Systems auditors and Financial Controlrandomly sampled from the three categories of financial institutions in Nigeria:

Continental Trust Nigeria limited and First-Trade of Nigeria limited ABC Discount House

The participants were stratified into male and female.

3.3 Survey InstrumentThe survey instrument used for this research was developed based on established procedures in literature and statedobjectives. The survey instrument has four broad areas:

DML operations Enforcement of Business Rules


5/7


48

Database auditing/security Database performance evaluation

Each area contained two sections A and B. Section A focused on demographic information of the DatabaseAdministrators, IT Security personnel, Systems auditors and Financial Control personnel Knowledge. Section Bfocused on the need to continuously audit database modifications in-terms of insufficient audit trail log beingcaptured as a result of using the Data Manipulation Language (DML) commands.

3.4 DemographicTable1: DemographicVariable N %Gender Male 45 90

Female 5 10Area ofspecialization

Database Administrators 10 20IT Security Personnel 20 40Systems Auditors 15 30Financial Control 5 10

The demographic information of the participants is given in Table 2. The table indicates that 90% were male whilefemale respondents were 10%; this shows that both male and female respondent were fairly represented base on the

nature of this research. With regard to Rank representation the table shows that Database Administrators has 20% %,IT Security Personnel 40%, Systems Auditors has 30%, while Financial Control has 10%, of respondents,respectively; this indicates that all various key stakeholders were fairly represented.

3.5 Integrated Database Trigger ModelThis paper requires a technology model that has predefined trigger concepts that can be easily modified to suiteusers needs. The DOM design has a structure that best suitable for handling changes [Riehle Et al 2000]. It willallow trigger and its components (Event, Condition, Action) to be changed at runtime.

Figure 1: Integrated database trigger model

The integrated database trigger model is based on the fact that action taken to ensure data integrity depends onbusiness rule that the data need to satisfy. It starts with preprocessed (original) database manipulation with a varietyof exceptions. Database manipulations is checked against predefined triggers (in figure 1) in the database with theobjective of obtaining correct and consistent data, and then are loaded into data exception database store. Theeffectiveness of the proposed model will depends on the triggers (rules) defined in the database [15].

CMC DATABASEBusiness Rule

Database predefined trigger

rule and processing

Exception database store

Events, Condition &Action

End-User Reporting Web-view


6/7


49

Normally a trigger is defined in the Event-Condition-Action (ECA rule) fashion. Given this structure of a triggerlanguage, a simple trigger can be generated automatically when supplied with necessary attributes. An event part ofthe model (a trigger) was used to perform operations such as updating, inserting, loading, etc. Complex predicates,functions or checks are contained in the condition part for checking errors, duplicate data, inconsistency, missingvalues, etc. It is necessary to specify the condition criteria for accepting that values are outside the exceptions bandfor the specified purpose.

The condition criteria can apply to individual values as well as set of values. The condition criterion helps to identifythe problem or problems. Once identification has been made then some transformation rules have to beimplemented. The transformation rule specifies the action to be taken to transform data. This could be omitting arecord, substituting a value, confirmation operations such as sending message alerts or other database operations,etc. The action part of a trigger will be activated when the condition is satisfied. The approach in this model consistsof four stages namely: Business Rule, Database predefined trigger rule, Exception database store, End-UserReporting Web-view the trigger processing stages. The database defined trigger processing stage is for creation andmanipulation of triggers and their components.Several different triggers are used in this model against CMC Database and one that is attached toSecurityChequeNumber table.

1. Validation of Security Number Duplication/Overlap: The system-wide validation should throw up anexception to prompt the user to reconfirm the entered security number. This is to cater for recycling ofsecurity number. However overlap/duplication on account level should throw up an outright error which theuser must correct before proceeding. An additional validation to confirm the number of leaves on the indentand the sum of number of leaves (especially where there are replacements) on the SecurityNumber tableshould be done.

2. Update of the Security number should be mandatory at printing. As a second level check, a validation runof any orphaned indent (without security number record) should be done during End of day processing.

3. Provision to correct or input any wrong/missing securitynumber details should be provided.3.6 Tables Descriptions

SecurityChequeNumber (Stores the primary Security Cheque Number) ChequeType(Stores the Cheque Types utilized for encoding. Modified to now include the number of

leaves in a booklet for a specified cheque type). SecurityChequeStates (Storesthe various cheque states of security cheque number items (e.g. un-used,

missing, used items etc. )). SecurityReusableItems(Stores the Security Cheque Number Items that were skipped during encoding and

thus can yet be used for encoding)

3.7 ResultThe Experiment showed how a wide range of security requirements for a database can be met by buildingapplication specific controls on a suitable trigger mechanism. The technique was illustrated using a detailed triggermodel build around important tables in the database. The requirements of this application cover most aspects ofsecurity, including confidentiality, integrity and audit. This paper was also compared with similar researches in thisarea, the issue of real value tracking and database performance are addressed in this paper.Original SecurityChequeNumber table 2ChequeNumber CusName SecurityNumber Operator_id PrintStatus PrintDate CaptureDate CusAcctN00000001 Musa

Ayeni80881234 Sn01100 Y 15-03-

201312-03-2013 000056564

00000002 Olufemi

Ojo

97881234 Sn02400 Y 18-03-

2013

11-03-2013 012386476

00000111 YekinniOla

00881234 Sn02401 N 19-03-2013

12-03-2013 987123541

When an updated SQL is fired on a cheque Number filed on the Original SecurityChequeNumber table, it inserts theupdated new records in the inserted logical tables. The old records, i.e. records before updating are entered into thetrigger table as shown below. Exceptions handling were properly documented and used the programming section asshown in the appendix.


7/7


50

Original SecurityChequeNumber table3

ChequeNumber(old)

CusName SecurityNumber

Updatedby

Updateddate

ChequeNumber(new)

00000001 MusaAyeni

80881234 AderonkeAdeshina

18-03-2013

57710856

In table3 above the ability to report before aspect of the DML operation in the cheque management systems databasehas been completely addressed. The CMC database health was examined for the most expensive sessions, andfound to be normal using oracle toad utilities. An oracle third-party tool MGAs Eagle eye was used to performregression testing to get immediate of any change in the CMC database, by performing load testing as well astracking the response times that the production users are receiving to serve as the service level agreement.

4. ConclusionData integrity is an important part of an organizations daily operations and technology has a vital part to play inensuring adequacy of data integrity. With the rising complexity of data integrity challenges, database triggerstechniques go a long way to improving the effectiveness of data integrity issues. The use of the various databasetrigger techniques such as prevention of invalid transactions, financial business rule enforcement, sophisticatedauditing and automatic column values derivation. Database trigger therefore has an important role to play in theenforcement of data integrity that would be capable of standing up to data integrity challenges we face in ouroperating environment today.

References

[1] Eric N. Hanson (2010), Integrity constraints in a transaction database using Triggers.[2] Martin Leissler, Matthias Hemmje, Erich Neuhold (2009)(GMD German National Research Center for

Information Technology.[3] Don Schlichting(2009),DML Triggers in SQL Server 2008[4] David H. Olsen, Olga Yatsenko and Nicole Forsgren Meek ,ENHANCING DATABASE INTEGRITY AND

PROCESS AUTOMATION THROUGH SMART TRIGGERS ( IACI 2002): 490-496[5] Craig Mullins and Steve Callan (2004). Collaborative computing.

[6] Steve Callan (2004), the trigger-happy DBA series on data manipulation language[7] Craig Buckler, 2011 database triggers operations and constraints.Crossman, P. (2007). The Less-Than-ObviousCosts of Ignoring Data Architectures . Wall Street & Technology.

[8] David H. Olsen, Olga Yatsenko and Nicole Forsgren Meek ,ENHANCING DATABASE INTEGRITY ANDPROCESS AUTOMATION THROUGH SMART TRIGGERS ( IACI 2002): 490-496

[9] Fergal Glynn (2012). Ensuring database integrity checks.[10] Steven H. Blackwell (2007). The importance maintaining data integrity and availability.[11] Trigger Functions, SQL Server 2012 http://msdn.microsoft.com/en-us/library/ff848758.aspx[12] Y J in (2009). A framework of fuzzy triggers for XML database systems.[13] Juff Ash(2006). Using triggers to maintain database integrity.[14] Chandrasekaran, S. & Kehoe, B. (2003). Technical comparison of Oracle real application Clusters vs. IBM

DB2 UDB ESE.[15] Kanana Ezekiel and Farhi Marir (2006) enhancing data preparation processes using triggers for active data

warehousing.
http://www.databasejournal.com/feedback.php/http:/www.databasejournal.com/features/mssql/article.php/3837541/DML-Triggers-in-SQL-Server-2008.htmhttp://www.databasejournal.com/feedback.php/http:/www.databasejournal.com/features/mssql/article.php/3837541/DML-Triggers-in-SQL-Server-2008.htmhttp://www.databasejournal.com/feedback.php/http:/www.databasejournal.com/features/mssql/article.php/3837541/DML-Triggers-in-SQL-Server-2008.htm

Paper-5 Improved Data Integrity Through Integrated Database Trigger Model

Documents

Transcript of Paper-5 Improved Data Integrity Through Integrated Database Trigger Model