데이터베이스 감리를 위한 규칙 기반 SQL 검사 도구의 설계 및 구현

Abstract

Corporate scale expansion resulting from the globalization of world economy has created more diverse and complex tasks. There are various difficulties in developing and managing information systems for efficiently supporting such tasks. For maximizing the return on IT investment by improving the quality of information systems that have become larger in scale and more complex composition, it has become important to conduct information system audit throughout the entire lifecycle from development and maintenance & repair. Various studies are being conducted on improvement of information system audit, deduction of standard inspection criteria and development audit support tools for improving the efficiency of audit implementation because of the wide and complex scope of information system audit. The task of auditing database that is a core component of information system is a part of information system audit. In addition, database audit can be divided into various areas of database security, data quality and database performance according to the purpose of audit, area of technology and project characteristics. The audit projects described in the information system audit guidelines released by National Information Society Agency of Korea (NIA) are classified into various project types. Most of them include audit inspection items on database and database development project consists of separate project type. However, audit inspection items according to project types divided in the information system audit guidelines are only being used for the purpose of clarifying the direction of audit project. Namely, specific criteria of inspection item, measurement index and audit implementation when conducting audit have not been presented. Accordingly, it is necessary to specify audit inspection items and method based on the criteria provided to conduct audit. In addition, it is not easy to develop audit support tools because of various characteristics and issues of audit and it is also not possible to cover every area of information system with a single tool. That is why existing audit support tools have been developed centering on a particular area or only support a part of audit. Accordingly, the purpose of this study is to examine areas of audit focusing on SQL for manipulation data in database. SQL is a component that can significantly affect the performance of database and an incorrectly written SQL sentence can deteriorate the overall performance of information system. If SQL is not audited during the development process of information system, a significant amount of cost could be spent to improve problems that might occur during the post-system open phase. In addition, existing audit tools have the issue of focusing on the operation phase or being functionally insufficient. For improving such issue, SQL audit implementation process was analyzed in this study. Based on the findings, it analyzed requirements according to object-oriented software development methodology to design and develop SQL audit support tools. We implemented this rule-based tool to inspect SQL using various pre-defined rules, so that we obtain the final result through matching the generated patterns to rule matrix. In addition, experiments were conducted by applying the as-developed SQL audit support tools for a functional comparison between other tools developed in other studies and commercially available tools. Accordingly, it was confirmed that the SQL audit support tools developed in this study are applicable for audit. And the inspection tool we proposed applied SQL syntax analysis to fill in for the lack of as-developed tools that support only inspection based on statistic information. It is also anticipated that the as-presented tools can improve the efficiency of SQL audit when used in an actual project. The future study plan is to examine a method of collecting SQL sentence through more SQL audit inspection rules and various paths with the purpose of enhancing not only database performance but also overall information system performance through comprehensive implementation of SQL audit.