18BCS42C U5
18BCS42C U5
Sc Computer Science
18BCS42C – DATABASE MANAGEMENT SYSTEM
UNIT-V
DATABASE SECURITY, INTEGRITY CONTROL: Security and Integrity
threats – Defense mechanisms – Transaction and concurrency control
mechanisms - ACID properties, Serializability and concurrency control, Lock
based concurrency control (2PL, Deadlocks), Time stamping methods,
optimistic methods, Database recovery management.
Definitions
SECURITY: Protecting the database from unauthorized access, alteration
or deletion.
INTEGRITY: It refers to accuracy or validation of the data
THREATS To Security And Integrity
A threat is any situation, event or personnel that will adversely effect the
database security and smooth and efficient functioning of the
organization.
Threat to a database may be intentional or accidental.
Given below are some database security threats
o Data tampering
o Eavesdropping and data theft
o Falsifying User’s identities
o Password related threats
o Unauthorized access to data
o Lack of accountability
DEFENCE MECHANISMS
Generally four levels of defence are recognized for a database security:
o Physical security
o Human factors
o Operating system
o Database system Data Security
REQUIREMENTS
The basic security standards which technologies can assure are :
CONFIDENTIALITY
o Access control - Access to data is controlled by means of
privileges, roles and user accounts.
o Authenticated users – Authentication is a way of implementing
decisions of whom to trust. It can be employ passwords, finger
prints etc.
o Secure storage of sensitive data – It is required to prevent data
from hackers who could damage the sensitive data.
o Privacy of communication - The DBMS should be capable of
controlling the spread of confidential personal information from
unauthorized people such as credit cards etc.
INTEGRITY –
o Integrity contributes to maintaining a secure database by
preventing the data from becoming invalid and giving misleading
results.
o It consists of following aspects :
System and object privileges control access to applications
tables and system commands so that only authorized users
can change the data.
Integrity constraints are applied to maintain the correctness
and validity of the data in the database.
Database must be protected from viruses so firewalls and
anti-viruses should be used.
Ensures that access to the network is controlled and data is
not vulnerable to attacks during transmission across network.
AVAILABILITY
o Data should always be made available for the authorized user by
the secure system without any delays.
o Availability is often thought of as a continuity of service assuring
that database is available.
o Denial of service attacks are attempts to block authorized users
ability to access and use the system when needed.
o It has number of aspects.
Ease of use – Resources managed by users for working with
databases should be effectively managed so that it is
available all the time to valid users.
Flexibility – Administrators must have all the relevant tools
for managing user population.
Scalability - System performance should not get affected by
the increase in number of users or processes which require
services from system.
Resistance – User profiles must be defined and the resource
used by any user should be limited.
IMPORTANT SECURITY FEATURES
Views
Authorization and controls
User defined procedures or privileges
Encryption procedures
Authorization
AUTHORIZATION is a PROCESS OF PERMITTING USERS to
perform certain operations on certain data objects in a shared database.
For example: Let us consider the authorization that a salesperson
undertakes;
Authorization Customer Records Order Records
READ Y Y
INSERT Y Y
MODIFY Y N
DELETE N N
Where N stands for NO and Y stands for YES to authorization for
salesperson
To explain the concept of view, let us consider the example of a bank
clerk who needs to know the names of customers of each branch but is
not authorized to see specific loan information.
The view is defined as follows: CREATE VIEW CUST_LOAN AS
SELECT BRANCHNAME, CUSTOMER_NAME FROM
BORROWER, LOAN Where BORROWER.LOAN_NO =
LOAN.LOAN_NO; since the clerk is authorized to see this view so clerk
can execute a query to see the result.
SELECT * from CUST_LOAN; When the query processor translates the
result into a query on actual base table in the database we obtain a query
on BORROWER and LOAN tables.
This permission must be checked on clerk’s query processor begins.
DATABASE INTEGRITY
Constraints:
It can be defined in 3 ways
o Business constraints
o Entity constraints
o Referential constraints
BUSINESS CONSTRAINTS
A value in one column may be constrained by value of some another or
by some calculation or formulae.
ENTITY CONSTRAINTS
Individual columns of a table may be constrained eg. Not null.
REFERENTIAL CONSTRAINTS
Sometimes referred to as key constraints. Eg. Table two depends upon
table one.
BENEFITS OF USING CONSTRAINTS
Guaranteed integrity and consistency
Defined as a part of table definition
Applies across all applications
Cannot be circumvented
Application development and productivity
Requires no special programming
Easy to specify and maintain
Defined once only
CONCURRENCY CONTROL
What is it ? The coordination of simultaneous requests for the same data,
from multiple users.
Why is it important ? Simultaneous execution of transactions over a
shared database may create a several data integrity and consistency
problems.
THREE MAIN INTEGRITY PROBLEMS ARE
Lost updates
Uncommitted data
Inconsistent retrievals
DATABASE RECOVERY
The process of restoring database to a correct state in the case of failure.
E.g.
o System crashes
o Media failures
o Application software errors
o Natural physical disasters
o Carelessness
BASIC RECOVERY CONCEPTS
Backup mechanism – it makes periodic backup copies of the database.
Logging concept – that keeps the track of current state of transaction and
the changes made in the database.
Check pointing mechanism – that enables update to be made permanent.
The choice of the best possible strategy depends upon the
o Extent of damage that had occurred to the database.
o If there has been a physical damage like disk crash then the last
backup copy of the data is restored.
o However if database has become inconsistent but not physically
damaged then changes caused inconsistency must be undone.
o It may also be required to redo some transactions so as to ensure
that the updates are reflected in the database.
DBMS Concurrency Control: Timestamp & Lock-Based Protocols
What is Concurrency Control?
Concurrency Control in Database Management System is a procedure
of managing simultaneous operations without conflicting with each other.
It ensures that Database transactions are performed concurrently and
accurately to produce correct results without violating data integrity of
the respective Database.
DBMS Concurrency Control is used to address such conflicts, which
mostly occur with a multi-user system.
Therefore, Concurrency Control is the most important element for proper
functioning of a Database Management System where two or more
database transactions are executed simultaneously, which require access
to the same data.
Potential problems of Concurrency
Here, are some issues which you will likely to face while using the DBMS
Concurrency Control method:
Lost Updates occur when multiple transactions select the same row and
update the row based on the value selected
Uncommitted dependency issues occur when the second transaction
selects a row which is updated by another transaction (dirty read)
Non-Repeatable Read occurs when a second transaction is trying to
access the same row several times and reads different data each time.
Incorrect Summary issue occurs when one transaction takes summary
over the value of all the instances of a repeated data-item, and second
transaction update few instances of that specific data-item. In that
situation, the resulting summary does not reflect a correct result.
Why use Concurrency method?
Reasons for using Concurrency control method is DBMS:
To apply Isolation through mutual exclusion between conflicting
transactions
To resolve read-write and write-write conflict issues
To preserve database consistency through constantly preserving
execution obstructions
The system needs to control the interaction among the concurrent
transactions. This control is achieved using concurrent-control schemes.
Concurrency control helps to ensure serializability
Example
Assume that two people who go to electronic kiosks at the same time to buy a
movie ticket for the same movie and the same show time.
However, there is only one seat left in for the movie show in that particular
theatre. Without concurrency control in DBMS, it is possible that both
moviegoers will end up purchasing a ticket. However, concurrency control
method does not allow this to happen. Both moviegoers can still access
information written in the movie seating database. But concurrency control only
provides a ticket to the buyer who has completed the transaction process first.
Concurrency Control Protocols
Different concurrency control protocols offer different benefits between
the amount of concurrency they allow and the amount of overhead that
they impose.
Following are the Concurrency Control techniques in DBMS:
Lock-Based Protocols
Two Phase Locking Protocol
Timestamp-Based Protocols
Validation-Based Protocols
Lock-based Protocols
Lock Based Protocols in DBMS is a mechanism in which a transaction
cannot Read or Write the data until it acquires an appropriate lock.
Lock based protocols help to eliminate the concurrency problem in
DBMS for simultaneous transactions by locking or isolating a particular
transaction to a single user.
A lock is a data variable which is associated with a data item.
This lock signifies that operations that can be performed on the data item.
Locks in DBMS help synchronize access to the database items by
concurrent transactions.
All lock requests are made to the concurrency-control manager.
Transactions proceed only once the lock request is granted.
Binary Locks: A Binary lock on a data item can either lock or unlock
states.
Shared/exclusive: This type of locking mechanism separates the locks in
DBMS based on their uses. If a lock is acquired on a data item to perform
a write operation, it is called an exclusive lock.
1. Shared Lock (S):
A shared lock is also called a Read-only lock.
With the shared lock, the data item can be shared between transactions.
This is because you will never have permission to update data on the data
item.
For example, consider a case where two transactions are reading the
account balance of a person. The database will let them read by placing a
shared lock. However, if another transaction wants to update that
account's balance, shared lock prevent it until the reading process is over.
2. Exclusive Lock (X):
With the Exclusive Lock, a data item can be read as well as written.
This is exclusive and can't be held concurrently on the same data item.
X-lock is requested using lock-x instruction.
Transactions may unlock the data item after finishing the 'write'
operation.
For example, when a transaction needs to update the account balance of a
person. You can allows this transaction by placing X lock on it.
Therefore, when the second transaction wants to read or write, exclusive
lock prevent this operation.
3. Simplistic Lock Protocol
This type of lock-based protocols allows transactions to obtain a lock on
every object before beginning operation.
Transactions may unlock the data item after finishing the 'write'
operation.
4. Pre-claiming Locking
Pre-claiming lock protocol helps to evaluate operations and create a list
of required data items which are needed to initiate an execution process.
In the situation when all locks are granted, the transaction executes. After
that, all locks release when all of its operations are over.
Starvation
Starvation is the situation when a transaction needs to wait for an
indefinite period to acquire a lock.
Following are the reasons for Starvation:
When waiting scheme for locked items is not properly managed
In the case of resource leak
The same transaction is selected as a victim repeatedly
Deadlock
Deadlock refers to a specific situation where two or more processes are
waiting for each other to release a resource or more than two processes
are waiting for the resource in a circular chain.
ACID PROPERTIES
A transaction is a unit of program that updates various data items
To ensure the integrity of data during a transaction, the database system
maintains the following properties.
These properties are widely known as ACID properties:
Atomicity:
o This property ensures that either all the operations of a transaction
reflect in database or none.
o Let’s take an example of banking system to understand this:
Suppose Account A has a balance of 400$ & B has 700$.
Account A is transferring 100$ to Account B. This is a transaction
that has two operations a) Debiting 100$ from A’s balance b)
Creating 100$ to B’s balance. Let’s say first operation passed
successfully while second failed, in this case A’s balance would be
300$ while B would be having 700$ instead of 800$. This is
unacceptable in a banking system. Either the transaction should fail
without executing any of the operation or it should process both the
operations.
o The Atomicity property ensures that.
Consistency:
o To preserve the consistency of database, the execution of
transaction should take place in isolation (that means no other
transaction should run concurrently when there is a transaction
already running).
o For example account A is having a balance of 400$ and it is
transferring 100$ to account B & C both. So we have two
transactions here. Let’s say these transactions run concurrently and
both the transactions read 400$ balance, in that case the final
balance of A would be 300$ instead of 200$. This is wrong. If the
transaction were to run in isolation then the second transaction
would have read the correct balance 300$ (before debiting 100$)
once the first transaction went successful.
Isolation:
o For every pair of transactions, one transaction should start
execution only when the other finished execution.
Durability:
o Once a transaction completes successfully, the changes it has made
into the database should be permanent even if there is a system
failure.
o The recovery-management component of database systems ensures
the durability of transaction.
The recovery system reads the logs backwards from the end to the last
checkpoint.
It maintains two lists, an undo-list and a redo-list.
If the recovery system sees a log with <Tn, Start> and <Tn, Commit> or
just <Tn, Commit>, it puts the transaction in the redo-list.
If the recovery system sees a log with <Tn, Start> but no commit or abort
log found, it puts the transaction in undo-list.
All the transactions in the undo-list are then undone and their logs are
removed.
All the transactions in the redo-list and their previous logs are removed
and then redone before saving their logs.
REFERENCES
1. Silberschatz A., Korth H. and Sudarshan S., “Database System Concepts”, Tata McGraw
Hill, 2011.
2. Elmasri R. and Navathe S.B., “Fundamentals of Database Systems”, Pearson Education,
2016.
3. www.w3schools.com
4. www.guru99.com
5. www.tutorialspoint.com
6. www.beginnersbook.com
7. www.ecomputernotes.com
--------------------------------------*****************---------------------------------