managing multi-user databases (3)
DESCRIPTION
Managing Multi-User Databases (3). IS 240 – Database Management Lecture #20 2004-04-27 Prof. M. E. Kabay, PhD, CISSP Norwich University [email protected]. Topics. Fundamentals of Information Security Database Security Database Recovery Management Issues. Fundamentals of IA. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/1.jpg)
Managing Multi-User
Databases (3)IS 240 – Database Management
Lecture #20 2004-04-27Prof. M. E. Kabay, PhD, CISSP
Norwich University
![Page 2: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/2.jpg)
2 Copyright © 2004 M. E. Kabay. All rights reserved.
Topics
Fundamentals of Information SecurityDatabase SecurityDatabase RecoveryManagement Issues
![Page 3: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/3.jpg)
3 Copyright © 2004 M. E. Kabay. All rights reserved.
Fundamentals of IA
The Classic TriadConfidentialityIntegrityAvailability
The Parkerian HexadPossessionAuthenticityUtility
Information Assurance (IA)
![Page 4: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/4.jpg)
4 Copyright © 2004 M. E. Kabay. All rights reserved.
The Classic Triad
C
I A
![Page 5: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/5.jpg)
5 Copyright © 2004 M. E. Kabay. All rights reserved.
Confidentiality
Restricting access to dataProtecting against unauthorized disclosure of
existence of dataE.g., allowing industrial spy to deduce
nature of clientele by looking at directory names
Protecting against unauthorized disclosure of details of dataE.g., allowing 13-yr old girl to examine
HIV+ records in Florida clinic
C
![Page 6: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/6.jpg)
6 Copyright © 2004 M. E. Kabay. All rights reserved.
Integrity
Internal consistency, validity, fitness for useAvoiding physical corruption
E.g., database pointers trashed or data garbledAvoiding logical corruption
E.g., inconsistencies between order header total sale & sum of costs of details
C I
![Page 7: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/7.jpg)
7 Copyright © 2004 M. E. Kabay. All rights reserved.
Availability
Timely access to dataAvoid delays
E.g., prevent system crashes & arrange for recovery plans
Avoid inconvenienceE.g., prevent mislabeling of files
C I
A
![Page 8: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/8.jpg)
8 Copyright © 2004 M. E. Kabay. All rights reserved.
Problem: Missing Elements
Which principle of the C-I-A triad has been breached whenA child takes bank card with password in
envelope but does not open it?Someone sends threat to President using
your e-mail address but not your e-mail logon?
Someone converts all the salary figures in your database to Iraqi Dinars?
ANSWER: NONE OF THEM – THE TRIAD IS INSUFFICIENT TO DESCRIBE SECURITY BREACHES
![Page 9: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/9.jpg)
9 Copyright © 2004 M. E. Kabay. All rights reserved.
The Parkerian Hexad
Protect the 6 atomic elements of INFOSEC:
ConfidentialityPossession or control IntegrityAuthenticityAvailabilityUtility
![Page 10: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/10.jpg)
10 Copyright © 2004 M. E. Kabay. All rights reserved.
Why “Parkerian?”
Donn G. Parker
Recipient of Lifetime Achievement Award from NCSC in 1993
![Page 11: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/11.jpg)
11 Copyright © 2004 M. E. Kabay. All rights reserved.
Possession
Control over informationPreventing physical contact with data
E.g., case of thief who recorded ATM PINs by radio (but never looked at them)
Preventing copying or unauthorized use of intellectual propertyE.g., violations by software pirates
C P I
A
![Page 12: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/12.jpg)
12 Copyright © 2004 M. E. Kabay. All rights reserved.
Authenticity
Correspondence to intended meaningAvoiding nonsense
E.g., part number field actually contains cost
Avoiding fraudE.g., sender's name on e-mail is changed
to someone else's
C P A
Au Av
![Page 13: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/13.jpg)
13 Copyright © 2004 M. E. Kabay. All rights reserved.
Utility
Usefulness for specific purposesAvoid conversion to less useful form
E.g., replacing dollar amounts by foreign currency equivalent
Prevent impenetrable codingE.g., employee encrypts source code and
"forgets" decryption key
C P I
Au Av
U
![Page 14: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/14.jpg)
14 Copyright © 2004 M. E. Kabay. All rights reserved.
Functions of IA (1)
Avoidance: e.g., prevent vulnerabilities and exposures
Deterrence: make attack less likelyDetection: quickly spot attackPrevention: prevent exploitMitigation: reduce damageTransference: shift control for resolution
![Page 15: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/15.jpg)
15 Copyright © 2004 M. E. Kabay. All rights reserved.
Functions of IA (2)
Investigation: characterize incidentSanctions & rewards: punish guilty,
encourage effective respondersRecovery: immediate response, repairCorrection: never againEducation: advance knowledge and teach
others
![Page 16: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/16.jpg)
16 Copyright © 2004 M. E. Kabay. All rights reserved.
Information Assurance (IA)
Avoid
Deter
Detect
Prevent
Mitigate
Transfer
Investigate
Punish/reward
Recover
Correct
Educate
![Page 17: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/17.jpg)
17 Copyright © 2004 M. E. Kabay. All rights reserved.
Database Security
Processing Rights I&A Individuals & User GroupsApplication Security
![Page 18: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/18.jpg)
18 Copyright © 2004 M. E. Kabay. All rights reserved.
Processing Rights
Who gets to do what to which records?Different functions
Modify DB structureGrant rights to usersChange records
DeleteModify (change)Insert
See entire recordsSee selected fields
MORE POWER / DANGER
LESS POWER / DANGER
![Page 19: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/19.jpg)
19 Copyright © 2004 M. E. Kabay. All rights reserved.
I&A: Identification & Authentication
Each individual user has unique identifierUser ID for operating system logonUser ID for DBMS access
Connection between user ID and actual person is known as authentication based onWhat you knowWhat you haveWhat you areWhat you do
User IDs should never be shared
![Page 20: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/20.jpg)
20 Copyright © 2004 M. E. Kabay. All rights reserved.
Individuals & User Groups
Individual users may have specific rightsCall this authorization or privileges for specific
functions Can also define rights for groups of people (aka role-
based security)Call these user groups; e.g.,
Human resources clerks vs HR managersAccounting book-keepers vs Accounting
managersManagers for different departments
May define “public” or “visitor” group if necessaryProvide safe privileges for specific functionsE.g., lookups, interactions for requesting info,
subscribing to newsletter….
![Page 21: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/21.jpg)
21 Copyright © 2004 M. E. Kabay. All rights reserved.
Application Security
DBMS security may not suffice for specific applications
Business rules may be more complex than simply assigning privileges according to identity; e.g.,Some patient records may be accessible to
nurse or doctor only while they are treating a specific patient
Some financial information may be locked while SEC is performing an audit
Such requirements are programmed at the application level
![Page 22: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/22.jpg)
22 Copyright © 2004 M. E. Kabay. All rights reserved.
Topics
Database SecurityDatabase RecoveryManagement Issues
![Page 23: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/23.jpg)
23 Copyright © 2004 M. E. Kabay. All rights reserved.
Database Recovery
TransactionsApplication LoggingTransactions and Log FilesBackups & Log FilesRecovery from BackupsRecovery from Log Files
![Page 24: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/24.jpg)
24 Copyright © 2004 M. E. Kabay. All rights reserved.
Transactions
What are transactions?Why would we care if a transaction were
interrupted by a DBMS failure or a system failure?
![Page 25: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/25.jpg)
25 Copyright © 2004 M. E. Kabay. All rights reserved.
Application Logging
Benefits of loggingAudit trail for security / investigationsPerformance dataDebugging
What might a logging process write into the log file when a process is
Adding a record?
Changing a record?
Deleting a record?
![Page 26: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/26.jpg)
26 Copyright © 2004 M. E. Kabay. All rights reserved.
Transactions and Log Files
Why would it matter to anyone that a log file keep a distinction among different transactions?
How does a log file mark an atomic transaction?
![Page 27: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/27.jpg)
27 Copyright © 2004 M. E. Kabay. All rights reserved.
Backups & Log Files
Distinguish among the following types of backups:System vs applicationFull (everything)Differential (aka Partial) (everything changed
since last full) Incremental (everything changed since last
incremental)Delta (only changed data)Log files (only the information about the
changes)
![Page 28: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/28.jpg)
28 Copyright © 2004 M. E. Kabay. All rights reserved.
Backup Types
File SUN MON TUE WED THU FRI SAT
A
B
C
D
E
Backup Type SUN MON TUE WED THU FRI SAT
FULL ABCDE ABCDE ABCDE ABCDE ABCDE ABCDE ABCDE
DIFFERENTIAL A AB ABD ABCD ABCDE ABCDE
INCREMENTAL A B AD ABCD CDE ABC
DELTA (records) A' B' A'D' A'B'C'D' C'D'E' A'B'C'
![Page 29: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/29.jpg)
29 Copyright © 2004 M. E. Kabay. All rights reserved.
Recovery from Backups
Discuss how one would use each of the following types of backup in recovering from a system failureFullDifferentialIncrementalDelta
![Page 30: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/30.jpg)
30 Copyright © 2004 M. E. Kabay. All rights reserved.
Recovery from Log Files
Roll-backward recoveryUse log file to identify interrupted
(incomplete) transactions using checkpoints
How? ____________________________Remove all changes that are part of those
incomplete transactionsRoll-forward recovery
Start with valid backupUse log file to re-apply all completed
transactionsLeave out the incomplete transactions
Which kind is faster?_____________________
![Page 31: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/31.jpg)
31 Copyright © 2004 M. E. Kabay. All rights reserved.
Topics
Database SecurityDatabase RecoveryManagement Issues
![Page 32: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/32.jpg)
32 Copyright © 2004 M. E. Kabay. All rights reserved.
Management Issues
Performance Inflection pointsCapacityApplication Evolution
![Page 33: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/33.jpg)
33 Copyright © 2004 M. E. Kabay. All rights reserved.
Performance Management
Log files help DBAs monitor and improve application and system performanceIdentify application errors quicklyIdentify operators with high error ratesCalculate response times on different
serversCan monitor trends in
transaction volumesResponse times
Look for inflection points and study reasons
![Page 34: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/34.jpg)
34 Copyright © 2004 M. E. Kabay. All rights reserved.
Inflection Points
Watch for changes in slopeAlways find out why pattern has changed
Time
Re
so
urc
e ?
![Page 35: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/35.jpg)
35 Copyright © 2004 M. E. Kabay. All rights reserved.
Capacity
Same reasoning: look for trends in disk space usage
Identify which applications are growing fastest
Project when you will need to increase storage capacity
Never let a database fill up to maximum capacity
Be curious about any sudden change in rate of growth – find out if there are problems
![Page 36: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/36.jpg)
36 Copyright © 2004 M. E. Kabay. All rights reserved.
Application Evolution
All applications must changeEnvironment changes
Operating systems / DBMS versionsRegulations & lawsBusiness needs
Therefore databases changeDBAs must plan to meet demands for change
Keep track of structure, usageDefine data repository
Full metadata about all organization data systems
![Page 37: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/37.jpg)
37 Copyright © 2004 M. E. Kabay. All rights reserved.
Homework
Finish very carefully reading all of Chapter 11 using the full SQ3R techniques.
REQUIRED by MONDAY NOON 3rd May (hand in at B&M office) for 26 pointsGroup I Questions #11.37 through 11.49ALL remaining outstanding homework is
due by that date. No further extensions.MK will return all homework to B&M office
by Tuesday NOON OPTIONAL also by Monday 3rd May for 3 extra
points each11.52 and/or 11.53 on p. 327
![Page 38: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/38.jpg)
38 Copyright © 2004 M. E. Kabay. All rights reserved.
Final Exam
Thursday 6 May 200408:00-10:30Dewey 211Covers entire course materialT/F, short answer, diagrams, short essay,
![Page 39: Managing Multi-User Databases (3)](https://reader036.vdocument.in/reader036/viewer/2022062516/56812b85550346895d8fa365/html5/thumbnails/39.jpg)
39 Copyright © 2004 M. E. Kabay. All rights reserved.
DISCUSSION