DATABASE MANAGEMENT UNIT -5 DATABASE

SECURITY AND
SYSTEMS ADVANCED
DATABASES

© Kalasalingam academy of research and education

 Course Outline:

Course description:
CO 1 Apply the database management
system concepts. This course is designed to introduce under
graduate students to the foundations of
CO 2 Design relational and ER model for
database design. database systems, focusing on basics such as
the relational algebra and data model, schema
CO 3. Examine issues in data storage and query normalization, query optimization, and
processing and frame appropriate solutions.
transactions.
CO 4. Analyze the role and issues like efficiency, privacy,
security, ethical responsibility and strategic advantage in
data management

CO 5. Build applications to schedule concurrent

executions with recovery mechanisms.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Syllabus
Data Classification - Threats and Risks –
Database Access Control – Types of Privileges
– Cryptography - Statistical Databases -
Distributed Databases – Architecture -
Unit 5
Transaction Processing - Relevance Ranking -
Crawling and Indexing Web-Object Oriented
Outcomes
Databases - XML Databases.
CO5:
Build applications to schedule concurrent
executions with recovery mechanisms.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Unit 5 DATABASE SECURITY AND ADVANCED DATABASES

Build applications to schedule concurrent

Lesson 1. Database
Security and threats executions with recovery mechanisms.

Lesson 2. Database Access Control, Privileges

and its types

Lesson 3. Cryptography

Lesson 4. Statistical and Distributed Databases

Lesson 5. Object Oriented and XML

Databases

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Reference:

Abraham Silberschatz, Henry F. Korth and Sudarshan S., Database System Concepts, McGraw-Hill , 6th
Edition, 2011.
Ramez Elmasri and Shamkant B. Navathe. Fundamental Database Systems, Addison-Wesley, 5th
Edition, 2005.
Raghu Ramakrishnan, Database Management System, Tata McGraw-Hill, 3rd Edition, 2006.
Hector Garcia-Molina, Jeff Ulman and Jennifer Widom, Database Systems: The Complete Book,
Prentice Hall, 2003.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Lesson 1: Data Classification
A DBMS can be classified based on the number of users it supports.
It can be multi user which supports multiple users concurrently or single user which supports single user at
a time.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Homogeneous Distributed System

 A homogenous distributed database system is a network of two or more Oracle databases that
reside on one or more machines.
An Oracle distributed database system can incorporate Oracle databases of different versions.
All supported releases of Oracle can participate in a distributed database system.
Nevertheless, the applications that work with the distributed database must understand the
functionality that is available at each node in the system--for example, a distributed database
application cannot expect an Oracle7 database to understand the object SQL extensions that are
only available with Oracle8i.

© Kalasalingam academy of research and education COURSE NAME

 Homogeneous Distributed System
Use same DBMS software from various multiple sites

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Homogeneous Distributed System

© Kalasalingam academy of research and education COURSE NAME

 Heterogeneous distributed system
In a heterogeneous distributed database system, at least one of the databases is a non-Oracle system.
To the application, the heterogeneous distributed database system appears as a single, local, Oracle
database; the local Oracle database server hides the distribution and heterogeneity of the data.
The Oracle database server accesses the non-Oracle system using Oracle8i Heterogeneous Services in
conjunction with an agent.
 If you access the non-Oracle data store using an Oracle Transparent Gateway, then the agent is a
system-specific application.
 For example, if you include a Sybase database in an Oracle distributed system, then you need to
obtain a Sybase-specific transparent gateway so that the Oracle databases in the system can
communicate with it.

© Kalasalingam academy of research and education COURSE NAME

 Heterogeneous distributed system
Different sites might use different dbms software but there is additional common software to
support data exchange between these sites.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Heterogeneous distributed system

© Kalasalingam academy of research and education COURSE NAME

 Database security and threats

Assessing for any database vulnerabilities, identifying compromised endpoints and classifying
sensitive data.
Managing user access rights and removing excessive privileges and dormant users.
Monitoring all database access activity and usage patterns in real time to detect data leakage,
unauthorized SQL and big data transactions, and protocol and system attacks.
Blocking malicious web requests.
Automating auditing with a database auditing and protection platform.
Archiving external data and encrypting databases.

© Kalasalingam academy of research and education COURSE NAME

 Database security and threats

It is of particular importance in distributed systems because of large number of users,

fragmented and replicated data, multiple sites and distributed control.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Database security and threats

© Kalasalingam academy of research and education COURSE NAME

 Threats in a Database

Availability loss − Availability loss refers to non-availability of database objects by legitimate

users.
Integrity loss − Integrity loss occurs when unacceptable operations are performed upon the
database either accidentally or maliciously.
This may happen while creating, inserting, updating or deleting data.
It results in corrupted data leading to incorrect decisions.
Confidentiality loss − Confidentiality loss occurs due to unauthorized or unintentional disclosure
of confidential information.
 It may result in illegal actions, security threats and loss in public confidence.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Threats

© Kalasalingam academy of research and education COURSE NAME

 Threats in a Database

© Kalasalingam academy of research and education COURSE NAME

 Measures of Control

The measures of control can be broadly divided into the following categories −
Access Control − Access control includes security mechanisms in a database management system to
protect against unauthorized access.
 A user can gain access to the database after clearing the login process through only valid user accounts.
Each user account is password protected.
Flow Control − Distributed systems encompass a lot of data flow from one site to another and
also within a site.
Flow control prevents data from being transferred in such a way that it can be accessed by
unauthorized agents.
A flow policy lists out the channels through which information can flow.
It also defines security classes for data as well as transactions.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Authentication

Authentication is the process of confirmation that whether the user log in only according to the rights
provided to him to perform the activities of data base.
 A particular user can login only up to his privilege but he can’t access the other sensitive data.
The privilege of accessing sensitive data is restricted by using Authentication .
By using these authentication tools for biometrics such as retina and figure prints can prevent the data base
from unauthorized/malicious users.

© Kalasalingam academy of research and education COURSE NAME

 Access Control :

The security mechanism of DBMS must include some provisions for restricting access to the data base by
unauthorized users.
Access control is done by creating user accounts and to control login process by the DBMS.
So, that database access of sensitive data is possible only to those people (database users) who are allowed
to access such data and to restrict access to unauthorized persons.
The database system must also keep the track of all operations performed by certain user throughout the
entire login time.

© Kalasalingam academy of research and education COURSE NAME

 Flow Control :

This prevents information from flowing in a way that it reaches unauthorized users.
Channels are the pathways for information to flow implicitly in ways that violate the privacy policy of a
company are called covert channels.

© Kalasalingam academy of research and education COURSE NAME

 Inference Control :

This method is known as the countermeasures to statistical database security problem.

It is used to prevent the user from completing any inference channel.
This method protect the sensitive information from indirect disclosure.
Inferences are of two types, identity disclosure or attribute disclosure.

© Kalasalingam academy of research and education COURSE NAME

 Database Security applying Statistical Method :

Statistical database security focuses on the protection of confidential individual values stored in and used
for statistical purposes and used to retrieve the summaries of values based on categories.
They do not permit to retrieve the individual information.
This allows to access the database to get statistical information about the number of employees in the
company but not to access the detailed confidential/personal information about specific individual
employee.

© Kalasalingam academy of research and education COURSE NAME

 First Lesson Summary:
Database Security and threats
Threats in a Database
Topic 1
Data Classification Measures of Control
Topic 2
Homogeneous Distributed System

Topic 3
Heterogeneous Distributed System

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Lesson – 2
Database Access Control, Privileges and its types

Database access control is a method of allowing access to company’s sensitive data only to those people (database
users) who are allowed to access such data and to restrict access to unauthorized persons.
It includes two main components: authentication and authorization.
Authentication is a method of verifying the identity of a person who is accessing your database.
Note that authentication isn’t enough to protect data.
An additional layer of security is required, authorization, which determines whether a user should be allowed to
access the data or make the transaction he’s attempting.
Without authentication and authorization, there is no data security.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Database Access Control

© Kalasalingam academy of research and education COURSE NAME

 Database Access Control, Privileges and its types

© Kalasalingam academy of research and education COURSE NAME

 Types of Access Control

Discretionary Access Control (DAC)

With DAC models, the data owner allows
access.
DAC is a means of assigning access rights
based on user-specified rules.

COURSE NAME DATABASE MANAGEMENT SYSTEMS

© Kalasalingam academy of research and education
 Discretionary Access Control (DAC)

Gaining access in the DAC model works like this:

User 1 creates a file and becomes its owner or obtains access rights to an existing file.
User 2 requests access to this file.
User 1 grants access at their own discretion. However, user 1 can’t grant access rights that exceed their own. For
example, if user 1 can only read a document, they can’t allow user 2 to edit it.
If there’s no contradiction between the ACL created by an administrator and the decision made by user 1, access is
granted.
Discretionary access control is quite a popular model because it allows a lot of freedom for users and doesn’t cause
administrative overhead. However, it has several considerable limitations.

© Kalasalingam academy of research and education COURSE NAME

 Types of Access Control

© Kalasalingam academy of research and education COURSE NAME

 Mandatory Access Control (MAC)

With MAC, the process of gaining access looks like this:

The administrator configures access policies and defines security attributes: confidentiality levels, clearances for
accessing different projects and types of resources.
The administrator assigns each subject (user or resource that accesses data) and object (file, database, port, etc.) a set
of attributes.
When a subject attempts to access an object, the operating system examines the subject’s security attributes and
decides whether access can be granted.

© Kalasalingam academy of research and education COURSE NAME

 Mandatory Access Control (MAC)

MAC was developed using a nondiscretionary model, in which people are granted access based on an information
clearance.
MAC is a policy in which access rights are assigned based on central authority regulations.

COURSE NAME DATABASE MANAGEMENT SYSTEMS

© Kalasalingam academy of research and education
 Mandatory Access Control (MAC)

© Kalasalingam academy of research and education COURSE NAME

 Mandatory Access Control (MAC)

© Kalasalingam academy of research and education COURSE NAME

 Role Based Access Control (RBAC)

There are a number of best practices organizations should follow for implementing RBAC, including:
Determine the resources for which they need to control access, if they're not already listed -- for
instance, customer databases, email systems and contact management systems.
Analyze the workforce, and establish roles that have the same access needs. However, don't create too
many roles because that would defeat the purpose of role-based access control and create user-based
access control rather than role-based access control. For instance, there could be a basic user role that
includes the access every employee needs, such as to email and the corporate intranet.
After creating a list of roles and their access rights, align the employees to those roles, and set their
access.
Evaluate how roles can be changed, as well as how accounts for employees who are leaving the
company can be terminated and how new employees can be registered.

© Kalasalingam academy of research and education COURSE NAME

 Role Based Access Control (RBAC)

RBAC grants access based on a user’s role and implements key security principles such as “least privilege” and
“separation of privilege.”
Thus, someone attempting to access information can only access data necessary for their role.
Most common method today.

© Kalasalingam academy of research and education COURSE NAME

 Role Based Access Control (RBAC)

© Kalasalingam academy of research and education COURSE NAME

 Role Based Access Control (RBAC)

© Kalasalingam academy of research and education COURSE NAME

 Attribute Based Access Control (ABAC)

ABAC comes with a recommended architecture which is as follows:

The PEP or Policy Enforcement Point: it is responsible for protecting the apps & data you want to apply
ABAC to. The PEP inspects the request and generates an authorization request from it which it sends to
the PDP.
The PDP or Policy Decision Point is the brain of the architecture. This is the piece which evaluates
incoming requests against policies it has been configured with. The PDP returns a Permit / Deny decision.
The PDP may also use PIPs to retrieve missing metadata
The PIP or Policy Information Point bridges the PDP to external sources of attributes e.g. LDAP or
databases.

© Kalasalingam academy of research and education COURSE NAME

 Attribute Based Access Control (ABAC)

In ABAC, each resource and user are assigned a series of attributes.
 In this dynamic method, a comparative assessment of the user’s attributes, including time of day, position and
location, are used to make a decision on access to a resource.
Most recent model.

COURSE NAME DATABASE MANAGEMENT SYSTEMS

© Kalasalingam academy of research and education
 Attribute Based Access Control (ABAC)

© Kalasalingam academy of research and education COURSE NAME

 Attribute Based Access Control (ABAC)

© Kalasalingam academy of research and education COURSE NAME

 Privileges

Privileges defines the access rights provided to a user on a database object.

COURSE NAME DATABASE MANAGEMENT SYSTEMS

© Kalasalingam academy of research and education
 Privileges

© Kalasalingam academy of research and education COURSE NAME

 Types of Privileges

There are two types of privileges.

1) System privileges - This allows the user to CREATE, ALTER, or DROP database objects.

2) Object privileges - This allows the user to EXECUTE, SELECT, INSERT, UPDATE, or DELETE data from database objects to
which the privileges apply.
System Privileges
CREATE object - allows users to create the specified object in their own schema.
CREATE ANY object - allows users to create the specified object in any schema.

The above rules also apply for ALTER and DROP system privileges.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Types of Privileges

© Kalasalingam academy of research and education COURSE NAME

 System Privileges

© Kalasalingam academy of research and education COURSE NAME

 Object Privileges

INSERT - allows users to insert rows into a table.

SELECT - allows users to select data from a database

object.

UPDATE - allows user to update data in a table.

EXECUTE - allows user to execute a stored procedure or a

function.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Object Privileges

© Kalasalingam academy of research and education COURSE NAME

 Object Privileges

© Kalasalingam academy of research and education COURSE NAME

 Second Lesson Summary:
Role Based Access Control
Topic 1
Attribute Based Access Control
Database Access Control
Previliges
Topic 2
Types of Previliges
Types of Access Control

Topic 3
Object Previliges
Mandatory Access Control

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Lesson 3:Cryptography
Cryptography is the science of encoding information before sending via unreliable communication
paths so that only an authorized receiver can decode and use it.
The coded message is called cipher text and the original message is called plain text.
The process of converting plain text to cipher text by the sender is called encoding or encryption.
 The process of converting cipher text to plain text by the receiver is called decoding or decryption.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Cryptography

© Kalasalingam academy of research and education COURSE NAME

 Cryptography

Cryptography is technique of securing information and communications through use of codes so that
only those person for whom the information is intended can understand it and process it.
Thus preventing unauthorized access to information.
The prefix “crypt” means “hidden” and suffix graphy means “writing”.
In Cryptography the techniques which are use to protect information are obtained from mathematical
concepts and a set of rule based calculations known as algorithms to convert messages in ways that make
it hard to decode it.
 These algorithms are used for cryptographic key generation, digital signing, verification to protect data
privacy, web browsing on internet and to protect confidential transactions such as credit card and debit
card transactions.

© Kalasalingam academy of research and education COURSE NAME

 Cryptography

© Kalasalingam academy of research and education COURSE NAME

 Conventional Encryption Methods

In conventional cryptography, the encryption and decryption is done using the same secret key.
Here, the sender encrypts the message with an encryption algorithm using a copy of the secret key.
The encrypted message is then send over public communication channels.
On receiving the encrypted message, the receiver decrypts it with a corresponding decryption algorithm using the
same secret key.
Security in conventional cryptography depends on two factors −
A sound algorithm which is known to all.
A randomly generated, preferably long secret key known only by the sender and the receiver.

COURSE NAME DATABASE MANAGEMENT SYSTEMS

© Kalasalingam academy of research and education
 Conventional Encryption Methods

© Kalasalingam academy of research and education COURSE NAME

 Conventional Encryption

© Kalasalingam academy of research and education COURSE NAME

 Public Key Cryptography

In contrast to conventional cryptography, public key cryptography uses two different keys, referred to as
public key and the private key.
Each user generates the pair of public key and private key.
The user then puts the public key in an accessible place.
When a sender wants to sends a message, he encrypts it using the public key of the receiver.
On receiving the encrypted message, the receiver decrypts it using his private key.
Since the private key is not known to anyone but the receiver, no other person who receives the message can
decrypt it.

COURSE NAME DATABASE MANAGEMENT SYSTEMS

© Kalasalingam academy of research and education
 Public Key Cryptography

© Kalasalingam academy of research and education COURSE NAME

 Public Key Cryptography

© Kalasalingam academy of research and education COURSE NAME

 RSA

The most popular public key cryptography algorithms are RSA algorithm and Diffie–
Hellman algorithm.
This method is very secure to send private messages.
However, the problem is, it involves a lot of computations and so proves to be inefficient for long
messages.
The solution is to use a combination of conventional and public key cryptography.
The secret key is encrypted using public key cryptography before sharing between the
communicating parties.
Then, the message is send using conventional cryptography with the aid of the shared secret key.

COURSE NAME DATABASE MANAGEMENT SYSTEMS

© Kalasalingam academy of research and education
 RSA

© Kalasalingam academy of research and education COURSE NAME

 RSA
RSA (Rivest–Shamir–Adleman) is an algorithm used by modern computers to encrypt and decrypt messages.
 It is an asymmetric cryptographic algorithm.
Asymmetric means that there are two different keys.
This is also called public key cryptography, because one of the keys can be given to anyone. The other key must be
kept private.
The algorithm is based on the fact that finding the factors of a large composite number is difficult: when the factors
are prime numbers, the problem is called prime factorization. It is also a key pair (public and private key) generator.
RSA involves a public key and private key.
 The public key can be known to everyone- it is used to encrypt messages.
Messages encrypted using the public key can only be decrypted with the private key.
The private key needs to be kept secret.
Calculating the private key from the public key is very difficult.

© Kalasalingam academy of research and education COURSE NAME

 RSA

© Kalasalingam academy of research and education COURSE NAME

 Digital Signatures

A Digital Signature (DS) is an authentication technique based on public key cryptography used in e-commerce
applications.
 It associates a unique mark to an individual within the body of message.
 This helps others to authenticate valid senders of messages.

COURSE NAME DATABASE MANAGEMENT SYSTEMS

© Kalasalingam academy of research and education
 Digital Signatures

© Kalasalingam academy of research and education COURSE NAME

 Topic 1
Cryptography

Topic 2 Third Lesson Summary:

Conventional Encryption Methods

Topic 3
Public Key Cryptography
DES RSA
Digital Signatures

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Lesson 4: Statistical databases

A statistical database in dbms (Database Management System) is used for this analysis purposes.
Statistical database is an online analytical processing (OLAP), instead of online transaction processing
(OLTP) system.
It is typically has parameter data and the measured data for these parameters.
 For an instance, parameter data consists of the various values for changing conditions in an experiment (e.g.,
temperature, time).
The calculated data (or variables) are the measurements taken in the experiment under these changing
conditions.

COURSE NAME DATABASE MANAGEMENT SYSTEMS

© Kalasalingam academy of research and education
 Statistical databases

© Kalasalingam academy of research and education COURSE NAME

 Statistical Databases

Many statistical databases are sparse with many null or zero values.
 It is not uncommon for a statistical database to be 40% to 50% sparse.
 There are two choice for dealing with the sparseness:
(1) leave the null values in there and use compression techniques to squeeze them out or
 (2) remove the entries that only have null values.
Statistical databases often incorporate support for advanced statistical analysis techniques, such as
correlations, which goes beyond SQL .

COURSE NAME DATABASE MANAGEMENT SYSTEMS

© Kalasalingam academy of research and education
 Statistical Databases

© Kalasalingam academy of research and education COURSE NAME

 Statistical Database Security

In a statistical database, it is often allows query access only to aggregate data, not individual files or records.
Protecting such a database is a difficult issue, since intelligent users can use a combination of aggregate queries to
derive information about a single individual.
Securing statistical databases is an impossible aim.

COURSE NAME DATABASE MANAGEMENT SYSTEMS

© Kalasalingam academy of research and education
 Statistical Database Security

© Kalasalingam academy of research and education COURSE NAME

 Statistical Database Security

© Kalasalingam academy of research and education COURSE NAME

 Distributed databases
Distributed database is a system in which storage devices are not connected to a common processing unit.
Database is controlled by Distributed Database Management System and data may be stored at the same location or
spread over the interconnected network.
It is a loosely coupled system.

Shared nothing architecture is used in distributed databases.

COURSE NAME DATABASE MANAGEMENT SYSTEMS

© Kalasalingam academy of research and education
 Distributed databases

© Kalasalingam academy of research and education COURSE NAME

 Distributed databases

© Kalasalingam academy of research and education COURSE NAME

 Goals of Distributed Database system

Reliability:
In distributed database system, if one system fails down or stops working for some time another
system can complete the task.
Availability:
In distributed database system reliability can be achieved even if sever fails down.
Another system is available to serve the client request.
Performance:
Performance can be achieved by distributing database over different locations.
So the databases are available to every location which is easy to maintain.

COURSE NAME DATABASE MANAGEMENT SYSTEMS

© Kalasalingam academy of research and education
 Distributed database on a network

© Kalasalingam academy of research and education COURSE NAME

 Types of distributed databases

 Homogeneous distributed databases system:

Homogeneous distributed database system is a network of two or more databases (With same type of DBMS
software) which can be stored on one or more machines.
So, in this system data can be accessed and modified simultaneously on several databases in the network.
Homogeneous distributed system are easy to handle.

COURSE NAME DATABASE MANAGEMENT SYSTEMS

© Kalasalingam academy of research and education
 Homogeneous distributed databases system

© Kalasalingam academy of research and education COURSE NAME

 Heterogeneous distributed database system

Heterogeneous distributed database system is a network of two or more databases with different types of DBMS
software, which can be stored on one or more machines.
In this system data can be accessible to several databases in the network with the help of generic connectivity
(ODBC and JDBC).

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Heterogeneous distributed database system

© Kalasalingam academy of research and education COURSE NAME

 Client-server architecture of Distributed system
A client server architecture has a number of clients and a few servers connected in a network.

A client sends a query to one of the servers. The earliest available server solves it and replies.

A Client-server architecture is simple to implement and execute due to centralized server system.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Client-server architecture

© Kalasalingam academy of research and education COURSE NAME

 Client-server architecture

© Kalasalingam academy of research and education COURSE NAME

 Fourth Lesson Summary:
Common approaches
Distributed Databases
Topic 1
Goals of Distributed Database
Statistical Databases
Types of Distributed Database
Topic 2
Statistical Databases Security Heterogeneous Distributed
Client Server Architecture

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Lesson 5: Introduction to Object based databases
The idea of object databases was originated in 1985
Object oriented database systems are alternative to relational database and other database systems.
In object oriented database, information is represented in the form of objects.
If we can combine the features of relational model (transaction, concurrency, recovery) to object oriented
databases, the resultant model is called as object oriented database model.

COURSE NAME DATABASE MANAGEMENT SYSTEMS

© Kalasalingam academy of research and education
 Object based databases

© Kalasalingam academy of research and education COURSE NAME

 Object based databases

© Kalasalingam academy of research and education COURSE NAME

 Features of OODBMS
In OODBMS, every entity is considered as object and represented in a table.
1. Complexity
OODBMS has the ability to represent the complex internal structure (of object) with multilevel complexity.

2. Inheritance
Creating a new object from an existing object in such a way that new object inherits all characteristics of an existing
object.

3. Encapsulation
It is an data hiding concept in OOPL which binds the data and functions together which can manipulate
data and not visible to outside world.

4. Persistency
OODBMS allows to create persistent object (Object remains in memory even after execution). This
feature can automatically solve the problem of recovery and concurrency.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Features of OODBMS

© Kalasalingam academy of research and education COURSE NAME

 Advantages of Object Databases

Faster data access and better performance.

Some object database can be used in multiple languages.
For example, gemstone database supports c++, smalltalk and java programming languages.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Advantages of Object Databases

© Kalasalingam academy of research and education COURSE NAME

 Drawbacks of Object Databases

Object databases are not as popular as RDBMS.

 It is difficult to find object DB developers.
Not many programming language support object databases.
RDBMS have SQL as a standard query language.
Object databases do not have a standard.
Object databases are difficult to learn for non-programmers.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 XML DATABASE
XML is a markup language, which is mainly used to represent the structured data.
 Structured data is the one which contains the data along with the tag / label to indicate what is that data.
It is like a data with tag as a column name in RDBMS.
XML provides lots of features to handle the structured data within the document.
XML is the markup language which serves the structured data over the internet, which can be viewed by the user
easily as well as quickly.
It supports lots of different types of applications.
XML is a simple language which any user can use with minimal knowledge.
XML documents are created very quickly.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 XML DATABASES

It does not need any thorough analysis, design and development phases like in RDBMS.
In addition, one should be able to create and view XML in notepad too.
XML Database is used to store huge amount of information in the XML format.
The data stored in the database can be queried using XQuery, serialized, and exported into a desired format.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 XML DATABASES

© Kalasalingam academy of research and education COURSE NAME

 XML Database Types

There are two major types of XML databases −

XML- enabled
Native XML (NXD)

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 XML - Enabled Database

XML enabled database is nothing but the extension provided for the conversion of XML document.
This is a relational database, where data is stored in tables consisting of rows and columns.
The tables contain set of records, which in turn consist of fields.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 XML - Enabled Database

© Kalasalingam academy of research and education COURSE NAME

 XML - Enabled Database

© Kalasalingam academy of research and education COURSE NAME

 Native XML Database

Native XML database is based on the container rather than table format.
 It can store large amount of XML document and data.
Native XML database is queried by the XPath-expressions.
Native XML database has an advantage over the XML-enabled database.
It is highly capable to store, query and maintain the XML document than XML-enabled database.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Native XML Database

© Kalasalingam academy of research and education COURSE NAME

 Example
<?xml version = "1.0"?> Root
<contact-info>
<contact1>
<name>Tanmay Patil</name> <company>TutorialsPoint</company>
<phone>(011) 123-4567</phone>
</contact1>
<contact2> Element
<name>Manisha Patil</name> <company>TutorialsPoint</company>
<phone>(011) 789-4567</phone> Value
</contact2>
</contact-info>

Here, a table of contacts is created that holds the records of contacts (contact1 and contact2), which in turn consists of three entities − name,
company and phone.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Explanation

Root : This is the beginning of all the nodes in the document.

In our example above contact-info is the root node.
Element : This is the any node in the document that begins with <name> and ends with </name>.
<contact1> </contact1>
Text : This is the value of the element node.

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS

 Explanation

© Kalasalingam academy of research and education COURSE NAME

 This unit focuses on the basic concepts of Data Classification, threats and risks,
privileges and its types, Database Access Control in Database Management
Topic 1 System.
Data Classification
Topic 2 Lesson 1: Represents the introduction to Database Classification, Threats and
Threats and Risks risks.
Topic 3
Lesson 2: Represents the operations of Database Access Control and privileges.
Database Access Control
Topic 4 Lesson 3: Represents the Cryptography and its types such as public and private
Cryptography cryptography and digital signatures.
Topic 5
Lesson 4: Introduces the concept of Distributed and its types and statistical
Statistical Databases
databases and its advantages and disadvantages.
Topic 6
Object Oriented Databases Lesson 5: Describes the Object oriented databases and its features and XML
Topic 7 databases with example discussed in brief.
XML Databases
Topic 8
Distributed Databases Fifth Unit Summary
COURSE NAME : DATABASE MANAGEMENT SYSTEMS
© Kalasalingam academy of research and education
 Thank You!

© Kalasalingam academy of research and education DATABASE MANAGEMENT SYSTEMS