Self Study Topics
Self Study Topics
Chapter 4
Recovery Concepts…
Steal/No-Steal and Force/No-Force
Possible ways for flushing database cache to database disk:
If a cache page updated by a transaction cannot be written to disk
before the transaction commits, this is called no-steal approach.
Otherwise it is steal.
If all cache pages updated by a transaction are immediately written to
disk when a transaction commits, this is called a force approach.
Otherwise, it is called no-force.
Slide
21- 2
Recovery Concepts…
Slide
21- 3
Steal/No-Steal and Force/No-Force…
Slide
22- 4
Steal/No-Steal and Force/No-Force…
Force approach
All pages updated by a transaction are immediately written to disk before the
transaction commits
Otherwise, no-force
Typical database systems employ a steal/no-force strategy
Avoids need for very large buffer space
Reduces disk I/O operations for heavily updated pages
Slide
22- 5
Chapter -5
Database Security
Introduction to Database Security Issues
Slide
30- 7
Introduction to Database Security Issues
(cont’d.)
Database works as part of a network of services
Applications, Web servers, firewalls, SSL terminators, and security monitoring
systems
Types of database control measures
Access control
Inference control
Flow control
Encryption
Slide
30- 8
Introduction to Database Security Issues
(cont’d.)
Discretionary security mechanisms
Used to grant privileges to users
Mandatory security mechanisms
Classify data and users into various security classes
Implement security policy
Role-based security
Slide
30- 9
Control Measures
Control measures
Access control
Handled by creating user accounts and passwords
Inference control (for statistical DBs)
Must ensure information about individuals cannot be accessed
Flow control
Prevents information from flowing to unauthorized users
Data encryption
Used to protect sensitive transmitted data
Slide
30-
10
Database Security and the DBA
Slide
30- 11
Access Control, User Accounts, and
Database Audits
User must log in using assigned username and password
Login session
Sequence of database operations by a certain user
Recorded in system log
Database audit
Reviewing log to examine all accesses and operations applied during a certain
time period
Slide
30-
12
Discretionary Access Control Based on Granting
and Revoking Privileges
Slide
30-
13
Discretionary Access Control (cont’d.)
Slide
30-
14
Simple GRANT Syntax
Slide
23-
15
Example: Granting/Revoking Privileges
DBA to A1
GRANT CREATETAB TO A1;
CREATE SCHEMA Example AUTHORIZATION A1
A1 can create new tables
A1 creates relations Emp and Dept
A1 to A2
GRANT INSERT DELETE on Emp, Dept TO A2;
A2 was not given the WITH GRANT OPTION
A2 cannot give privilege to other users
Slide
23-
16
Example: Granting/Revoking Privileges
A1 to A3
GRANT SELECT On Emp, Dept TO A3 WITH GRANT OPTION;
A3 given the WITH GRANT OPTION
A3 can give privilege to other users
A3 to A4
GRANT SELECT On Emp TO A4;
A4 cannot propagate the SELECT privilege
Slide
23-
17
Example: Granting/Revoking Privileges
Slide
23-
18
Digital Signatures
Slide
30-
19
Digital Certificates
Combines value of a public key with the identity of the person or service that
holds the corresponding private key into a digitally signed statement
Information included in the certificate
Owner information
Public key of the owner
Date of certificate issue and validity period
Issuer identification
Digital signature
Slide
30-
20
Challenges to Maintaining
Database Security
Data quality
Quality stamps
Application-level recovery techniques to automatically repair incorrect data
Intellectual property rights
Digital watermarking techniques
Slide
30-
21
Challenges to Maintaining
Database Security (cont’d.)
Database survivability
Confinement: take immediate action to eliminate/reduce attacker's access
Damage assessment
Reconfiguration
Repair: recover corrupted or lost data and reinstall failed system functions
Fault treatment: identify the weaknesses and holes
Slide
30-
22