Download - Security Recovery
-
8/7/2019 Security Recovery
1/16
Security Recovery
and
Concurrency control
Lakshmi KantaKumar N
-
8/7/2019 Security Recovery
2/16
Security: The state of being free from danger, injury and
defence against failure.
Data Base Management System: is a collection
interrelated data and a set of Programs to access those
data.
Importance of Data:Payment information
Personal files
Bank account details
Credit card, Salary, Income tax data
University admissions, marks/grades
All of this information can be hard to replace and potentially dangerous
if it falls into the wrong hands. Data lost due to disasters such as a flood
or fire is crushing, but losing it to hackers or a malware infection can have
much greater consequences.
-
8/7/2019 Security Recovery
3/16
Database Security: protection from malicious attempts
to steal (view) or modify data.
Database Vulnerabilities:
Database security can be broken down into the
following key points of interest:
Server Security
Database ConnectionsTable Access Control
Restricting Database Access
Server Security:
Server security is the process of limiting actual access to
the database server itself
-
8/7/2019 Security Recovery
4/16
It is the most important angle of security and should be
carefully planned.
Trusted IP addresses:
Every server should be configured to only allow trusted IPaddresses.
Database Connections:
These days with the number of Dynamic Applications it
becomes tempting to allow immediate unauthenticated
updates to a database.
If you are going to allow users to make updates to adatabase via a web page, ensure that you validate all
updates to ensure that all updates are warranted and safe.
-
8/7/2019 Security Recovery
5/16
Table Access Control:
Table access control is related to an access control list,
which is a table that tells a computer operating system
which access rights each user has to a particular system
object.
Table access control has been referred to as one of the
most overlooked forms of database security. This is
primarily because it is so difficult to apply.In order to properly use Table access control, the system
administrator and the database developer will need to
collaborate.
Restricting Database Access:
Internet based databases have been the most recent targets
of attacks, due to their open access or open ports.
-
8/7/2019 Security Recovery
6/16
There are many ways to prevent open access
from the Internet and each database system has its own
set of unique features as well as each OS.
Trusted IP addresses - Servers can be configured to
answer pings from a list of trusted hosts only.
Server account disabling- The server ID can besuspended after three password attempts. Without user ID
suspension, an attacker can run a program that
generates millions of passwords until it guesses the user
ID and password combination.
Special tools -Products such as Real Secure by ISS send
an alert when an external server is attempting to breach
your system's security.
-
8/7/2019 Security Recovery
7/16
Recovery
A computer system, like any other device is subject tofailure from variety of causes:
Disk Crash
Power Outage
Software Error
Fire
Sabotage
In any failure information may be lost
An integral part of a database system is a
recovery scheme that can restore the database to the
consistent state that existed before failure.
-
8/7/2019 Security Recovery
8/16
Data Access:
The database system resides permanently on non-
volatile storage (usually disks) and is partitioned in to
fixed length storage units called blocks.Blocks are units of data transfer to and from disk,
and may contain several data items.
Transactions input information from the disk to
main memory, and then output the information back on the
disk.
The input and output operations are done in block
units.
The blocks residing on the disk are referred to as
physical blocks.The blocks residing temporarily in main memory
are referred to as buffer blocks.
The area of main memory where the blocks reside
temporarily is calleddisk buffer
.
-
8/7/2019 Security Recovery
9/16
Block movement between disk and main memory are
initiated through the following two operations:
1. Input(B) transfer the physical block B to main
memory2. Output (B) transfer the buffer blockB to the disk,
and replaces the appropriate physical block there.
-
8/7/2019 Security Recovery
10/16
Why Recovery:
Let us take a simple transaction
Account A Account B
Initial Amount Rs: 1000 1500
Transaction Ti that transfer Rs: 50 from Account A to B
Suppose System crash has occurred during the execution of Tiafter output B
A
has taken place, but before output BB
was executed,
where BA, BB are buffer blocks.
Since memory contents were lost, thus we could invoke one of
two possible recovery procedures:
Re-execute Ti : This will result the value A become Rs: 900rather than 950.
Do not execute Ti : The current system state has value of Rs:
950 & 1500 for A and B respectively.
In both cases the system enters in consistent state.
-
8/7/2019 Security Recovery
11/16
Log Based Recovery:
The most widely used structure for recording database
modifications is the log. Log is a sequence of log records, recording all the update
activities in the database.
Fields of Log Based Recovery:
Transaction identifier: is the unique identifier of the
transaction that performed the write operation.
Data item identifier: is the unique identifier of the data
item written, typically it is the location on disk of the data item.
Old value: is the value of the data item prior to the writing.
New value: is the value that the data item will have after
write.
< Ti start> Transaction Ti has started
< Ti , Xj , V1, V2 > Transaction Ti has performed a write on
data item Xj, Xj had value
V1 before the write, and will have value V2 after write
< Ti commit> Transaction Ti has committed
< Ti abort> Transaction Ti has aborted
-
8/7/2019 Security Recovery
12/16
Concurrency Control
Concurrency control is a database management systems(DBMS) concept that is used to address conflicts with the
simultaneous accessing or altering of data that can occur with a
multi-user system. Concurrency control, when applied to a DBMS,
is meant to coordinate simultaneous transactions while preserving
data integrity.
Example:
Consider two travellers who go to electronic kiosks at the same
time to purchase a train ticket to the same destination on the same
train. There's only one seat left in the coach, but without
concurrency control, it's possible that both travellers will end uppurchasing a ticket for that one seat. However, with concurrency
control, the database wouldn't allow this to happen. Both travellers
would still be able to access the train seating database, but
concurrency control would preserve data accuracy and allow only
one traveller to purchase the seat.
-
8/7/2019 Security Recovery
13/16
Concurrency Control Locking Strategies:
Pessimistic Locking:
This concurrency control strategy involves keeping an entity in
a database locked the entire time it exists in the database'smemory.
This limits or prevents users from altering the data entity that is
locked.
There are two types of locks that fall under the category of
pessimistic locking:
Write lock
Read lock
With write lock, everyone but the holder of the lock isprevented from reading, updating, or deleting the entity. With
read lock, other users can read the entity, but no one except for
the lock holder can update or delete it.
-
8/7/2019 Security Recovery
14/16
Optimistic Locking:
This strategy can be used when instances ofsimultaneous transactions, or collisions, are
expected to be infrequent.
In contrast with pessimistic locking, optimistic
locking doesn't try to prevent the collisions fromoccurring.
Instead, it aims to detect these collisions and
resolve them on the chance occasions when they
occur.
-
8/7/2019 Security Recovery
15/16
References:
http://www.governmentsecurity.org/articleshttp://databasemanagement.wikia.com
Om Purna- madah, purna-midam purnat-purnam-udacyate
Purnaysa purna-madaya purna-meva-vasisyate
"That is the whole, this is the Whole; from the Whole, the Whole
arises; taking away the Whole from the Whole, the Wholeremains"
-
8/7/2019 Security Recovery
16/16