DATABASE SECURITY

DEFINITION OF DATA SECURITY

Data security is the practice of keeping data protected from corruption and
unauthorized access. The focus behind data security is to ensure privacy while
protecting personal or corporate data.

It is a means of putting in place the different form of information security controls to

protect database against compromise of their confidentiality, integrity and
availability.

RISK ASSESSMENT

This will enable you to identify the risks you are faced with and what could happen if
valuable data is lost through theft, malware infection or a system crash.

SECURING DATA

Since data can be compromised in many ways, the best security against misuse or
theft involves a combination of technical measures, physical security and a well-
educated staff. You should implement clearly defined polices into your infrastructure
and effectively present them to the staff.

TYPES OF SECURITY CONTROL ON THE DATA

1. Access Control

Is the selective restriction of access to a place or other resource. The act of accessing
may mean consuming, entering, or using. Permission to access a resource is called
authorization.

 Auditing

Database auditing involves observing a database so as to be aware of the actions of

database users. Database administrators and consultants often set up auditing for
security purposes, for example, to ensure that those without the permission to
access information do not access it.

 Authentication

Is the validation control that allows you to log into a system, email or blog account
etc. Once logged in, you have various privileges until logging out. Some systems will
cancel a session if your machine has been idle for a certain amount of time, requiring
that you prove authentication once again to re-enter.You can log in using multiple
factors such as a password, a smart card or even a fingerprint.

 Encryption

This security mechanism uses mathematical scheme and algorithms to scramble data
into unreadable text. It can only be decoded or decrypted by the party that
possesses the associated key.

 Back Up

This is the process of making copy and archiving of computer data in the event of
data loss which is used to restore the original data.

 Password

This is sequence of secret characters used to enable access to a file, program,

computer system and other resources.

EVALUATION

1. Explain data security.

2. Explain types of security control on data that you know

IMPORTANCE OF DATA SECURITY

Data security is critical for most business and even home computer users. Client
information, payment information, personal files, bank account details- all this
information can be hard to replace and potentially dangerous if it falls into the
wrong hands. Data lost due to disaster such as a flood of fire is crushing, but losing it
to hackers or a malware infection can have much greater consequences.

MAJOR THREATS TO DATA SECURITY

1. Accident can happen due to human error or software/ hardware error.

2. Hackers could steal vital information and fraud can easily be perpetrated.
3. Loss of data integrity.
4. Improper data access to personal or confidential data.
5. Loss of data availability through sabotage , a virus , or a worm.

INTEGRITY CONTROLS

BACKUPS

Is the process of copying and archiving of computer data so it may be used to restore
the original after a data loss event.

Backups have two distinct purposes. The primary purpose is to recover data after its
loss, be it by data deletion or corruption. The secondary purpose of backups is to
recover data from an earlier time, according to a user-defined data retention policy,
typically configured within a backup application for how long copies of data are
required. Backup is just one of the disaster recovery plans.

APPLICATION SECURITY

Application security is the use of software, hardware and procedural methods to

protect application from external threats.

THE ROLE OF DATABASE ADMINISTRATOR IN DATA SECURITY

A database administrator (DB) is a person responsible for the installation,

configuration, upgrade, administration, monitoring and maintenance of databases in
an organization. The role includes the development and design of database
strategies, system monitoring and improving database performance and capacity,
and planning for future expansion requirements. They may also plan, co-ordinate an
implement security measures to safeguard the database.

A database administrator’s responsibilities can include the following tasks:

  Installing and upgrading the database server and application tools.

o Allocating system storage and planning future storage requirements

for the database system

o Modifying the database structure, as necessary, from information

given by application developers.

o Enrolling users and maintaining system security.

o Ensuring compliance with database vendor license agreement.

o Controlling and monitoring user access to the database.

o Monitoring and optimizing the performance of the database.

o Planning for backup and recovery of database information.

o Maintaining archive data.

o Backing and restoring databases.

o Contacting database vendor for technical support.

o Generating various reports by querying database as per need.

GENERAL EVALUATION

1. Define the roles of a database administrator in data security

2. Define backup and list its importance in data security

WEEKEND ASSIGNMENT

1. …………….is the practice of keeping data protected from corruption and

unauthorized access. (a) Data measurement (b) Data security (c) Data
protection (d) Data control
2. Which of these is not a type of security control ……?(a) access control (b)
auditing (c) encryption(d) storage
 3. .………….. security mechanism uses mathematical schemes and algorithm to
scramble data into unreadable text. (a) Encryption (b) Auditing (c)
Authentication (d) Auditing
4. .…………. is the process of copying and archiving data so it may be used to
restore original after a data loss (a) Backup (b) Restore (c) Control (d) Saving
5. …..……… is the computer professional responsible for the configuration,
administration and maintenance of a database (a) Programmer (b) System
administrator (c) Database administrator (d) System analyst

THEORY

1. Explain two types of data security control.

2. Mention five (5) duties of a database administrator.

TOPIC: CRASH RECOVERY

DEFINITION

Crash recovery is the process by which the database is moved back to a consistent
and usable state. This is done by rolling back incomplete transactions and completing
committed transactions that were still in memory when the crash occurred. When
the database is in a consistent and usable state, it has attained what is known as a
point of consistency. Following a transaction failure, the database must be
recovered.

CONDITIONS THAT CAN RESULT IN TRANSACTION FAILURE INCLUDE:

1. A power failure on the machine causing the database manager and the database
partitions on it to go down.

2. A hardware failure such as memory corruption, or disk, CPU, or network failure.

3. A serious operating system error that causes the DB to go down

INTRODUCTION TO ARIES (ALGORITHMS FOR RECOVERY AND ISOLATION

EXPLOITING SEMANTICS
ARIES

This is a recovery algorithm designed to work with no-force, steal database

approach. It is used by IBM DB2, MS SQL Server and many other database systems.

The three main principles that lie behind ARIES recovery algorithm

1. Write Ahead Logging: Any change to an object is first recorded in the log, and
then the log must be written to a stable storage before changes to the object
are written to a disk.
2. Repeating History during Redo: On restart, after a crash, ARIES retraces the
actions of a database before the crash and brings the system back to the
exact state that it was in before the crash. Then it undoes the transaction still
active at crash time.
3. Logging Changes during Undo: Change made to the database while undoing
transactions are logged to ensure such an action isn’t repeated in the event
of repeated restarts.

RECOVERY PROCEDURE AFTER CRASH

The recovery works in three phases

1. Analysis Phase: The first phase, analysis, computes all the necessary
information from the log file.
2. REDO Phase: The Redo phase restores the database to the exact state at the
crash, including all the changes of uncommitted transactions that were
running at that point time.
3. UNDO Phase: The undo phase then undoes all uncommitted changes, leaving
the database in a consistent state. After the redo phase the database reflects
the exact state at the crash. However, the changes of uncommitted
transactions have to be undone to restore the database to a consistent state.

EVALUATION

1. Define crash recovery.

2. Explain the term ARIES.

OTHER RECOVERY RELATED TO DATA STRUCTURE

THE WRITE-AHEAD LOG PROTOCOL

Write Ahead Logging (WAL) is family of techniques for providing atomicity and
durability (two of the ACID properties) in database systems. In a system using WAL,
all modifications are written to a log before they are applied. Usually both redo and
undo information is stored in the log. WAL allows updates of a database to be done
in one place.

ATOMICITY

This is the property of transaction processing whereby either all the operations of
transactions are executed or none of them are executed (all-or-nothing)

DURABILITY

This is the ACID property which guarantees that transactions that have committed
will survive permanently.

LOG

A transaction log (also transaction journal, database log, binary log or audit trail) is a
history of actions executed by a database management system to guarantee ACID
properties over crashes or hardware failure. Physically, a log is a file of updates done
to the database, stored in stable storage.

CHECK POINTING

Check pointing is basically consists of storing a snapshot of the current application

state, and later on, use it for restarting the execution in case of failure. A check point
record is written into the log periodically at that point when the system writes out to
the database on disk all DBMS buffers that have been modified. This is a periodic
operation that can reduce the time for recovery from a crash.

Check points are used to make recovery more efficient and to control the reuse of
primary and secondary log files. In the case of crash, backup files will be used to
recover the database to the point of crash.

MEDIA RECOVERY

Media recovery deals with failure of the storage media holding the permanent
database, in particular disk failures. The traditional database approach for media
recovery uses archive copies (dumps) of the database as well as archive logs. Archive
copies represent snapshots of the database and are periodically taken.

The archive log contains the log records for all committed changes which are not yet
reflected in the archive copy. In the event of a media failure, the current database
can be reconstructed by using the latest archive copy and redoing all changes in
chronological order from the archive log.

A faster recovery from disk failures is supported by disk organizations like RAID
(redundant arrays of independent disks) which store data redundantly on several
disks. However, they do not eliminate the need for archive based media recovery
since they cannot completely rule out the possibility of data loss, e.g when multiple
disk fail.

GENERAL EVALUATION

1. Explain crash recovery.

2. Explain the following terms in crash recovery (i) Media recovery (ii) Check
point (iii) The Write – Ahead log protocol
3. Discuss the concepts of ARIES in crash recovery.

WEEKEND ASSIGNMENT

1. The process by which a database is moved back to a consistent and usable

state is called………. (a) cash recovery (b) crash recovery (c) past recovery (d)
undo recovery
2. The recovery algorithm that uses no-force and steals approach is …………..

(a) ARIAS (b) ARIES (c) ARREARS (d) ARIS

 ARIES works in ……………. Phases (a) 3 (b) 2 (c) 1 (d) 4

 Which of these is not a crash recovery type …………

(a) ARIES (b) Media recovery (c) Check pointing (d) UNDO

 ………. Crash recovery uses backup files (a) Check point (b) ARIES (c) Media
recovery
(d) Atomicity

THEORY
1. Discuss the concept of ARIES in crash recovery.
2. Explain the difference between media recovery and check point.
3. Explain the difference between a system crash and a media failure.