DATABASE CONTROLS

SUSAN MAHAKATA
R0434545
PATRICK MAPURANGA R0538687
NDAIZIVEI KANGAMBEU R146884J

ACCESS CONTROLS

From (ISC)2 Candidate Information Bulletin:

Access control is the collection of mechanisms that
permits managers of a system to exercise a directing
or restraining influence over the behavior, use, and
content of a system. It permits management to
specify what users can do, which resources they can
access, and what operations they can perform on a
system.

ACCESS CONTROLS
Access Controls: The security features that control how
users and systems communicate and interact with one
another.
Access: The flow of information between subject and
object
Subject: An active entity that requests access to an
object or the data in an object
Object: A passive entity that contains information

ACCESS CONTROLS
Choosing
Name

a security policy

dependent access control policy

Content

dependent control

Context

dependent access control policy

History

dependent access control policy

ACCESS CONTROLS
Choosing a security policy

Database Security can be defined as protecting information against unauthorized

disclosure, alteration or destruction using hardware or software techniques

Access Control Policies are used for securing databases. It ensures data confidentiality,
integrity and availability

Different policies can be combined to provide a more suitable protection to database

system

There are two main access control policies - Mandatory Access Control Policy and
Discretionary Access Control Policy. In modern age new access control policy -Role
Base Access Controlis used. The RBCA is most popular access control model and has
been used in various applications e.g. in grid and multilevel databases Security
System.

ACCESS CONTROLS
Choosing a security policy
DISCRETIONARY ACCESS CONTROL POLICY
Discretionary protection policies govern the access of users to the
information on the basis of the users identity and authorizations. These
authorizations are also known as rules. These rules specify the access
modes, for each user (or group of users) and each object in the system.
Can be referred as a means of restricting access to objects based on the
identity of subjects and/or groups to which they belong. This policy places
the decision of who can access information at the discretion of the
information creator i.e. owner of data or database administrator.
Security policy implementation is based on granting and revoking
privileges. Access is granted or denied based on the identification of the
user

ACCESS CONTROLS
Choosing a security policy
Mandatory Access Control (MAC)

constrains the ability of a subject (i.e. user) to access or generally perform some sort of
operation on an object. MAC policy requires all users to follow the rules of access set
up by the Database Administrator (DBA). This policy needs objects (e.g. Database) to
be classified and subjects (e.g. Users, Process) to be cleared.

It restricts access to objects based on the sensitivity of the information. It also

provides an environment that restricts users to sharing information only within the
same project, department or organization.

Access control is based on the two principles, No read-up and No Write-down. This
prevents information in a sensitive object from flowing, through either read or write
operations, into objects at lower or incomparable access classes

ACCESS CONTROLS
Choosing a security policy
Role-based policies

Regulate users access to the information on the basis of the activities the users execute in
the system i.e. RBAC models are based on the notion of role.

A Role represents a specific function within an organization and can be seen as a set of
actions or responsibilities associated with this function.

Under an RBAC model, all authorizations needed to perform a certain activity are granted to
the role associated with that activity, rather than being granted directly to users. Users are
then made members of roles, thereby acquiring the roles authorizations.

Thus user access to objects is mediated by roles; each user is authorized to play certain roles
and, on the basis of these roles, a user can perform accesses to the objects

ACCESS CONTROLS
Access Control Techniques

There

are a number of different access controls and

technologies available to support the different models.
Name Dependent Access Control
History Dependent Access Control
Content Dependent Access Control
Context Dependent Access Control

ACCESS CONTROLS
Access Control Techniques

Content Dependent Access Control:

Access to an
object is determined by the content within the object.eg you can only see salaries
less than 50K, or you can only see salaries of employees who report to

you

History Dependent Access Control:

access is decided
based not only on the current request, but also on the previous history of accesses to
some entity or service.

ACCESS CONTROLS
Access Control Techniques

Context Based Access Control :

Makes access decision

based on the context of a collection of information rather than content within an
object.eg

salary information can be updated only at year end

the company's earnings report is confidential until announced at
the stockholders meeting
you cannot access classified information via a remote login

Concurrency Controls

Nature of a shared data resource

Problem Of deadlock

Sufficient Conditions for a deadlock

Solutions to deadlock

Preventing Deadlock

Shared Resource Example Of a Bridge

Traffic only in one direction.

Each section of a bridge can be viewed as a resource.

If a deadlock occurs, it can be resolved if one car backs up

(preempt resources and rollback).

Several cars may have to be backed up if a deadlock

occurs.

Starvation is possible.

Problem Of deadlock

A set of blocked processes each holding a resource and waiting to acquire a resource
held by another process in the set

Example

System has 2 disk drives

P1 and P2 each hold one disk drive and each needs another one

Example

semaphores A and B, initialized to 1

P0

wait (A);
wait (B);

P1

wait(B)
wait(A)

Sufficient Conditions for a Deadlock

Deadlock can arise if four conditions hold
simultaneously.

Mutual exclusion: only one process at a time can use a

resource.

Hold and wait: a process holding at least one resource is

waiting to acquire additional resources held by other
processes.

No preemption: a resource can be released only voluntarily

by the process holding it, after that process has completed its
task.

Circular wait: there exists a set {P0, P1, , P0} of waiting

processes such that P0 is waiting for a resource that is held
by P1, P1 is waiting for a resource that is held by
P2, , Pn1 is waiting for a resource that is held by
Pn, and P0 is waiting for a resource that is held by P0.

System Model

Resource types R1, R2, . . ., Rm

CPU cycles, memory space, I/O devices

Each resource type Ri has Wi instances.

Each process utilizes a resource as follows:

request
use
release

Resource-Allocation Graph
A set of vertices V and a set of edges E.

V is partitioned into two types:

P = {P1, P2, , Pn}, the set consisting of all the processes in

the system.
R = {R1, R2, , Rm}, the set consisting of all resource types in
the system.

request edge directed edge P1 Rj

assignment edge directed edge Rj Pi

Resource-Allocation Graph (Cont.)

Process

Resource Type with 4 instances

Pi requests instance of Rj

Pi
Rj

Pi is holding an instance of Rj

Pi
Rj

Example of a Resource Allocation Graph

Resource Allocation Graph With A Deadlock

Resource Allocation Graph With A Cycle But No Deadlock

Basic Facts

If graph contains no cycles no deadlock.

If graph contains a cycle

if only one instance per resource type, then deadlock.

if several instances per resource type, possibility of deadlock.

Methods for Handling Deadlocks

Ensure that the system will never enter a deadlock state.

Allow the system to enter a deadlock state and then recover.

Ignore the problem and pretend that deadlocks never occur in the
system; used by most operating systems, including UNIX.

Deadlock Prevention
Restrain the ways request can be made.

Mutual Exclusion not required for sharable

resources; must hold for nonsharable resources.

Hold and Wait must guarantee that whenever a

process requests a resource, it does not hold any other
resources.

Require process to request and be allocated all its resources

before it begins execution, or allow process to request
resources only when the process has none.
Low resource utilization; starvation possible.

Deadlock Prevention (Cont.)

No Preemption

If a process that is holding some resources requests another resource that

cannot be immediately allocated to it, then all resources currently being
held are released.
Preempted resources are added to the list of resources for which the
process is waiting.
Process will be restarted only when it can regain its old resources, as well
as the new ones that it is requesting.

Circular Wait impose a total ordering of all resource types, and

require that each process requests resources in an increasing order
of enumeration.

Deadlock Avoidance
Requires that the system has some additional a priori information
available.

Simplest and most useful (??) model requires that each

process declare the maximum number of resources of
each type that it may need.

Resource-allocation state is defined by the number of

available and allocated resources, and the maximum
demands of the processes.

The deadlock-avoidance algorithm dynamically

examines the resource-allocation state to ensure that
there can never be a circular-wait condition.

Safe State

When a process requests an available resource, system must

decide if immediate allocation leaves the system in a safe state.

System is in safe state if there exists a safe sequence of all

processes.

Sequence <P1, P2, , Pn> is safe if for each Pi, the resources
that Pi can still request can be satisfied by currently available
resources + resources held by all the Pj, with j<I.
If Pi resource needs are not immediately available, then Pi can wait
until all Pj have finished.
When Pj is finished, Pi can obtain needed resources, execute, return
allocated resources, and terminate.
When Pi terminates, Pi+1 can obtain its needed resources, and so on.

If a system is in safe state no deadlocks.

If a system is in unsafe state possibility of deadlock.

Avoidance ensure that a system will never enter an unsafe state.

Operating System Concepts

Basic Facts

Recovery from Deadlock: Process Termination

Abort all deadlocked processes.

Abort one process at a time until the deadlock cycle is eliminated.

In which order should we choose to abort?

Priority of the process.

How long process has computed, and how much longer to completion.
Resources the process has used.
Resources process needs to complete.
How many processes will need to be terminated.
Is process interactive or batch?

Recovery from Deadlock: Resource Preemption

Selecting a victim minimize cost.

Rollback return to some safe state, restart process for that state.

Starvation same process may always be picked as victim, include

number of rollback in cost factor.

Combined Approach to Deadlock Handling

Combine the three basic approaches

prevention
avoidance
detection

allowing the use of the optimal approach for each of resources in

the system.

Partition resources into hierarchically ordered classes.

EXISTENCE CONTROLS
Grandfather

;father ;son
Dual Recording
Dumping
Logging
Residual Dumping
Differential Files

EXISTENCE CONTROLS
Backup

The process of periodically taking a copy of the database and log file (and possibly
programs) on to offline storage media.

A DBMS should provide backup facilities to assist with the recovery of a database
following failure.

It is always advisable to make backup copies of the database and log file at regular
intervals and to ensure that the copies are in a secure location. In the event of a
failure that renders the database unusable, the backup copy and the details
captured in the log file are used to restore the database to the latest possible
consistent state

EXISTENCE CONTROLS
Backup Types

Complete (Full)
copy all database and related files
delete the archive log files

Cumulative (Differential)
copy blocks that have changed since last full backup or
copy all archive log files generated since last full backup

Incremental
copy blocks that have change since the last partial backup
copy all log files generated since last partial backup

Complete (Copy)
copy all target data
Dont include the set in backup set logic

or

EXISTENCE CONTROLS
Backup Strategies

There are several algorithms that might be used to schedule full and partial
backups.

The choice of algorithm dictates the amount of media required.

The choice of algorithm plays a large role in the size of the restore window
(how long is data available from a backup tape).

Some of the more popular algorithms are:

Volume/Calendar Backup
Grandfather/Father/Son Backup
Tower of Hanoi Backup

EXISTENCE CONTROLS

Grandfather/father/son
To maintain a one-month archive, the monthly full backup tape should be placed in
storage.
Each weekly full backup should be placed in storage.
The second monthly full backup, should use new media.
When the third monthly backup is due, the first months full backup media should be
reused. The weekly backups are archived in a similar manner.
This scheme requires two sets of monthly backup media, five sets of weekly backup
media, and six sets of daily backup media.
A total of 13 sets of media are required to implement this strategy with a one-month
archive of information.
To recover from complete data loss, first restore the most recent level 0 backup tape.
Next, restore from the most recent of the level 3 backups, if that backup was written after
the level 0 backup.
When the level 3 backup has been restored, the operator would restore from each of the
level 5 backups written after the level 3 backup.

EXISTENCE CONTROLS
Logging
The process of keeping and maintaining a log file (or journal) of all changes made to the
database to enable recovery to be undertaken effectively in the event of a failure
(Captures all database transactions (changes) in order to roll a database forward after a
tape recovery)

A DBMS should provide logging facilities, sometimes referred

to as journaling, which keep track of the current state of
transactions and database changes, to provide support for
recovery procedures. The advantage is that, in the event of a
failure, the database can be recovered to its last known
consistent state using a backup copy of the database and the
information contained in the log file. If no journaling is enabled
on a failed system, the only means of recovery is to restore

EXISTENCE CONTROLS
Residual Dumping
Dumping of only those records that have changed periodically.
Recovery Process: The particular record that has changed is
kept in duplication AND ONE can identify the last change by
a record identifier and the time factor attached to the record.
Since the logging operation of a residual dump is spread out
some book keeping is required so that the recovery process
knows how far to go back to obtain a complete copy of the
database.

EXISTENCE CONTROLS
Dumping

A database dump contains a record of the table structure

and/or the data from a database and is usually in the form of
a list of SQL statements. A database dump is most often used
for backing up a database so that its contents can be restored
in the event of data loss. Corrupted databases can often be
recovered by analysis of the dump.
in doing any sort of database dump, however, users will have
to think about compatible data formats, because an
inconsistent data type can lead to different kinds of problems

EXISTENCE CONTROLS
Differential backup
Differential

backup is called Intelligent backups because

only a small percentage of information on a computer changes
on a daily basis, running a full-sized backup every day can
result in wasted time and disk space.

Differential

and Incremental backups allow you to backup only

these changes in different ways; saving time, space and money.
Keep reading to learn more about Differential and
Incremental backups and why you should care about them.

Differential

backups: Differential backups are based on the

last full backup performed and backup all changes since the
last Full backup was performed.

DATABSE CONTROLS

THE END