Group project for SE Students

Contact the following governmental or private organizations

Ethio Telecom /Group -1/
CBE /Group – 2/
BoA /Group – 3/
Oromia Bank /Group – 4/
Electric power station /Group– 5/
Dashin Bank /Group– 6/

Then
1. Analyze existing system deeply and develop NEW
system which looks like it or better using any favorite
tool ./But: You have to know sw they use for front end and1
 Group project for IS Students
Contact the following governmental or private organizations

Abay bank/Group -1/

Awah Bank/Group – 2/

Amhara bank/Group – 3/

Buna Bank /Group – 4/

Debub Bank /Group– 5/

Tsedey Bank /Group– 6/

Then
1. Analyze existing system document and architecture
deeply and develop NEW document and system
architecture which looks like it or better./But: You have to 2
 Chapter 3

Database Integrity, Security and

Recovery

3
 Outline
Database integrity concepts and subsystem

Integrity constraints

Types of constraints

Database security

Database threats

Threats Identification and Authentication

Database Access control

Categories of access control

Implementation of security system

Data Encryption
4
Pre--

5
 Database integrity
When creating databases, attention needs to be given to data integrity

and how to maintain it.

Data integrity refers to the overall completeness, accuracy and

consistency of data In database.

A good database will enforce data integrity whenever possible.

For example, a user could accidentally try to enter a phone number

into a date field.

If the system enforces data integrity, it will prevent the user from

making these mistakes. For example: in customer database we can enforce an

integrity that it must accept the customer only from Ethiopia or other only specific

input.

6
 .

data integrity refers to maintaining and assuring the

accuracy and consistency of data over its entire life-cycle.

Data integrity is a critical aspect to the design,

implementation and usage of any system which stores,

processes, or retrieves data

The overall intent of any data integrity technique is the

same: to ensure, that data is recorded exactly as intended

and upon later retrieval, to ensure that data is the same as

it was when it was originally recorded data .

integrity aims to prevent the unintentional changes to

information. 7
 Integrity Constraints

Constraints are a very important feature in any data model.

Constraints are useful because they allow a designer to specify the

semantics of data in the database.

Constraints are the rules that force DBMSs to check that data satisfies the

semantics.

Integrity constraints are a set of rules used to maintain the quality of

information.

Integrity constraints ensure that the data insertion, updating, and other

processes have to be performed in such a way that data integrity is not

affected.

Integrity constraints guard against accidental damage to the database, by

ensuring that authorized changes to the database do not result in a loss of

8
data consistency.
Types of constraints

9
 1. Domain constraints

 Domain constraints can be defined as the definition of a valid set

of values for an attribute.

 Domain restricts the values of attributes in the relation and is a

constraint of the relational model.

 The data type of domain includes string, character, integer, time,

date, currency, etc.

 The value of the attribute must be available in the corresponding

domain.
 For example, the Employee ID (EID) must be unique or the

employee Birthdate is in the range [Sep 1, 2024, Jan 1, 2025].

10
11
 2. Entity integrity constraints
 The entity integrity constraint states that primary key value can't
be null.
 This is because the primary key value is used to identify
individual rows in relation and if the primary key has a null value,
then we can't identify those rows.
 A table can contain a null value other than the primary key field.
 To ensure entity integrity, it is required that every table have a
primary key.
 Neither the PK nor any part of it can contain null values. This is
because null values for the primary key mean we cannot identify
some rows.
 For example, in the EMPLOYEE table, Phone cannot be a primary
key since some people may not have a telephone.
12
 .

• The NOT NULL constraint enforces a column to NOT accept NULL values.

• This enforces a field to always contain a value, which means that you cannot

insert a new record, or update a record without adding a value to this field.

EXAMPLE:
NOT NULL on CREATE TABLE

CREATE TABLE Persons (

ID int NOT NULL,

LastName varchar(255) NOT NULL,

FirstName varchar(255) NOT NULL,

Age int

);
NOT NULL on ALTER TABLE
ALTER TABLE Persons MODIFY Age int NOT NULL;
13
.

14
 3. Referential Integrity
Constraints
 Referential integrity requires that a foreign key must have

a matching primary key or it must be null.

 This constraint is specified between two tables (parent and

child); it maintains the correspondence between rows in

these tables.

 It means the reference from a row in one table to another

table must be valid.

 In the Referential integrity constraints, if a foreign key in

Table 1 refers to the Primary Key of Table 2, then every

value of the Foreign Key in Table 1 must be null or be

15
available in Table 2
 .

Examples of referential integrity constraint in the Customer/Order

database of the Company:

Customer(CustID, CustName)

Order(OrderID, CustID, OrderDate)

16
 Remember

 When setting up referential integrity it is important that

the PK and FK have the same data types and come from
the same domain, otherwise the relational database
management system (RDBMS) will not allow the join.
 RDBMS is a popular database system that is based on
the relational model introduced by E. F. Codd of IBM’s
San Jose Research Laboratory.
 Relational database systems are easier to use and
understand than other database systems.
17
 Convert in to RDB

• ID
• AGE
• Name
• Dept
• Phone no
• 10
• 14
• Information system
• 0921333333
18
 4. Key constraints/Unique Constraint/

 Keys are the entity set that is used to identify an entity within its entity set

uniquely.

 A primary key can contain a unique and null value in the relational table.

 The UNIQUE constraint ensures that all values in a column are different.

 Both the UNIQUE and PRIMARY KEY constraints provide a guarantee for

uniqueness for a column or set of columns.

 A PRIMARY KEY constraint automatically has a UNIQUE constraint.

 However, you can have many UNIQUE constraints per table, but only one

PRIMARY KEY constraint per table.

19
 .

• Examples: UNIQUE Constraint on CREATE TABLE

CREATE TABLE Persons

(
ID int NOT NULL UNIQUE,
LastName varchar(255) NOT NULL UNIQUE,
FirstName varchar(255),
Age int
);
20
 Database Security

 All systems have ASSETS and security is about protecting assets.

 Security concentrate on database objects (tables, views, rows), access to them, and

the overall system that manages them.

 Note that not all data is sensitive, so not all requires great effort at protection.

 All assets are under threat.

 THREATs are putting your assets at risk. These include things such as power failure and

employee fraud.

• Database security means protection of a database against unauthorized access, either

intentional or unintentional

• Database security requires the mechanisms, that protect a database against the

intentional or accidental threats

 More generally speaking, database security is concerned with ensuring the secrecy, integrity, and

availability of data stored in a database.

21
 Security attackers
In database security attackers are divided into three segments
that are –
Administrator
• An admin is an authorized person who has permission to
control the system but misuses his/her privileges against
the security policies to get the important information.

Insider
• An insider is also a member of trusted committee in an
organization but did misuse of his/her authority and want to
get some sensitive or any other important information

Intruder
• An intruder is not a part of an organization.
• Actually he/she is unauthorized person who access the
personal data of an organization and want to get the
22
sensitive information.
Database Security Properties

The security of data

basically requires three
things-Confidentiality,
Integrity and Availability.
Where Confidentiality
means the data must be
used by an authorized
person, Integrity means
the data must be
controlled by an
authorized person in an
authorized manner and
Availability means the
data must be available to
23
an authorized user at
 .

The security requirements of a system are

specified by means of a security policy which

is then enforced by various security

mechanisms.

For databases, requirements on the security

can be classified into the following

categories:

24
 Identification, Authentication

 Usually before getting access to a database each user

has to identify himself to the computer system.

 Authentication is the way to verify the identity of a

user at log-on time.

 Most common authentication methods are passwords

but more advanced techniques like badge readers,

biometric recognition techniques, or signature
analysis devices are also available.

25
Authorization, Access Controls

Authorization is the specification of a set of rules that

specify who has which type of access to what

information.

Authorization policies therefore govern the disclosure

and modification of information.

Access controls are procedures that are designed to

control authorizations.

They are responsible to limit access to stored data to

authorized users only.

26
 Integrity, Consistency

An integrity policy states a set of rules (i. e. semantic integrity

constraints) that define the correct states of the database

during database operation and therefore can protect against

malicious or accidental modification of information.

Closely related issues to integrity and consistency are

concurrency control and recovery.

Concurrency control policies protect the integrity of the

database in the presence of concurrent transactions.

If these transactions do not terminate normally due to system

crashes or security violations recovery techniques are used to

reconstruct correct or valid database states.27

 Brain Storming
• Why integrity mostly
focuses on semantics
than syntax?

28
 Auditing

 The requirement to keep records of all security

relevant actions issued by a user is called

auditing.

 Resulting audit records are the basis for further

reviews and examinations in order to test the

adequacy of system controls and to recommend

any changes in the security policy.

29
 Database threats

• A threat is any situation or event, whether

intentional or accidental, that may adversely
affect a system.

30
 Top Database Security Threats?

1. Excessive, inappropriate, and unused privileges

2. Privilege abuse

3. Insufficient web application security

4. Weak audit trails

5. Unsecured storage media

6. SQL injection

7. Denial of service

31
 Threats Identification and Authentication

To protect databases against these types of

threats four kinds of countermeasures can
be implemented:

Access control

Inference control

Flow control

Encryption
32
..

33
Database Access control

34
Categories of access control

35
 Discretionary access control/DAC/

 It is a means of restricting access to

objects based on identity of subjects

or groups to which they belong.

 These are defined by user

identification during authentication

Example: username, password.

 Its main aim is to grant and revoke 36

 Discretionary Access Control Based on Granting and Revoking Privileges

• The typical method of enforcing discretionary access control

in a database system is based on the granting and revoking
privileges.

37
.

38
Mandatory access control/MAC/

39
.

40
.

41
..

42
.

43
Mandatory Access Control and Role-Base Access Control for Multilevel
Security

..

44
45
.

46
Implementation of security system

47
---Security

48
 Data Encryption

Encryption refers to the coding of information in order to keep it secret.

Encryption of data means encoding of data by a special algorithm, that

renders the data unreadable by any program without the decryption key

This security issue used to protect sensitive data (such as credit card

numbers) that is being transmitted via some type communication

network.

The data is encoded using some encoding algorithm.

An unauthorized user who access encoded data will have difficulty

deciphering it, but authorized users are given decoding or decrypting

algorithms (or keys) to decipher data.

49
Encryption Process

50
 Types of encryption

• There are two types of encryption in widespread use

today: symmetric and asymmetric encryption.

• The name derives from whether or not the same key is

used for encryption and decryption.

Symmetric encryption

• In symmetric encryption the same key is used for

encryption and decryption.

• It is therefore critical that a secure method is considered

to transfer the key between sender and recipient.
51
.

52
 Asymmetric encryption

• Asymmetric encryption uses the notion of a key pair: a different key is

used for the encryption and decryption process.

• One of the keys is typically known as the private key and the other is

known as the public key.

• The private key is kept secret by the owner and the public key is either

shared amongst authorized recipients or made available to the public at

large.

• Data encrypted with the recipient’s public key can only be decrypted

with the corresponding private key.

• Data can therefore be transferred without the risk of unauthorized or

unlawful access to the data.

53
 Implementing Encryption

Choosing the right algorithm

Choosing the right key size
Choosing the right software
Keeping the key secure

54
 Database Security and the DBA

 The database administrator (DBA) is the central authority for

managing a database system.

 The DBA’s responsibilities include

 granting privileges to users who need to use the system

 classifying users and data in accordance with the policy of the

organization

 The DBA is responsible for the overall security of the database

system. 55
 ..

• The DBA has a DBA account in the DBMS Sometimes

these are called a system or super user account

• These accounts provide powerful capabilities such as:

1. Account creation

2. Privilege granting

3. Privilege revocation

4. Security level assignment

Action 1 is access control, whereas 2 and 3 are

discretionary and 4 is used to control mandatory

authorization 56
 Access Protection, User Accounts, and Database Audits

 Whenever a person or group of person s need to access a database

system, the individual or group must first apply for a user account.

 The DBA will then create a new account id and password for the user if

he/she deems there is a legitimate need to access the database

 The user must log in to the DBMS by entering account id and password

whenever database access is needed.

 The database system must also keep track of all

operations on the database that are applied by a certain user throughout

each login session.

57
To keep a record of all updates applied to the database and of the
particular user who applied each update, we can modify system
log, which includes an entry for each operation applied to the
database that may be required for recovery from a transaction
failure or system crash.

58