Академический Документы
Профессиональный Документы
Культура Документы
Joel Mtebe
Motivation
A database system like any computer system is subject to various types of failures. The database system must ensure the ACID properties (specifically durability and atomicity) in the possible presence of failures. We will categorize the various types of failures, and review algorithms for recovering from failures. The process of restoring the database to a consistent state after a failure is called recovery, and is performed by the recovery system.
Classification
According to the type of a failure, recovery procedures classify to:
Recovery from a catastrophic (like disk crash) failure, and Recovery from a non catastrophic failure
Recovery from catastrophic failure is based on restoring a database back_up copy by redoing operations of committed transactions (stored in an archived log file) up to the time of the failure
Non-Catastrophic Failures
A computer failure (system crush):
A hardware failure, A software failure, A network failure
A transaction error:
Integer overflow, Division by zero, Logical error, User interruption, Exception condition
Classification (continued)
If a database becomes inconsistent due to a non catastrophic failure, the strategy is to reverse only those changes that made database inconsistent It is accomplished by undoing (and sometimes also redoing) some operations. An in memory log file is used here From now on we consider only recovery from non disk crash failures (we suppose data on disk are safe) The recovery from non catastrophic failures can be based on many algorithms, as: Deferred update, Immediate update, and Shadow paging (not considered)
Example:
If the system crashes before a fund transfer transaction completes its execution, then either one or both accounts may have incorrect value. Thus, the database must be restored to the state before the transaction modified any of the accounts.
Types of Failure
The database may become unavailable due to
Transaction failure: Transactions may fail because of incorrect input, deadlock, incorrect synchronization. System failure: System may fail because of addressing error, application error, operating system fault, RAM failure, etc. Media failure: Disk head crash, power disruption, etc.
Software Failures:
System crash: A failure causes the system to crash, but non-volatile storage contents are not corrupted. Examples: software design errors, bugs, buffer/stack overflows
Hardware Failures:
Disk failure: A head crash destroys all or part of disk storage. Examples: overutilization/overloading (used beyond its design), wearout failure, poor manufacturing
Recovery Techniques
Deferred update techniques
Database is not modified until after the transaction reaches its commit point.
Transaction Log
Recovery from failures, may require
data values prior to modification: BFIM - BeFore Image new value after modification: AFIM AFter Image
These values and other information are stored in a sequential file called Transaction log. Sample log data:
T ID Back P Next P Operation Data item Begin T1 0 1 T1 1 4 Write X Begin T2 0 8 T1 2 5 W Y T1 4 7 R M T3 0 9 R N T1 5 nil End BFIM X = 100 AFIM X = 200
Database Security
By Chathuranga Chandrasekara & Buddhika Karunarathne
Introduction
Threats to Databases Threats & Security Goals Counter Measures
Access Control Inference Control Flow Control Encryption
Threats to Databases
What is a Threat ?
A set of circumstances that has the potential to cause loss, misuse ( modify, delete etc.) or harm your system or data.
Countermeasures
Access Control Inference Control Flow Control Encryption
Access Control
Restricting access to the Database system as a Whole.
1. 2. Discretionary Access Control Mandatory Access Control
Cargo
Contents
Classification
A
B C
Uniforms, Boots
Claymores Atomic Bomb
Unclassified
Confidential Top Secret
Chocolates, Butter
Unclassified
DAC Vs MAC
DAC
Higher Flexibility Vulnerable to Malicious Attacks
MAC
Higher Degree of Protection Requires a Rigid Classification
A Weakness in DAC
System (System, user1, SELECT ON EMPLOYEE WITH GRANT OPTION) user1 user2 Granted Privilege
user3
user4
Revoked Privilege
Countermeasures
Access Control Inference Control Flow Control Encryption By Buddhika Karunarathne
Implimenting Security
Legal & Ethical Issues. Policy Issues at the Governmental, Institutional or Corporate Level. System related issues Whether a security function should be handled as Hardware Level, OS Level, DBMS Level etc. The need in some organizations to identify multiple Security Levels
Inference Control
The security problem associated with databases is that of controlling the access to a statistical database The countermeasures to statistical database security problem is called inference control measures.
Statistical Databases?
Statistical databases are used to produce statistics on various populations. Features are: individual information is considered confidential. users may allow to access statistical information on the population i.e., applying statistic functions to a population of tuples.
Information Flow
Information flows from X to Y if a process reads from X and writes to Y Copying is the canonical example of information flow Aggregation is a form of information flow
Flow Control
Unauthorized flows are regulated Exclusionary/closed All others are allowed Admissible flows are regulated Inclusionary/open All others are denied Least privilege
Data Encryption
data encryption, is used to protect sensitive data that is being transmitted via some type communication network. eg., such as credit card numbers Two main methods Public Encryption Key Digital Signature