0% found this document useful (0 votes)
31 views22 pages

Self Study Topics

The document discusses database recovery concepts, specifically discussing steal/no-steal and force/no-force approaches. These approaches determine when updated database cache pages can be written to disk and whether they are written immediately during transaction commit. The combinations of these approaches give rise to four different recovery methods: steal/no-force (undo/redo), steal/force (undo/no-redo), no-steal/no-force (no-undo/redo), and no-steal/force (no-undo/no-redo).

Uploaded by

Yasir Ahmad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
31 views22 pages

Self Study Topics

The document discusses database recovery concepts, specifically discussing steal/no-steal and force/no-force approaches. These approaches determine when updated database cache pages can be written to disk and whether they are written immediately during transaction commit. The combinations of these approaches give rise to four different recovery methods: steal/no-force (undo/redo), steal/force (undo/no-redo), no-steal/no-force (no-undo/redo), and no-steal/force (no-undo/no-redo).

Uploaded by

Yasir Ahmad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 22

SELF STUDY TOPICS

Chapter 4
Recovery Concepts…
Steal/No-Steal and Force/No-Force
 Possible ways for flushing database cache to database disk:
 If a cache page updated by a transaction cannot be written to disk
before the transaction commits, this is called no-steal approach.
Otherwise it is steal.
 If all cache pages updated by a transaction are immediately written to
disk when a transaction commits, this is called a force approach.
Otherwise, it is called no-force.

Slide
21- 2
Recovery Concepts…

Steal/No-Steal and Force/No-Force


 These give rise to four different ways for handling recovery:
 Steal/No-Force (Undo/Redo)
 Steal/Force (Undo/No-redo)
 No-Steal/No-Force (No-undo/Redo) and
 No-Steal/Force (No-undo/No-redo).

Slide
21- 3
Steal/No-Steal and Force/No-Force…

 Steal/no-steal and force/no-force


 Specify rules that govern when a page from the database cache can be written to
disk
 No-steal approach
 Cache buffer page updated by a transaction cannot be written to disk before the
transaction commits
 Steal approach
 Recovery protocol allows writing an updated buffer before the transaction commits

Slide
22- 4
Steal/No-Steal and Force/No-Force…

 Force approach
 All pages updated by a transaction are immediately written to disk before the
transaction commits
 Otherwise, no-force
 Typical database systems employ a steal/no-force strategy
 Avoids need for very large buffer space
 Reduces disk I/O operations for heavily updated pages

Slide
22- 5
Chapter -5
Database Security
Introduction to Database Security Issues

 Database security a broad area


 Legal, ethical, policy, and system-related issues
 Threats to databases
 Loss of integrity
 Improper modification of information
 Loss of availability
 Legitimate user cannot access data objects
 Loss of confidentiality
 Unauthorized disclosure of confidential information

Slide
30- 7
Introduction to Database Security Issues
(cont’d.)
 Database works as part of a network of services
 Applications, Web servers, firewalls, SSL terminators, and security monitoring
systems
 Types of database control measures
 Access control
 Inference control
 Flow control
 Encryption

Slide
30- 8
Introduction to Database Security Issues
(cont’d.)
 Discretionary security mechanisms
 Used to grant privileges to users
 Mandatory security mechanisms
 Classify data and users into various security classes
 Implement security policy
 Role-based security

Slide
30- 9
Control Measures

 Control measures
 Access control
 Handled by creating user accounts and passwords
 Inference control (for statistical DBs)
 Must ensure information about individuals cannot be accessed
 Flow control
 Prevents information from flowing to unauthorized users
 Data encryption
 Used to protect sensitive transmitted data

Slide
30-
10
Database Security and the DBA

 Database administrator (DBA)


 Central authority for administering database system
 Superuser or system account
 DBA-privileged commands
 Account creation
 Privilege granting
 Privilege revocation
 Security level assignment

Slide
30- 11
Access Control, User Accounts, and
Database Audits
 User must log in using assigned username and password
 Login session
 Sequence of database operations by a certain user
 Recorded in system log
 Database audit
 Reviewing log to examine all accesses and operations applied during a certain
time period

Slide
30-
12
Discretionary Access Control Based on Granting
and Revoking Privileges

 DAC: Two levels for assigning privileges to use a database system


 Account level
 Example: CREATE, DROP, ALTER, MODIFY, SELECT privileges
 Not defined for SQL2 (DBMS vendors decide)
 Relation (or table) level
 Defined for SQL2
 Access matrix model

Slide
30-
13
Discretionary Access Control (cont’d.)

 Relation or table level (cont’d.)


 Each relation R assigned an owner account
 Owner of a relation given all privileges on that relation
 Owner can grant privileges to other users on any owned relation
 SELECT (retrieval or read) privilege on R
 Modification privilege on R
 References privilege on R

Slide
30-
14
Simple GRANT Syntax

 GRANT priv_type [, priv_type] ...


ON object_type
TO user [user] ...
[WITH GRANT OPTION ]

Slide
23-
15
Example: Granting/Revoking Privileges

 DBA to A1
 GRANT CREATETAB TO A1;
 CREATE SCHEMA Example AUTHORIZATION A1
 A1 can create new tables
 A1 creates relations Emp and Dept
 A1 to A2
 GRANT INSERT DELETE on Emp, Dept TO A2;
 A2 was not given the WITH GRANT OPTION
 A2 cannot give privilege to other users

Slide
23-
16
Example: Granting/Revoking Privileges

 A1 to A3
 GRANT SELECT On Emp, Dept TO A3 WITH GRANT OPTION;
 A3 given the WITH GRANT OPTION
 A3 can give privilege to other users
 A3 to A4
 GRANT SELECT On Emp TO A4;
 A4 cannot propagate the SELECT privilege

Slide
23-
17
Example: Granting/Revoking Privileges

 Suppose A1 decides to revoke the SELECT privilege from A3


 REVOKE SELECT ON Emp FROM A3;
 DBMS revokes SELECT privilege on Emp from A3 but also A4
 Why? Because A3 no longer has that privilege

Slide
23-
18
Digital Signatures

 Consist of string of symbols


 Each is unique
 Function of the message it is signing, along with a timestamp
 Depends on secret number unique to the signer
 Public key techniques used to create digital signatures

Slide
30-
19
Digital Certificates

 Combines value of a public key with the identity of the person or service that
holds the corresponding private key into a digitally signed statement
 Information included in the certificate
 Owner information
 Public key of the owner
 Date of certificate issue and validity period
 Issuer identification
 Digital signature

Slide
30-
20
Challenges to Maintaining
Database Security
 Data quality
 Quality stamps
 Application-level recovery techniques to automatically repair incorrect data
 Intellectual property rights
 Digital watermarking techniques

Slide
30-
21
Challenges to Maintaining
Database Security (cont’d.)
 Database survivability
 Confinement: take immediate action to eliminate/reduce attacker's access
 Damage assessment
 Reconfiguration
 Repair: recover corrupted or lost data and reinstall failed system functions
 Fault treatment: identify the weaknesses and holes

Slide
30-
22

You might also like