Database Security
Database Security
It is a means of putting in place the different form of information security controls to protect database
against compromise of their confidentiality, integrity and availability.
Risk assessment
This will enable you to identify the risks you are faced with and what could happen if valuable data is lost
through theft, malware infection or a system crash.
Securing data
Since data can be compromised in many ways, the best security against misuse or theft involves a
combination of technical measures, physical security and a well-educated staff. You should implement
clearly defined polices into your infrastructure and effectively present them to the staff.
2. Auditing:
Database auditing involves observing a database so as to be aware of the actions of database users.
Database administrators and consultants often set up auditing for security purposes, for example, to
ensure that those without the permission to access information do not access it.
3. Authentication:
It is the validation control that allows you to log into a system, email or blog account etc. Once logged in,
you have various privileges until logging out. Some systems will cancel a session if your machine has
been idle for a certain amount of time, requiring that you prove authentication once again to re-enter. You
can log in using multiple factors such as a password, a smart card or even a fingerprint.
4. Encryption:
This security mechanism uses mathematical scheme and algorithms to scramble data into unreadable text.
It can only be decoded or decrypted by the party that possesses the associated key.
5. Back up:
This is the process of making copy and archiving of computer data in the event of data loss which is used
to restore the original data.
6. Password:
This is sequence of secret characters used to enable access to a file, program, computer system and other
resources.
Evaluation
Backups have two distinct purposes. The primary purpose is to recover data after its loss, be it by data
deletion or corruption. The secondary purpose of backups is to recover data from an earlier time,
according to a user-defined data retention policy, typically configured within a backup application for
how long copies of data are required. Backup is just one of the disaster recovery plans.
Application security:
Application security is the use of software, hardware and procedural methods to protect an application
from external threats.
Understanding Data Processing for Senior Secondary Schools by Dinehin Victoria Pages 255 – 260
Weekend assignment
1. …………….is the practice of keeping data protected from corruption and unauthorized access.
(a) Data measurement (b) Data security (c) Data protection (d) Data control
2. Which of these is not a type of security control ……? (a) access control (b) auditing (c)
encryption(d) storage
3. .………….. security mechanism uses mathematical schemes and algorithm to scramble data into
unreadable text. (a) Encryption (b) Auditing (c) Authentication (d) Auditing
4. .…………. is the process of copying and archiving data so it may be used to restore original after
a data loss (a) Backup (b) Restore (c) Control (d) Saving
5. …..……… is the computer professional responsible for the configuration, administration and
maintenance of a database (a) Programmer (b) System administrator (c) Database administrator
(d) System analyst
Theory
Crash Recovery
Definition
Crash recovery is the process by which the database is moved back to a consistent and usable state. This
is done by rolling back incomplete transactions and completing committed transactions that were still in
memory when the crash occurred. When the database is in a consistent and usable state, it has attained
what is known as a point of consistency. Following a transaction failure, the database must be recovered.
The three main principles that lie behind the ARIES recovery algorithm
1. Write ahead logging: Any change to an object is first recorded in the log, and then the log must
be written to stable storage before changes to the object are written to a disk.
2. Repeating history during Redo: On restart, after a crash, ARIES retraces the actions of a
database before the crash and brings the system back to the exact state that it was in before the
crash. The n it undoes the transaction still active at crash time.
3. Logging changes during Undo: Change made to the database while undoing transactions are
logged to ensure such an action isn’t repeated in the event of repeated restarts.
Recovery procedure after crash
The recovery works in three phases
1. Analysis Phase: The first phase, analysis, compute all the necessary information from the log
file.
2. REDO Phase: The Redo phase restores the database to the exact state at the crash, including all
the changes of uncommitted transactions that were running at that point time.
3. UNDO Phase: The undo phase then undoes all uncommitted changes, leaving the database in a
consistent state. After the redo phase, the database reflects the exact state at the crash. However,
the changes of uncommitted transactions have to be undone to restore the database to a consistent
state.
Evaluation
Atomicity:
This is the property of transaction processing whereby either all the operations of transactions are
executed or none of them is executed (all-or-nothing)
Durability:
This is the ACID property which guarantees that transactions that have committed will survive
permanently.
Log:
A transaction log (also transaction journal, database log, binary log or audit trail) is a history of actions
executed by a database management system to guarantee ACID properties over crashes or hardware
failure. Physically, a log is a file of updates done to the database, stored in stable storage.