Академический Документы
Профессиональный Документы
Культура Документы
and Recovery
Kyanganda S.
Database Security
and Integrity
Definitions
Threats to security
Threats to integrity
Resolution of Problems
Kyanganda S.
Database Security
SECURITY
Protecting the database from unauthorised users
Ensures that users are allowed to do the things they
are trying to do
Kyanganda S.
Database Security
INTEGRITY
Protecting the database from authorised users
Ensures that what users are trying to do is correct
Kyanganda S.
Database Security
TYPES OF SYSTEM FAILURES
1. HARDWARE
DISK , CPU , NETWORK
2.
SOFTWARE
Kyanganda S.
Database Security
Important security features include:
Views
Authorisation & controls
User defined procedures
Encryption procedures
Kyanganda S.
Authorisation Rules
An example: a person who can supply a particular
password may be authorised to read any record, but
cannot modify any of those records.
Authorisation Table for subjects i.e. Salesperson
Customer Records
Order Records
Read
Insert
Modify
Delete
Kyanganda S.
Authorisation Rules
Authorisation Table for Objects i.e. Order Records
Salesperson
Password
Order Entry
Accounting
(Batman)
(Joker)
(Julie)
Read
Insert
Modify
Delete
Kyanganda S.
Database Integrity
CONSTRAINTS
Can be classed in 3 different ways:
1. Business constraints
2. Entity constraints
3. Referential constraints
Kyanganda S.
Database Integrity
BUSINESS CONSTRAINTS
A value in one column may be constrained by value
of another or by some calculation
or formulae.
Kyanganda S.
Database Integrity
ENTITY CONSTRAINTS
Individual columns of a table may be constrained e.g. not
null
REFERENTIAL CONSTRAINTS
Some times referred to as key constraints, e.g.
Table 2 depends on Table 1
Kyanganda S.
Database Integrity
create table account_dets
(acc_id char(6) primary key,
acc_custid char(6) references customer(cust_id),
acc_odraft number(4) check (acc_odraft <= 200),
acc_type char(2) constraint type_chk
check (acc_type in (AB, CD, EF)),
acc_crtdate date not null);
Kyanganda S.
Database Integrity
BENEFITS OF USING CONSTRAINTS
Guaranteed integrity and consistency
Database Integrity
CONCURRENCY CONTROL
WHAT IS IT?
The co-ordination of simultaneous requests, for the
same data, from multiple users
Kyanganda S.
Database Integrity
CONCURRENCY CONTROL
WHY IS IT IMPORTANT?
Simultaneous execution of transactions over a shared
database may create several data integrity and
consistency problems
Kyanganda S.
Database Integrity
Janet
Time
1. Read balance (1000)
John
1. Read Balance (1000)
2. Withdraw 300
3. Write Balance
Balance 700
ERROR
Kyanganda S.
Database Integrity
The three main integrity problems are:
Lost updates
Uncommitted data
Inconsistent retrievals
Kyanganda S.
Database Integrity
LOCKING
Two kinds of Locks:
1. Shared Locks (allows read only access)
2. Exclusive Locks (prevents reading of a
record)
Kyanganda S.
Database Integrity
Time
User 1
1. Lock record X
User2
1. Lock record Y
2. Request record Y
2. Request Record X
(Wait for X)
(Wait for Y)
DEADLOCK
Kyanganda S.
Database Recovery
The process of restoring the database to a
correct state in the event of a failure, e.g.
System Crashes
Media Failures
Application Software Errors
Natural Physical Disasters
Carelessness
Sabotage
Kyanganda S.
Database Recovery
Basic Recovery Facilities
Backup Facilities
Journaling Facilities
Checkpoint facilities
Recovery Facilities
Kyanganda S.
Transactions
Basic unit of recovery
Properties of Transaction (ACID)
Atomicity
Consistency
Isolation
Durability
Staff Salary
Update Example
Read Operations:
Find address of the disk block that contains record with primary key x
transfer block into a DB buffer in main memory
copy salary data from DB buffer into variable salary
Write Operations:
as steps 1 & 2 above
copy salary data from variable salary into the DB buffer
write DB buffer back to disk
Kyanganda S.
Storing Data
Buffer contents flushed to secondary storage
permanent
buffer full
Main Memory
Database
Buffer
Secondary
Storage
Kyanganda S.
Commit
Database
(State 2)
Database
(State 3)
Database
Backup
Database
(State 2)
Kyanganda S.
Database
(State 4)
Back-up Facilities
DBMS provides a mechanism for taking backup
copies of the database and log file at regular
intervals.
A dump or copy or backup file contains all or
part of the database
backups taken without having to stop the
system
Kyanganda S.
Journal Facilities
REDO LOGS
This is the main logging file. The file
contains two different types of
logging records.
AFTER IMAGES
BEFORE IMAGES
Kyanganda S.
Journal Facilities
REDO LOGS - AFTER IMAGES
After any column of any row on any table in the
database is changed, then the new values are
not only written to the database but also to the
redo log. The complete row is written to the log.
If a row is deleted then notification is also put on
to the redo log. After images are used in roll
forward recovery.
Kyanganda S.
Journal Facilities
REDO LOGS - BEFORE IMAGES
Before a row is updated the data is copied to
the redo log. It is not a simple copy from the
database because a separate area of the
database maintains the immediate pre-update
version of each row updated in the database.
The extra area is called the ROLLBACK
SEGMENT. The redo log takes before image
copies from the rollback segment in the
database.
Kyanganda S.
Time
Operation
T1
10:12
START
T1
10:13
UPDATE
T2
10:14
START
T2
10:16
INSERT
T2
10:17
DELETE
T2
10:17
UPDATE
T1
10:18
COMMIT
10:19
CHECKPOINT
Kyanganda S.
Object
TENANT
NO21
TENANT
NO37
TENANT
NO9
PROPERTY
PG16
Before
Image
After
Image
pPtr
nPtr
(old value)
(new value)
T2
Types of Recovery
Duplicate Databases
Rollback Recovery
Rollforward Recovery
Reprocessing Transactions
Kyanganda S.
Duplicate Databases
Requires 2 copies of the database
Advantages
Fast Recovery (seconds)
Good for disk failures
Disadvantages
No protection against power failure
Expensive
Kyanganda S.
Rollback Recovery
Changes made to the database are
undone
(Backward Recovery )
Database
(State 2)
Database
(State 3)
Database
Backup
Database
(State 2)
Kyanganda S.
Database
(State 4)
Rollback Recovery
Database
(with
changes)
ROLLBACK
Database
(without
changes)
Before
Images
Kyanganda S.
Kyanganda S.
Database
(State 2)
Database
(State 3)
Database
Backup
Database
(State 2)
Kyanganda S.
Database
(State 4)
Database
(without
changes)
ROLL FORWARD
Database
(with
changes)
After
Images
Kyanganda S.
Reprocessing Transactions
Similar to Forward Recovery
Uses update transactions instead of after
images
ADVANTAGES
Simple
DISADVANTAGES
Slow
Kyanganda S.
Database
(State 2)
Database
(State 3)
Database
Backup
Database
(State 2)
Kyanganda S.
Database
(State 4)
Recovery Procedure
Storage M edium
Destruction
*Duplicate Database
Forward Recovery
Reprocess Transactions
*Backward Recovery
Forward Recovery or reprocess
transactions - bring forward to
just before termination
*Backward Recovery
Reprocess Transactions
(exclusing those from the update
that created incorrect data)
Transaction error or
system failure
Incorrect Data
Kyanganda S.
Summary
This lecture has looked at security and
recovery procedures
Ensuring that these two are administered
correctly cuts out the majority of problems
with database administration
Kyanganda S.
Further Reading
Security
Connolly & Begg, chapter 19
Concurrency Control
Connolly & Begg, chapter 20?
Kyanganda S.
44
Contents
Definitions
Countermeasures
Security Controls
Data Protection and Privacy
Statistical Databases
Web Database Security Issues and Solutions
SQL Injection
Kyanganda S.
45
Kyanganda S.
46
Countermeasures
Ways to reduce risk
Include
Computer Based Controls
Non-computer Based Controls
Kyanganda S.
47
48
Kyanganda S.
49
Data Security
Two (original) broad approaches to data security:
Discretionary access control
a given user has different access rights (privileges) on different objects
flexible, but limited to which rights users can have on an object
privileges can be passed on at users discretion
Kyanganda S.
50
Kyanganda S.
51
Access modes
SELECT
INSERT
DELETE
UPDATE
52
Negative authorization
Denials are expressed
Denials take precedence
Kyanganda S.
53
SQL Facilities
SQL supports discretionary access control using view
mechanism and authorization system
e.g. CREATE VIEW S_NINE_TO_FIVE AS
SELECT S.S#, S.SNAME, S.STATUS, S.CITY
FROM S
WHERE to_char(SYSDATE, 'HH24:MI:SS) >= 09:00:00
AND to_char(SYSDATE, 'HH24:MI:SS) <= 17:00:00;
GRANT SELECT, UPDATE (STATUS)
ON S_NINE_TO_FIVE
TO Purchasing;
parameterised view
54
Becomes
SELECT * FROM prop_for_rent WHERE prop_type = F
Kyanganda S.
55
56
Statistical Databases
A database that permits queries that derive
aggregated information (e.g. sums, averages)
but not queries that derive individual information
Tracking
possible to make inferences from legal queries to
deduce answers to illegal ones
SELECT COUNT(*) FROM STATS X WHERE X.SEX=M AND
X.OCCUPATION = Programmer)
SELECT SUM(X.SALARY) FROM STATS X WHERE X.SEX=M AND
X.OCCUPATION = Programmer)
Kyanganda S.
57
Statistical Databases
Various strategies can be used to minimize
problems
prevent queries from operating on only a few
database entries
swap attribute values among tuples
randomly add in additional entries
use only a random sample
maintain history of query results and reject queries
that use a high number of records identical to
previous queries
Kyanganda S.
58
Kyanganda S.
59
firewalls
prevents unauthorised access to/from a private network
digital certificates
electronic message attachments to verify that user is
authentic
Kerberos
centralised security server for all data and resources on
network
Kyanganda S.
60
Active-X
Kyanganda S.
61
SQL Injection
a technique used to take advantage of nonvalidated input vulnerabilities to pass SQL
commands through a Web application for
execution by a backend database1
Can chain SQL commands
Embed SQL commands in a string
Ability to execute arbitrary SQL queries
1 http://imperva.com/application_defense_center/glossary/sql_injection.html
Kyanganda S.
62
63
64
Kyanganda S.
65
Summary
Have looked at a number of issues and
solutions for database security
e.g. access controls, SQL features, etc.
Kyanganda S.
66
Further Reading
Connolly and Begg, chapter 19
Date (7th edition), chapter 17
both Connolly and Date have general introductions to security
concepts, with mention of some advanced features
http://www.oracle.com/technology/deploy/security/oracle8i/
pdf/vpd_wp6.pdf
Kyanganda S.
67
Kyanganda S.
68
Contents
Client/Server Databases
Web Databases
Distributed Databases
Kyanganda S.
69
Client/Server
Architecture
In a file server client architecture each client must run a
copy of the DBMS
A better solution is to have a central database server
which performs all database commands sent to it from
client PCs.
Application programs on each client PC can then
concentrate on user interface functions.
Database recovery, security and concurrency control is
managed centrally on the server.
Kyanganda S.
70
Client/Server
Architecture
DATABASE SERVER
The SERVER portion of the client/server database
system which provides processing and shared access
functions.
Kyanganda S.
71
Client/Server
Architecture
CLIENT
Manages the user interface (controls the PC screen,
interprets data sent to it by the server and displays the
results of database queries)
Kyanganda S.
72
Client/Server
Architecture
CLIENT/SERVER ADVANTAGES
Allows companies to harness the benefits of
microcomputer technology such as low cost.
Processing can be performed close to the source of
the data - more speed.
Allows the use of GUI interfaces that are commonly
available on PCs and workstations.
Paves the way for truly open systems.
Kyanganda S.
73
Client/Server
Architecture
CLIENT/SERVER DESIGN ISSUES
The server must be upgradeable to allow for the
growth in clients.
Gateway software is normally required for accessing
databases held on a mainframe.
The server must have capabilities for backup,
recovery, security and UPS.
Kyanganda S.
74
Client/Server
Architecture
CLIENT/SERVER DESIGN ISSUES
Can be complex and so require specialised and expensive
tools such as database servers and APIs.
A lack of comprehensive standards.
Front-end GUI software often requires expensive client
workstations.
Kyanganda S.
75
Kyanganda S.
Client
User interface
Main business and data
processing logic
Database
Server
Server-side validation
Database access
76
Web Architecture
Need for enterprise
scalability causes
problems which
can be solved by a
three-tier
architecture
Thin clients
Kyanganda S.
Client
User interface
Application
Server
Business logic
Data processing logic
Database
Server
Server-side validation
Database access
77
Web as a Database
Platform
Advantages
DBMS advantages
E.g. transactions, concurrency, synchronisation, security, integrity
Simplicity
HTML is a simple markup language, however with new scripting languages
this simplicity is being lost
Platform independence
Web clients are mostly platform independent
Standardization
HTML is a de facto standard
Kyanganda S.
78
Advantages (cont).
Cross-platform support
Users on all types of computer can access a machine with a web browser
Scalable deployment
Applications upgraded on server only
Innovation
Organisations can provide new services and reach new customers
Kyanganda S.
79
Web as a Database
Platform
Disadvantages
Reliability
Internet is a slow and unreliable communication medium
No guarantee of delivery
Security
Data accessible on web
User authentication and secure data transmissions are critical
Cost
A report from Forrester Research claims that maintaining a commercial web
site costs $200 to $3.4 million
Scalability
Unreliable and potentially very large peak loads
Needs highly scalable server architectures
Kyanganda S.
80
Disadvantages (cont.)
Limited HTML Functionality
Need to extend HTML with scripting languages
Adds a performance overhead
Statelessness
No concept of a database connection
Bandwidth
Internet is slow! 1.5mbps compared to 10-100mbps
Performance
Many scripting languages are interpreted languages
81
Web Database
Approaches
Traditional web pages are normally static
To run queries, need to be able to produce
dynamic HTML pages
Kyanganda S.
82
Kyanganda S.
83
Web Database
Approaches
Approaches include:
CGI - Common Gateway Interface
HTTP Cookies - allows machine to store information,
e.g. user authentication
JavaScript - code which runs on client machine
PHP - Hypertext Preprocessor
Active Server Pages - MS Access dynamic forms
Kyanganda S.
84
Database Connectivity
Client Side, 2 approaches:
Extend the browser using scripts, or add-ons or applets,
e.g. plug-ins, JavaScript, ActiveX, Java applets
Link browser to other (external) applications, e.g. legacy systems
Kyanganda S.
85
Client Side
Advantages
Distribution of processing
Feedback speed
Web-page functionality
Disadvantages
Platform/environment dependent
Security and integrity
Download time
Programming limitations
Kyanganda S.
86
Server Side
Advantages
Platform/browser independent
Security and integrity
Download time
Programming limitations direct access to database
Disadvantages
Lack of debugging tools
Lack of direct control over user interface
Kyanganda S.
87
Distributed Databases
DECENTRALIZED DATABASE
stored on computers at multiple locations.
computers are not interconnected by a network.
users at the various sites cannot share data.
DISTRIBUTED DATABASE
Spread physically across computers in multiple locations that
are connected by a data communications link.
Kyanganda S.
88
Distribution Types
Geographical Distribution: Several databases run
under the control of different CPU's at a variety of
different locations.
Platform Distribution: Databases exist on diverse
hardware platforms, and are 'brought together' by
the distributed database manager.
Architectural Distribution: Different database
architectures exist together, e.g. an object-oriented
database communicating with a relational database
Kyanganda S.
89
Dates Rules
Distributed Database Requirements:
For a distributed database to be as such, a
fundamental principle must be adhered to:
To the user, a distributed database should look exactly like
a non-distributed system
Local Autonomy:
All operational controls and data maintenance are
controlled only by that site.
Kyanganda S.
90
Dates Rules
No Reliance On A Central Site:
This follows on from the first objective and is selfexplanatory
Continuous Operation:
A distributed approach leads to greater reliability
and availability. The database should still be able to
function, even if one of its sites is unavailable.
Kyanganda S.
91
Dates Rules
Distributed Transaction Management:
Transaction processing is the key to the successful
usage of distributed databases.
Must cater for two core aspects of transaction
management i.e. recovery control and
concurrency.
Location Independence
Otherwise known as Transparency.
Kyanganda S.
92
Dates Rules
Fragmentation Independence:
Horizontal Partitioning: different rows from the
same table are stored at different sites.
Vertical Partitioning: different columns from the
same table are maintained at different sites.
Replication Independence:
Replication occurs when a stored relation can be
represented by many distinct copies (replicas), stored at
many sites. As with fragmentation, users must not be aware
that the data is replicated.
Kyanganda S.
93
Dates Rules
Distributed Query Processing:
Queries may retrieve information from several
sites. Therefore distributed queries must be
optimised.
Kyanganda S.
94
Dates Rules
Hardware Independence:
Network Independence:
Support for a disparate variety of communication
networks.
DBMS Independence:
Kyanganda S.
95
Distributed Databases
ADVANTAGES
Increased reliability and availability
Encourages local ownership of data
Modular growth
Lower communication costs
Faster response
Kyanganda S.
96
Distributed Databases
DISADVANTAGES
Software complexity and cost
Processing overhead
Data integrity
Slow response
Kyanganda S.
97
Distributed Databases
HOW SHOULD A DATABASE BE
DISTRIBUTED ?
98
Data Replication
Kyanganda S.
99
Data Replication
Advantages
Advantages
Reliability - If one site fails another copy of the
data can be found at a second site.
Fast response - Each site has a full copy of the
data therefore queries can be processed locally.
Kyanganda S.
100
Distributed databases
Horizontal Partitioning:
The base table is split horizontally into several
different tables at different sites.
Selected rows from a table are put into tables at
different sites.
Kyanganda S.
101
Distributed databases
Advantages
Efficiency - Data items are stored where they are
most often used away from other applications.
Optimisation - Data optimised for local use
Security - Only relevant data is available
Kyanganda S.
102
Distributed databases
Disadvantages
Inconsistent access speed - When data from
several different partitions are required, access
speed can vary significantly.
Backup vulnerability
Kyanganda S.
103
Distributed databases
Vertical PARTITIONING
Some of the columns in a table are projected into
a table at one of the sites and other columns are
projected into a table at another site.The same
advantages and disadvantages of horizontal
partitioning apply.
Kyanganda S.
104
Distributed databases
Combinations
To complicate matters even further it is possible
to have a strategy which is a combination of all
the above. Some data stored centrally, some
distributed both horizontally and vertically. It
could be a real challenge (or a nightmare).
Kyanganda S.
105
Distributed databases
DISTRIBUTED DBMS
Determine the location from which data is to be
retrieved.
Translate requests from different nodes.
Provide functions such as security, recovery,
concurrency and optimisation.
Kyanganda S.
106
Distributed databases
DISTRIBUTED DBMS
IT SHOULD ALSO OFFER:
Location transparency
Replication transparency
Failure transparency
Concurrency transparency
Commit protocol
Kyanganda S.
107
Further Reading
Distributed Databases
Connolly and Begg, chapter 22
Web Databases
Connolly and Begg, chapter 29
Sections 29.1 to 29.3
Kyanganda S.
108