Semantic Data Control
Semantic Data Control
n Introduction
n Background
n Distributed DBMS Architecture
n Distributed Database Design
o Semantic Data Control
➠ View Management
➠ Data Security
➠ Semantic Integrity Control
o Distributed Query Processing
o Distributed Transaction Management
o Distributed Database Operating Systems
o Parallel Database Systems
o Distributed Object DBMS
o Database Interoperability
o Current Issues
Distributed DBMS © 1998 M. Tamer …zsu & Patrick Valduriez Page 6. 1
➠ Security control
➠ Integrity control
n Objective :
➠ Insure that authorized users perform correct
operations on the database, contributing to the
maintenance of the database integrity.
Page 1
View Management
EMP
View Ð virtual relation
ENO ENAME TITLE
➠ generated from base relation(s) by a
query E1 J. Doe Elect. Eng
E2 M. Smith Syst. Anal.
➠ not stored as base relations E3 A. Lee Mech. Eng.
E4 J. Miller Programmer
Example : E5 B. Casey Syst. Anal.
CREATE VIEW SYSAN(ENO,ENAME) E6 L. Chu Elect. Eng.
E7 R. Davis Mech. Eng.
AS SELECT ENO,ENAME E8 J. Jones Syst. Anal.
FROM EMP SYSAN
WHERE TITLE=“Syst. Anal.” ENO ENAME
E2 M.Smith
E5 B.Casey
E8 J.Jones
View Management
Views can be manipulated as base relations
Example :
Page 2
Query Modification
queries expressed on views
⇓
queries expresed on base relations
Example :
SELECT ENAME, PNO, RESP
FROM SYSAN, ASG
WHERE SYSN.ENO = ASG.ENO
ENAME PNO RESP
⇓
SELECT ENAME,PNO,RESP M.Smith P1 Analyst
View Management
n To restrict access
CREATE VIEW ESAME
AS SELECT *
FROM EMP E1, EMP E2
WHERE E1.TITLE = E2.TITLE
AND E1.ENO = USER
n Query
SELECT *
FROM ESAME ENO ENAME TITLE
Page 3
View Updates
n Updatable
Page 4
Data Security
n Data protection
➠ prevent the physical content of data to be
understood by unauthorized users
➠ encryption/decryption
u Data Encryption Standard
u Public-key encryption
n Authorization control
➠ only authorized users perform operations they are
allowed to on the database
u identification of subjects and objects
u authentication of subjects
u granting of rights (authorization matrix)
n Behavioral constraints
➠ regulate application behavior
e.g., dependencies in the relational model
n Two components
➠ Integrity constraint specification
➠ Integrity constraint enforcement
Page 5
Semantic Integrity Control
n Procedural
control embedded in each application program
n Declarative
assertions in predicate calculus
➠ easy to define constraints
➠ definition of database consistency clear
➠ inefficient to check assertions for each update
u limit the search space
u decrease the number of data accesses/assertion
u preventive strategies
u checking at compile time
Page 6
Constraint Specification Language
Precompiled constraints
Express preconditions that must be satisfied by all tuples in
a relation for a given update type
(INSERT, DELETE, MODIFY)
NEW - ranges over new tuples to be inserted
OLD - ranges over old tuples to be deleted
General Form
CHECK ON <relation> [WHEN <update type>] <qualification>
➠ Domain constraint
➠ Transition constraint
Page 7
Constraint Specification Language
General constraints
Constraints that must always be true. Formulae of
tuple relational calculus where all variables are
quantified.
General Form
CHECK ON <variable>:<relation>,(<qualification>)
➠ Functional dependency
CHECK ON e1:EMP, e2:EMP
(e1.ENAME = e2.ENAME IF e1.ENO = e2.ENO)
➠ Constraint with aggregate function
CHECK ON g:ASG, j:PROJ
(SUM(g.DUR WHERE g.PNO = j.PNO) < 100 IF
j.PNAME = ÒCAD/CAMÓ)
Integrity Enforcement
Two methods
n Detection
Execute update u: D → Du
If Du is inconsistent then
compensate Du → DuÕ
else
undo Du → D
n Preventive
Execute u: D → Du only if Du will be consistent
➠ Determine valid programs
➠ Determine valid states
Page 8
Query Modification
n preventive
n add the assertion qualification to the update
query
n only applicable to tuple calculus formulae with
universally quantified variables
UPDATE PROJ
SET BUDGET = BUDGET*1.1
WHERE PNAME =“CAD/CAM”
⇓
UPDATE PROJ
SET BUDGET = BUDGET*1.1
WHERE PNAME =“CAD/CAM”
AND NEW.BUDGET ≥ 500000
AND NEW.BUDGET ≤ 1000000
Distributed DBMS © 1998 M. Tamer …zsu & Patrick Valduriez Page 6. 17
Compiled Assertions
Triple (R,T,C) where
R relation
T update type (insert, delete, modify)
C assertion on differential relations
Example: Foreign key assertion
∀g ∈ ASG, ∃j ∈ PROJ : g.PNO = j.PNO
Compiled assertions:
(ASG, INSERT, C1), (PROJ, DELETE, C2), (PROJ, MODIFY, C3)
where
C1:∀NEW ∈ ASG+, ∃j ∈ PROJ: NEW.PNO = j.PNO
C2:∀g ∈ ASG, ∀OLD ∈ PROJ- : g.PNO ≠ OLD.PNO
C3:∀g ∈ ASG, ∀OLD ∈ PROJ-, ∃NEW ∈ PROJ+:g.PNO ≠OLD.PNO
OR OLD.PNO = NEW.PNO
Distributed DBMS © 1998 M. Tamer …zsu & Patrick Valduriez Page 6. 18
Page 9
Differential Relations
Given relation R and update u
R+ contains tuples inserted by u
R- contains tuples deleted by u
Type of u
insert R- empty
delete R+ empty
modify R+ ∪ (R Ð R- )
Differential Relations
Algorithm
Input: Relation R, update u, compiled assertion Ci
Step 1: Generate differential relations R+ and RÐ
Step 2: Retrieve the tuples of R+ and RÐ which do
not satisfy Ci
Step 3: If retrieval is not successful, then the
assertion is valid.
Example :
u is delete on J. Enforcing (J, DELETE, C2) :
retrieve all tuples of J-
into RESULT
where not(C2)
If RESULT = φ, the assertion is verified.
Distributed DBMS © 1998 M. Tamer …zsu & Patrick Valduriez Page 6. 20
Page 10
Distributed Integrity Control
n Problems:
➠ Definition of constraints
u consideration for fragments
➠ Where to store
u replication
u non-replicated : fragments
➠ Enforcement
u minimize costs
Page 11
Distributed Integrity Control
n Assertion Definition
➠ similar to the centralized techniques
➠ transform the assertions to compiled assertions
n Assertion Storage
➠ Individual assertions
u one relation, only fragments
u at each fragment site, check for compatibility
u if compatible, store; otherwise reject
u if all the sites reject, globally reject
➠ Set-oriented assertions
u involves joins (between fragments or relations)
u maybe necessary to perform joins to check for
compatibility
u store if compatible
Distributed DBMS © 1998 M. Tamer …zsu & Patrick Valduriez Page 6. 23
➠ Set-oriented Assertions
u single relation
4 similar to individual assertions with qualified updates
u multi-relation
4 move data between sites to perform joins; then send the result to
the query master site
Page 12