Академический Документы
Профессиональный Документы
Культура Документы
SUSAN MAHAKATA
R0434545
PATRICK MAPURANGA R0538687
NDAIZIVEI KANGAMBEU R146884J
ACCESS CONTROLS
ACCESS CONTROLS
Access Controls: The security features that control how
users and systems communicate and interact with one
another.
Access: The flow of information between subject and
object
Subject: An active entity that requests access to an
object or the data in an object
Object: A passive entity that contains information
ACCESS CONTROLS
Choosing
Name
a security policy
Content
dependent control
Context
History
ACCESS CONTROLS
Choosing a security policy
Access Control Policies are used for securing databases. It ensures data confidentiality,
integrity and availability
There are two main access control policies - Mandatory Access Control Policy and
Discretionary Access Control Policy. In modern age new access control policy -Role
Base Access Controlis used. The RBCA is most popular access control model and has
been used in various applications e.g. in grid and multilevel databases Security
System.
ACCESS CONTROLS
Choosing a security policy
DISCRETIONARY ACCESS CONTROL POLICY
Discretionary protection policies govern the access of users to the
information on the basis of the users identity and authorizations. These
authorizations are also known as rules. These rules specify the access
modes, for each user (or group of users) and each object in the system.
Can be referred as a means of restricting access to objects based on the
identity of subjects and/or groups to which they belong. This policy places
the decision of who can access information at the discretion of the
information creator i.e. owner of data or database administrator.
Security policy implementation is based on granting and revoking
privileges. Access is granted or denied based on the identification of the
user
ACCESS CONTROLS
Choosing a security policy
Mandatory Access Control (MAC)
constrains the ability of a subject (i.e. user) to access or generally perform some sort of
operation on an object. MAC policy requires all users to follow the rules of access set
up by the Database Administrator (DBA). This policy needs objects (e.g. Database) to
be classified and subjects (e.g. Users, Process) to be cleared.
Access control is based on the two principles, No read-up and No Write-down. This
prevents information in a sensitive object from flowing, through either read or write
operations, into objects at lower or incomparable access classes
ACCESS CONTROLS
Choosing a security policy
Role-based policies
Regulate users access to the information on the basis of the activities the users execute in
the system i.e. RBAC models are based on the notion of role.
A Role represents a specific function within an organization and can be seen as a set of
actions or responsibilities associated with this function.
Under an RBAC model, all authorizations needed to perform a certain activity are granted to
the role associated with that activity, rather than being granted directly to users. Users are
then made members of roles, thereby acquiring the roles authorizations.
Thus user access to objects is mediated by roles; each user is authorized to play certain roles
and, on the basis of these roles, a user can perform accesses to the objects
ACCESS CONTROLS
Access Control Techniques
There
ACCESS CONTROLS
Access Control Techniques
Access to an
object is determined by the content within the object.eg you can only see salaries
less than 50K, or you can only see salaries of employees who report to
you
access is decided
based not only on the current request, but also on the previous history of accesses to
some entity or service.
ACCESS CONTROLS
Access Control Techniques
Concurrency Controls
Problem Of deadlock
Solutions to deadlock
Preventing Deadlock
Starvation is possible.
Problem Of deadlock
A set of blocked processes each holding a resource and waiting to acquire a resource
held by another process in the set
Example
Example
wait (A);
wait (B);
P1
wait(B)
wait(A)
System Model
Resource-Allocation Graph
A set of vertices V and a set of edges E.
Process
Pi requests instance of Rj
Pi
Rj
Pi is holding an instance of Rj
Pi
Rj
Basic Facts
Ignore the problem and pretend that deadlocks never occur in the
system; used by most operating systems, including UNIX.
Deadlock Prevention
Restrain the ways request can be made.
No Preemption
Deadlock Avoidance
Requires that the system has some additional a priori information
available.
Safe State
Sequence <P1, P2, , Pn> is safe if for each Pi, the resources
that Pi can still request can be satisfied by currently available
resources + resources held by all the Pj, with j<I.
If Pi resource needs are not immediately available, then Pi can wait
until all Pj have finished.
When Pj is finished, Pi can obtain needed resources, execute, return
allocated resources, and terminate.
When Pi terminates, Pi+1 can obtain its needed resources, and so on.
Basic Facts
Rollback return to some safe state, restart process for that state.
EXISTENCE CONTROLS
Grandfather
;father ;son
Dual Recording
Dumping
Logging
Residual Dumping
Differential Files
EXISTENCE CONTROLS
Backup
The process of periodically taking a copy of the database and log file (and possibly
programs) on to offline storage media.
A DBMS should provide backup facilities to assist with the recovery of a database
following failure.
It is always advisable to make backup copies of the database and log file at regular
intervals and to ensure that the copies are in a secure location. In the event of a
failure that renders the database unusable, the backup copy and the details
captured in the log file are used to restore the database to the latest possible
consistent state
EXISTENCE CONTROLS
Backup Types
Complete (Full)
copy all database and related files
delete the archive log files
Cumulative (Differential)
copy blocks that have changed since last full backup or
copy all archive log files generated since last full backup
Incremental
copy blocks that have change since the last partial backup
copy all log files generated since last partial backup
Complete (Copy)
copy all target data
Dont include the set in backup set logic
or
EXISTENCE CONTROLS
Backup Strategies
There are several algorithms that might be used to schedule full and partial
backups.
The choice of algorithm plays a large role in the size of the restore window
(how long is data available from a backup tape).
Volume/Calendar Backup
Grandfather/Father/Son Backup
Tower of Hanoi Backup
EXISTENCE CONTROLS
Grandfather/father/son
To maintain a one-month archive, the monthly full backup tape should be placed in
storage.
Each weekly full backup should be placed in storage.
The second monthly full backup, should use new media.
When the third monthly backup is due, the first months full backup media should be
reused. The weekly backups are archived in a similar manner.
This scheme requires two sets of monthly backup media, five sets of weekly backup
media, and six sets of daily backup media.
A total of 13 sets of media are required to implement this strategy with a one-month
archive of information.
To recover from complete data loss, first restore the most recent level 0 backup tape.
Next, restore from the most recent of the level 3 backups, if that backup was written after
the level 0 backup.
When the level 3 backup has been restored, the operator would restore from each of the
level 5 backups written after the level 3 backup.
EXISTENCE CONTROLS
Logging
The process of keeping and maintaining a log file (or journal) of all changes made to the
database to enable recovery to be undertaken effectively in the event of a failure
(Captures all database transactions (changes) in order to roll a database forward after a
tape recovery)
EXISTENCE CONTROLS
Residual Dumping
Dumping of only those records that have changed periodically.
Recovery Process: The particular record that has changed is
kept in duplication AND ONE can identify the last change by
a record identifier and the time factor attached to the record.
Since the logging operation of a residual dump is spread out
some book keeping is required so that the recovery process
knows how far to go back to obtain a complete copy of the
database.
EXISTENCE CONTROLS
Dumping
EXISTENCE CONTROLS
Differential backup
Differential
Differential
Differential
DATABSE CONTROLS
THE END