database security, integrity and recovery

University of Sunderland CIFM06 DB Systems Development Session 7

Database Security, Integrityand Recovery


Database Security Database Security and Integrityand Integrity

• Definitions

• Threats to security

• Threats to integrity

• Resolution of Problems


Database SecurityDatabase SecuritySECURITY

• Protecting the database from unauthorised users

• Ensures that users are allowed to do the things they are trying to do


Database SecurityDatabase SecurityINTEGRITY

• Protecting the database from authorised users

• Ensures that what users are trying to do is correct


Database SecurityDatabase SecurityTYPES OF SYSTEM FAILURES

1.HARDWAREDISK , CPU , NETWORK

2.SOFTWARESYSTEM, DATABASE, PROGRAM


Database SecurityDatabase Security• Important security features include:

– Views– Authorisation & controls– User defined procedures– Encryption procedures


Authorisation RulesAuthorisation Rules

An example: a person who can supply a particular password may be authorised to read any record, but cannot modify any of those records.

Authorisation Table for subjects i.e. Salesperson

Customer Records

Order Records

Read Y Y

Insert Y Y

Modify Y N

Delete N N


Authorisation RulesAuthorisation Rules

Authorisation Table for Objects i.e. Order Records

Salesperson Order Entry Accounting

Password (Batman) (Joker) (Julie)

Read Y Y Y

Insert N Y N

Modify N Y Y

Delete N N Y


Database IntegrityDatabase Integrity• CONSTRAINTS

Can be classed in 3 different ways:

1. Business constraints

2. Entity constraints

3. Referential constraints


Database IntegrityDatabase Integrity• BUSINESS CONSTRAINTS

A value in one column may be constrained by value of another or by some calculation

or formulae.


Database IntegrityDatabase Integrity

• ENTITY CONSTRAINTS

Individual columns of a table may be constrained e.g. not null

• REFERENTIAL CONSTRAINTS

Some times referred to as key constraints, e.g.

Table 2 depends on Table 1


Database IntegrityDatabase Integritycreate table account_dets

(acc_id char(6) primary key,

acc_custid char(6) references customer(cust_id),

acc_odraft number(4) check (acc_odraft <= 200),

acc_type char(2) constraint type_chk

check (acc_type in (‘AB’, ‘CD’, ‘EF’)),

acc_crtdate date not null);



• BENEFITS OF USING CONSTRAINTS– Guaranteed integrity and consistency

– Defined as part of table definition– Applies across all applications– Cannot be circumvented– Application development productivity– Requires no special programming– Easy to specify and maintain(reduced coding)– Defined once only


Database IntegrityDatabase IntegrityCONCURRENCY CONTROL

• WHAT IS IT?

The co-ordination of simultaneous requests, for the same data, from multiple users



CONCURRENCY CONTROL

• WHY IS IT IMPORTANT?

Simultaneous execution of transactions over a shared database may create several data integrity and consistency problems


Database IntegrityDatabase IntegrityJanet Time John

1. Read balance (£1000)

1. Read Balance (£1000)

2. Withdraw £200 (£800)

Balance £800 2. Withdraw £300 (£700)

3. Write balance

Balance £800 3. Write Balance

Balance £700

ERROR


Database IntegrityDatabase IntegrityThe three main integrity problems are:

– Lost updates– Uncommitted data– Inconsistent retrievals


Database IntegrityDatabase Integrity• LOCKING

Two kinds of Locks:

1. Shared Locks (allows read only access)

2. Exclusive Locks (prevents reading of a

record)



Time

User 1 User2

1. Lock record X

1. Lock record Y

2. Request record Y

2. Request Record X

(Wait for Y) (Wait for X)

DEADLOCK


Database RecoveryDatabase Recovery

• The process of restoring the database to a correct state in the event of a failure, e.g.– System Crashes– Media Failures– Application Software Errors– Natural Physical Disasters– Carelessness– Sabotage


Basic Recovery Facilities

• Backup Facilities

• Journaling Facilities

• Checkpoint facilities

• Recovery Facilities

Database RecoveryDatabase Recovery


TransactionsTransactions

• Basic unit of recovery• Properties of Transaction

– Atomicity– Consistency– Isolation– Durability

• Purpose of recovery manager is to enforce Atomicity and Durability


Staff Salary Staff Salary Update ExampleUpdate Example

Read Operations:• Find address of the disk block that contains record with primary

key x• transfer block into a DB buffer in main memory• copy salary data from DB buffer into variable salary

Write Operations:• as steps 1 & 2 above• copy salary data from variable salary into the DB buffer• write DB buffer back to disk


Storing DataStoring Data

Database

Buffer

Main Memory

Secondary Storage Commit

Buffer contents flushed to secondary storage ‘ permanent’

buffer full


Database(State 1)

Database(State 2)

Database(State 3)

Database(State 4)

Update Trans1 Update Trans2 Update Trans3

Database(State 2)

DatabaseBackup

Database Update Database Update ProceduresProcedures


• DBMS provides a mechanism for taking backup copies of the database and log file at regular intervals.– A dump or copy or backup file contains all or

part of the database– backups taken without having to stop the

system

Back-up FacilitiesBack-up Facilities


REDO LOGS

This is the main logging file. The file contains two different types of logging records.

– AFTER IMAGES

– BEFORE IMAGES

Journal FacilitiesJournal Facilities


REDO LOGS - AFTER IMAGES After any column of any row on any table in

the database is changed, then the new values are not only written to the database but also to the redo log. The complete row is written to the log. If a row is deleted then notification is also put on to the redo log. After images are used in roll forward recovery.



REDO LOGS - BEFORE IMAGES Before a row is updated the data is copied to

the redo log. It is not a simple copy from the database because a separate area of the database maintains the immediate pre-update version of each row updated in the database. The extra area is called the ROLLBACK SEGMENT. The redo log takes before image copies from the rollback segment in the database.



Sample Log FileSample Log File

Tid Time Operation Object Before Image

After Image

pPtr nPtr

T1 10:12 START 0 2

T1 10:13 UPDATE TENANT NO21

(old value) (new value) 1 8

T2 10:14 START 0 4

T2 10:16 INSERT TENANT NO37

(new value) 3 5

T2 10:17 DELETE TENANT NO9

(old value) 4 6

T2 10:17 UPDATE PROPERTY PG16

(old value) (new value) 5 9

T1 10:18 COMMIT 2 0

10:19 CHECKPOINT T2


• Duplicate Databases

• Rollback Recovery

• Rollforward Recovery

• Reprocessing Transactions

Types of RecoveryTypes of Recovery


• Requires 2 copies of the database

Advantages

• Fast Recovery (seconds)

• Good for disk failures

Disadvantages

• No protection against power failure

• Expensive

Duplicate DatabasesDuplicate Databases


• Changes made to the database are undone

• (Backward Recovery ) • Rollback enables the updating to be

undone to a predetermined point in the database processing that provides a consistent database state.

Rollback RecoveryRollback Recovery


Database(State 1)

Database(State 2)

Database(State 3)

Database(State 4)


Database(State 2)

DatabaseBackup



Database(with changes)

ROLLBACKDatabase(without changes)

Before Images

Rollback RecoveryRollback Recovery


• This recovery technique updates an out-of-date database up-to-the current processing position.

• If the data is inconsistent then the database may need to rollback to the previous consistent state.

Roll Forward RecoveryRoll Forward Recovery


Database(State 1)

Database(State 2)

Database(State 3)

Database(State 4)


Database(State 2)

DatabaseBackup



Database(withchanges)

ROLL FORWARD

Database(without changes)

After Images

Roll Forward RecoveryRoll Forward Recovery


• Similar to Forward Recovery

• Uses update transactions instead of after images

ADVANTAGES

– Simple

DISADVANTAGES

– Slow

Reprocessing Reprocessing TransactionsTransactions


Database(State 1)

Database(State 2)

Database(State 3)

Database(State 4)


Database(State 2)

DatabaseBackup



Problem Recovery Procedure

Storage MediumDestruction

*Duplicate DatabaseForward RecoveryReprocess Transactions

Transaction error orsystem failure

*Backward RecoveryForward Recovery or reprocesstransactions - bring forward tojust before termination

Incorrect Data *Backward RecoveryReprocess Transactions(exclusing those from the updatethat created incorrect data)

Database Recovery Database Recovery ProceduresProcedures


SummarySummary

• This lecture has looked at security and recovery procedures

• Ensuring that these two are administered correctly cuts out the majority of problems with database administration


Further ReadingFurther Reading

• Security– Connolly & Begg, chapter 19

• Concurrency Control– Connolly & Begg, chapter 20?

• Integrity and Recovery– Connolly & Begg, chapters 18 and 19?

• Next session– Advanced Relational Theory

database security, integrity and recovery

Documents

y y insert y y

database security security

database security integrity

database integrity constraints

records y n n

database fromunauthorisedusers

database fromauthorisedusers

salesperson n n