ics 2415 adbs sess05 06 dbase security integrity and recovery
DESCRIPTION
GoodTRANSCRIPT
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database Security, Integrity
and Recovery
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database Security
and Integrity
Definitions
Threats to security
Threats to integrity
Resolution of Problems
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database Security
SECURITY Protecting the database from unauthorised users Ensures that users are allowed to do the things they
are trying to do
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database Security
INTEGRITY Protecting the database from authorised users Ensures that what users are trying to do is correct
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database Security
TYPES OF SYSTEM FAILURES
1.HARDWAREDISK , CPU , NETWORK
2. SOFTWARESYSTEM, DATABASE, PROGRAM
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database Security
Important security features include:
Views
Authorisation & controls
User defined procedures
Encryption procedures
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Authorisation Rules
An example: a person who can supply a particular password may be authorised to read any record, but cannot modify any of those records.
Authorisation Table for subjects i.e. Salesperson
Customer Records Order Records
Read Y YInsert Y Y
Modify Y NDelete N N
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Authorisation Rules
Authorisation Table for Objects i.e. Order Records
Salesperson Order Entry Accounting
Password (Batman) (Joker) (Julie)
Read Y Y Y
Insert N Y N
Modify N Y Y
Delete N N Y
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database Integrity
CONSTRAINTSCan be classed in 3 different ways:
1. Business constraints
2. Entity constraints
3. Referential constraints
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database Integrity
BUSINESS CONSTRAINTS
A value in one column may be constrained by value of another or by some calculation
or formulae.
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database Integrity
ENTITY CONSTRAINTSIndividual columns of a table may be constrained e.g. not null
REFERENTIAL CONSTRAINTSSome times referred to as key constraints, e.g.
Table 2 depends on Table 1
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database Integrity
create table account_dets(acc_id char(6) primary key,acc_custid char(6) references customer(cust_id),acc_odraft number(4) check (acc_odraft
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database Integrity
BENEFITS OF USING CONSTRAINTS Guaranteed integrity and consistency Defined as part of table definition
Applies across all applications
Cannot be circumvented
Application development productivity
Requires no special programming
Easy to specify and maintain(reduced coding)
Defined once only
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database Integrity
CONCURRENCY CONTROL WHAT IS IT?
The co-ordination of simultaneous requests, for the same data, from multiple users
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database Integrity
CONCURRENCY CONTROL WHY IS IT IMPORTANT?
Simultaneous execution of transactions over a shared database may create several data integrity and consistency problems
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database Integrity
Janet Time John
1. Read balance (1000)
1. Read Balance (1000)
2. Withdraw 200 (800)
Balance 800 2. Withdraw 300 (700)
3. Write balance
Balance 800 3. Write Balance
Balance 700
ERROR
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database Integrity
The three main integrity problems are:
Lost updates
Uncommitted data
Inconsistent retrievals
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database Integrity
LOCKING
Two kinds of Locks:
1. Shared Locks (allows read only access)
2. Exclusive Locks (prevents reading of a
record)
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database Integrity
Time
User 1 User2
1. Lock record X
1. Lock record Y
2. Request record Y
2. Request Record X
(Wait for Y) (Wait for X)
DEADLOCK
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database Recovery
The process of restoring the database to a correct state in the event of a failure, e.g. System Crashes
Media Failures
Application Software Errors
Natural Physical Disasters
Carelessness
Sabotage
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Basic Recovery Facilities Backup Facilities
Journaling Facilities
Checkpoint facilities
Recovery Facilities
Database Recovery
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Transactions
Basic unit of recovery Properties of Transaction (ACID)
Atomicity Consistency Isolation Durability
Purpose of recovery manager is to enforce Atomicity and Durability
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Staff Salary
Update Example
Read Operations: Find address of the disk block that contains record with primary key x transfer block into a DB buffer in main memory
copy salary data from DB buffer into variable salary
Write Operations: as steps 1 & 2 above
copy salary data from variable salary into the DB buffer write DB buffer back to disk
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Storing Data
Database
Buffer
Main Memory
SecondaryStorage Commit
Buffer contents flushed to secondary storage permanent
buffer full
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database(State 1)
Database(State 2)
Database(State 3)
Database(State 4)
Update Trans1 Update Trans2 Update Trans3
Database(State 2)
DatabaseBackup
Database Update Procedures
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
DBMS provides a mechanism for taking backup copies of the database and log file at regular intervals.
A dump or copy or backup file contains all or part of the database
backups taken without having to stop the system
Back-up Facilities
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
REDO LOGSThis is the main logging file. The file contains two different types of logging records. AFTER IMAGES
BEFORE IMAGES
Journal Facilities
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
REDO LOGS - AFTER IMAGESAfter any column of any row on any table in the database is changed, then the new values are not only written to the database but also to the redo log. The complete row is written to the log. If a row is deleted then notification is also put on to the redo log. After images are used in roll forward recovery.
Journal Facilities
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
REDO LOGS - BEFORE IMAGESBefore a row is updated the data is copied to the redo log. It is not a simple copy from the database because a separate area of the database maintains the immediate pre-update version of each row updated in the database. The extra area is called the ROLLBACK SEGMENT. The redo log takes before image copies from the rollback segment in the database.
Journal Facilities
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Sample Log File
Tid Time Operation Object Before
Image
After
Image
pPtr nPtr
T1 10:12 START 0 2
T1 10:13 UPDATE TENANT
NO21
(old value) (new value) 1 8
T2 10:14 START 0 4
T2 10:16 INSERT TENANT
NO37
(new value) 3 5
T2 10:17 DELETE TENANT
NO9
(old value) 4 6
T2 10:17 UPDATE PROPERTY
PG16
(old value) (new value) 5 9
T1 10:18 COMMIT 2 0
10:19 CHECKPOINT T2
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Duplicate Databases
Rollback Recovery
Rollforward Recovery
Reprocessing Transactions
Types of Recovery
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Requires 2 copies of the databaseAdvantages
Fast Recovery (seconds)
Good for disk failuresDisadvantages
No protection against power failure
Expensive
Duplicate Databases
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Changes made to the database are undone
(Backward Recovery )
Rollback enables the updating to be undone to a predetermined point in the database processing that provides a consistent database state.
Rollback Recovery
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database(State 1)
Database(State 2)
Database(State 3)
Database(State 4)
Update Trans1 Update Trans2 Update Trans3
Database(State 2)
DatabaseBackup
Database Update Procedures
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database
(with
changes)
ROLLBACKDatabase
(without
changes)
Before
Images
Rollback Recovery
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
This recovery technique updates an out-of-date database up-to-the current processing position.
If the data is inconsistent then the database may need to rollback to the previous consistent state.
Roll Forward Recovery
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database(State 1)
Database(State 2)
Database(State 3)
Database(State 4)
Update Trans1 Update Trans2 Update Trans3
Database(State 2)
DatabaseBackup
Database Update Procedures
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database(withchanges)
ROLL FORWARD
Database(without changes)
After Images
Roll Forward Recovery
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Similar to Forward Recovery
Uses update transactions instead of after images
ADVANTAGES Simple
DISADVANTAGES Slow
Reprocessing Transactions
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Database(State 1)
Database(State 2)
Database(State 3)
Database(State 4)
Update Trans1 Update Trans2 Update Trans3
Database(State 2)
DatabaseBackup
Database Update Procedures
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Problem Recovery Procedure
Storage Medium
Destruction
*Duplicate Database
Forward Recovery
Reprocess Transactions
Transaction error or
system failure
*Backward Recovery
Forward Recovery or reprocess
transactions - bring forward to
just before termination
Incorrect Data *Backward Recovery
Reprocess Transactions
(exclusing those from the update
that created incorrect data)
Database Recovery Procedures
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Summary
This lecture has looked at security and recovery procedures
Ensuring that these two are administered correctly cuts out the majority of problems with database administration
-
Kyanganda S. ICS 2415 Advanced Dbase Systems
Further Reading
SecurityConnolly & Begg, chapter 19
Concurrency ControlConnolly & Begg, chapter 20?
Integrity and RecoveryConnolly & Begg, chapters 18 and 19?
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 44
Advanced Database Security
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 45
Contents
Definitions Countermeasures Security Controls Data Protection and Privacy Statistical Databases Web Database Security Issues and Solutions SQL Injection
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 46
Database Security Definition
Definition (revisited): The protection of the database against intentional or
unintentional threats using computer-based or non-computer-based controls
Areas in which to reduce risk: theft and fraud
loss of confidentiality
loss of privacy
loss of integrity
loss of availability
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 47
Countermeasures
Ways to reduce risk
Include Computer Based Controls
Non-computer Based Controls
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 48
Computer Based Controls
Security of a DBMS is only as good as the OS
Computer based Security controls available: authorization and authentication
views
backup and recovery
Integrity
Encryption within database and data transport
RAID for fault tolerance
associated procedures e.g. backup, auditing, testing, upgrading, virus checking
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 49
Non-computer based Controls
Include: Security policy and contingency plan
personnel controls
secure positioning of equipment
escrow agreements
maintenance agreements
physical access controls Both internal and external
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 50
Data Security
Two (original) broad approaches to data security: Discretionary access control
a given user has different access rights (privileges) on different objects
flexible, but limited to which rights users can have on an object
privileges can be passed on at users discretion
Mandatory access control each data object is labelled with a certain classification level
each user is given a certain clearance level
rigid, hierarchic
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 51
Role Based Access Control
A specific function within an organisation
Authorizations are granted to the roles Instead of users
Users are made members of roles
Privileges can not be passed on to other users
Simplifies authorization management
Supported in SQL
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 52
System R Authorization Model
One of the first authorization model for RDBMS As part of System R RDBMS
Based on concept of Protection Objects Tables and views
Access modes SELECT
INSERT
DELETE
UPDATE
Not all applicable for views
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 53
System R Authorization Model
Users can give access to other users through use of GRANT and REVOKE
Removing REVOKE is recursive
System R has a closed world policy If no authorization then access is denied
However authorization can be granted later
Negative authorization Denials are expressed Denials take precedence
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 54
SQL Facilities
SQL supports discretionary access control using view mechanism and authorization system
e.g. CREATE VIEW S_NINE_TO_FIVE ASSELECT S.S#, S.SNAME, S.STATUS, S.CITYFROM SWHERE to_char(SYSDATE, 'HH24:MI:SS) >= 09:00:00AND to_char(SYSDATE, 'HH24:MI:SS)
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 55
Oracle Virtual Private Databases
Fine-grained access control based on tuple-level access
Uses dynamic query modification
Users are given a specific policy The policy returns a specific WHERE clause in the query
depending on the policy SELECT * FROM prop_for_rent
Becomes SELECT * FROM prop_for_rent WHERE prop_type = F
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 56
Data Protection and Privacy
Privacy concerns the right of an individual not to have personal
information collected, stored and disclosed either willfully or indiscriminately
Data Protection Act the protection of personal data from unlawful
acquisition, storage and disclosure, and the provision of the necessary safeguards to avoid the destruction or corruption of the legitimate data held
New Freedom of Information Act
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 57
Statistical Databases
A database that permits queries that derive aggregated information (e.g. sums, averages) but not queries that derive individual information
Tracking possible to make inferences from legal queries to
deduce answers to illegal ones SELECT COUNT(*) FROM STATS X WHERE X.SEX=M AND
X.OCCUPATION = Programmer)
SELECT SUM(X.SALARY) FROM STATS X WHERE X.SEX=M AND X.OCCUPATION = Programmer)
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 58
Statistical Databases
Various strategies can be used to minimize problems prevent queries from operating on only a few
database entries
swap attribute values among tuples
randomly add in additional entries
use only a random sample
maintain history of query results and reject queries that use a high number of records identical to previous queries
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 59
Web Database Security Issues
Internet is an open network traffic can easily be monitored, e.g. credit card numbers
Challenge is to ensure that information conforms to: privacy, integrity, authenticity, non-fabrication, non-
repudiation
Information also needs protected on web server
Also need to protect from executable content
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 60
Web Database Security Solutions
Various methods can be used proxy servers
improve performance and filter requests
firewalls prevents unauthorised access to/from a private network
digital certificates electronic message attachments to verify that user is
authentic
Kerberos centralised security server for all data and resources on
network
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 61
Web Database Security Solutions
Secure Sockets Layer and Secure HTTP SSL - secure connection between client and server S-HTTP - individual messages transmitted securely
Secure Electronic Transactions certificates which splits transactions so that only relevant
information is provided to each user
Java - Java Virtual Machine (JVM) class loader - checks applications do not violate system
integrity by checking class hierarchies bytecode verifier - verify that code will not crash or violate
system integrity Active-X
uses digital signatures, user is responsible for security
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 62
SQL Injection
a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database1
Can chain SQL commands
Embed SQL commands in a string
Ability to execute arbitrary SQL queries
1 http://imperva.com/application_defense_center/glossary/sql_injection.html
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 63
SQL Injection: Example 1
Form asking for username and password Original Query:
SQLQuery = SELECT count(*) FROM users
WHERE username = + $usename +
AND password = + $password + ;
Specify username and password = OR 1 = 1
SELECT count(*) FROM users WHERE
username = OR 1 = 1 AND password = OR 1 = 1;
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 64
SQL Injection : Example 2
SQLQuery = SELECT * FROM staff WHERE staff_no =
+ $name + ;
Enter staff_no: 100 OR 1 = 1
Will give the query: SELECT * FROM staff WHERE staff_no = 100 OR 1
= 1;
Even worse: Enter staff_no: 100; DROP TABLE staff; SELECT * FROM sys.user_tables
Enter staff_no: 100 UNION SELECT SELECT Username, Password FROM Users
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 65
SQL Injection : Remedies
Can include:
Strip quotation marks and other spurious characters from strings
Use stored procedures
Limit field lengths or even dont allow text entries
Restrict UNION
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 66
Summary
Have looked at a number of issues and solutions for database security
e.g. access controls, SQL features, etc.
Web security is an important problem
Need to consider security of data transmission, the data server and the clients
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 67
Further Reading
Connolly and Begg, chapter 19
Date (7th edition), chapter 17
both Connolly and Date have general introductions to security concepts, with mention of some advanced features
Bertino and Sandhu: Database Security Concepts, Approaches and Challenges, IEEE Transactions on Dependable and Secure Computing, Vol. 2, No. 1, 2005
Oracle 8i Virtual Private Database White Paper: http://www.oracle.com/technology/deploy/security/oracle8i/pdf/vpd_wp6.pdf
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 68
Client/Server, Distributed and
Internet Databases
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 69
Client/Server Databases
Web Databases
Distributed Databases
Contents
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 70
In a file server client architecture each client must run a copy of the DBMS
A better solution is to have a central database server which performs all database commands sent to it from client PCs.
Application programs on each client PC can then concentrate on user interface functions.
Database recovery, security and concurrency control is managed centrally on the server.
Client/Server
Architecture
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 71
DATABASE SERVER
The SERVER portion of the client/server database system which provides processing and shared access functions.
Client/Server
Architecture
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 72
CLIENT Manages the user interface (controls the PC screen,
interprets data sent to it by the server and displays the results of database queries)
The client forms queries in a specified language (usually SQL) to retrieve data from the database. This query process is usually transparent to the user.
Client/Server
Architecture
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 73
CLIENT/SERVER ADVANTAGES Allows companies to harness the benefits of
microcomputer technology such as low cost.
Processing can be performed close to the source of the data - more speed.
Allows the use of GUI interfaces that are commonly available on PCs and workstations.
Paves the way for truly open systems.
Client/Server
Architecture
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 74
CLIENT/SERVER DESIGN ISSUES The server must be upgradeable to allow for the
growth in clients.
Gateway software is normally required for accessing databases held on a mainframe.
The server must have capabilities for backup, recovery, security and UPS.
Client/Server
Architecture
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 75
CLIENT/SERVER DESIGN ISSUES
Can be complex and so require specialised and expensive tools such as database servers and APIs.
A lack of comprehensive standards.
Front-end GUI software often requires expensive client workstations.
Client/Server
Architecture
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 76
Traditional Client-
Server Architecture
Traditional Database Systems are based on a two-tier client-server architecture
Fat clients
Client
Database
Server
User interface
Main business and data
processing logic
Server-side validation
Database access
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 77
Web Architecture
Need for enterprise scalability causes problems which can be solved by a three-tier architecture
Thin clients
Client
Database
Server
User interface
Server-side validation
Database access
Application
Server
Business logic
Data processing logic
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 78
Web as a Database
Platform Advantages
DBMS advantages
E.g. transactions, concurrency, synchronisation, security, integrity
Simplicity
HTML is a simple markup language, however with new scripting languages this simplicity is being lost
Platform independence
Web clients are mostly platform independent
Graphical User Interface
Users prefer a GUI to a text based application
Standardization
HTML is a de facto standard
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 79
Advantages (cont).
Cross-platform support Users on all types of computer can access a machine with a web browser
Transparent network access Access solely by URL
Scalable deployment Applications upgraded on server only
Innovation Organisations can provide new services and reach new customers
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 80
Web as a Database
Platform Disadvantages
Reliability Internet is a slow and unreliable communication medium No guarantee of delivery
Security Data accessible on web User authentication and secure data transmissions are critical
Cost A report from Forrester Research claims that maintaining a commercial web
site costs $200 to $3.4 million
Scalability Unreliable and potentially very large peak loads Needs highly scalable server architectures
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 81
Disadvantages (cont.)
Limited HTML Functionality Need to extend HTML with scripting languages Adds a performance overhead
Statelessness No concept of a database connection
Bandwidth Internet is slow! 1.5mbps compared to 10-100mbps
Performance Many scripting languages are interpreted languages
Immaturity of development tools This is improving!
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 82
Web Database
Approaches
Traditional web pages are normally static
To run queries, need to be able to produce dynamic HTML pages
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 83
Client Side vs.
Server Side
To access database and process information from the database, need executable content
Acts as a gateway between the Web and the database Server
This can run at either of two locations Client Side
Server Side
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 84
Web Database
Approaches
Approaches include: CGI - Common Gateway Interface HTTP Cookies - allows machine to store information,
e.g. user authentication JavaScript - code which runs on client machine PHP - Hypertext Preprocessor Active Server Pages - MS Access dynamic forms
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 85
Database Connectivity
Client Side, 2 approaches: Extend the browser using scripts, or add-ons or applets,
e.g. plug-ins, JavaScript, ActiveX, Java applets Link browser to other (external) applications, e.g. legacy systems
Server Side, 2 approaches: Embed scripts within web page source, e.g. PHP, Java servlets Create programs which are executed when accessed by client, e.g.
CGI
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 86
Client Side
Advantages Distribution of processing
Feedback speed
Web-page functionality
Disadvantages Platform/environment dependent
Security and integrity
Download time
Programming limitations
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 87
Server Side
Advantages Platform/browser independent
Security and integrity
Download time
Programming limitations direct access to database
Disadvantages Lack of debugging tools
Lack of direct control over user interface
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 88
DECENTRALIZED DATABASE stored on computers at multiple locations.
computers are not interconnected by a network.
users at the various sites cannot share data.
DISTRIBUTED DATABASE Spread physically across computers in multiple locations that
are connected by a data communications link.
Distributed Databases
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 89
Geographical Distribution: Several databases run under the control of different CPU's at a variety of different locations.
Platform Distribution: Databases exist on diverse hardware platforms, and are 'brought together' by the distributed database manager.
Architectural Distribution: Different database architectures exist together, e.g. an object-oriented database communicating with a relational database
Distribution Types
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 90
Distributed Database Requirements: For a distributed database to be as such, a
fundamental principle must be adhered to: To the user, a distributed database should look exactly like
a non-distributed system
Local Autonomy: All operational controls and data maintenance are
controlled only by that site.
Dates Rules
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 91
No Reliance On A Central Site: This follows on from the first objective and is self-
explanatory
Continuous Operation: A distributed approach leads to greater reliability
and availability. The database should still be able tofunction, even if one of its sites is unavailable.
Dates Rules
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 92
Distributed Transaction Management: Transaction processing is the key to the successful
usage of distributed databases.
Must cater for two core aspects of transaction management i.e. recovery control and concurrency.
Location Independence Otherwise known as Transparency.
Dates Rules
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 93
Fragmentation Independence: Horizontal Partitioning: different rows from the
same table are stored at different sites.
Vertical Partitioning: different columns from thesame table are maintained at different sites.
Replication Independence: Replication occurs when a stored relation can be
represented by many distinct copies (replicas), stored atmany sites. As with fragmentation, users must not be awarethat the data is replicated.
Dates Rules
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 94
Distributed Query Processing: Queries may retrieve information from several
sites. Therefore distributed queries must beoptimised.
Dates Rules
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 95
Hardware Independence: Presenting a 'single-image' system to the end user
regardless of platform.
Operating System Independence: Same as above, but based upon software.
Network Independence: Support for a disparate variety of communication
networks.
DBMS Independence: Achieving heterogeneity between different database
management systems via a common interface, i.e. The SQLlanguage.
Dates Rules
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 96
ADVANTAGES Increased reliability and availability
Encourages local ownership of data
Modular growth
Lower communication costs
Faster response
Distributed Databases
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 97
DISADVANTAGES Software complexity and cost
Processing overhead
Data integrity
Slow response
Distributed Databases
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 98
HOW SHOULD A DATABASE BE DISTRIBUTED ?
Four basic strategies1. Data replication
2. Horizontal partitioning
3. Vertical partitioning
4. Combinations of the above
Distributed Databases
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 99
Separate copy of the database stored at the different sites.
Preferred for systems where: Most transactions are read only
Data is relatively static, for example timetables or catalogues.
Data Replication
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 100
Advantages Reliability - If one site fails another copy of the data can be found at a second site.
Fast response - Each site has a full copy of the data therefore queries can be processed locally.
Data Replication
Advantages
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 101
Horizontal Partitioning: The base table is split horizontally into several different tables at different sites.
Selected rows from a table are put into tables at different sites.
Distributed databases
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 102
Advantages Efficiency - Data items are stored where they are most often used away from other applications.
Optimisation - Data optimised for local use
Security - Only relevant data is available
Distributed databases
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 103
Disadvantages Inconsistent access speed - When data from several different partitions are required, access speed can vary significantly.
Backup vulnerability
Distributed databases
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 104
Vertical PARTITIONING
Some of the columns in a table are projected into a table at one of the sites and other columns are projected into a table at another site.The same advantages and disadvantages of horizontal partitioning apply.
Distributed databases
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 105
Combinations
To complicate matters even further it is possible to have a strategy which is a combination of all the above. Some data stored centrally, some distributed both horizontally and vertically. It could be a real challenge (or a nightmare).
Distributed databases
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 106
DISTRIBUTED DBMS Determine the location from which data is to be
retrieved.
Translate requests from different nodes.
Provide functions such as security, recovery, concurrency and optimisation.
Distributed databases
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 107
DISTRIBUTED DBMSIT SHOULD ALSO OFFER:
Location transparency
Replication transparency
Failure transparency
Concurrency transparency
Commit protocol
Distributed databases
-
Kyanganda S. ICS 2415 Advanced Dbase Systems 108
Further Reading
Distributed Databases Connolly and Begg, chapter 22
Web Databases Connolly and Begg, chapter 29
Sections 29.1 to 29.3