recovery and security

8/3/2019 Recovery and Security

1/33

Database Recovery

Joel Mtebe


2/33

Motivation

A database system like any computer system is subject tovarious types of failures.

The database system must ensure the ACID properties

(specifically durability and atomicity) in the possible presence

of failures.

We will categorize the various types of failures, and reviewalgorithms for recoveringfrom failures.

The process of restoring the database to a consistent state

after a failure is called recovery, and is performed by therecovery system.


3/33

Classification

According to the type of a failure, recoveryprocedures classify to:

Recovery from a catastrophic (like disk crash) failure,and

Recovery from a non catastrophic failure

Recovery from catastrophicfailure is based on

restoring a database back_upcopy by redoingoperations of committed transactions (stored in anarchived log file) up to the time of the failure


4/33

Non-Catastrophic Failures

A computer failure (system crush): A hardware failure,

A software failure,

A network failure

A transaction error: Integer overflow,

Division by zero,

Logical error,

User interruption, Exception condition

Concurrency control enforcement: Violated serializability (in PostgreSQL),

Deadlock


5/33

Classification (continued)

If a database becomes inconsistent due to a non catastrophicfailure, the strategy is to reverse only those changes that madedatabase inconsistent

It is accomplished by undoing (and sometimes also redoing)some operations. An in memory log file is used here

From now on we consider only recovery from non disk crashfailures (we suppose data on disk are safe)

The recovery from non catastrophic failures can be based onmany algorithms, as:

Deferred update,

Immediate update, and

Shadow paging (not considered)


6/33

Why is Recoverability Needed?

Recoverability is needed because the database system canfail for many reasons during transaction processing:

Computer Failure - computer crash due to hardware, software, ornetwork problems.

Transaction Error - error in transaction (e.g. divide by 0) Exception Conditions - transaction detects exception condition

(e.g. data not present, insufficient bank funds)

Concurrency Control Enforcement - transaction can be forced to

abort to resolve deadlock or for serializability.

Disk Failure - disk fails to correctly read/write blocks Physical Problems/Catastrophes - external problems resulting in

data loss or system destruction (e.g. earthquake)


7/33

Purpose of Database Recovery

To bring the database into the most recentconsistent statethat existed prior to the failure.

To preserve transaction properties Atomicity, Consistency, Isolation and Durability

Example: If the system crashes before a fund transfer transaction

completes its execution, then either one or both accounts mayhave incorrect value. Thus, the database must be restored tothe state before the transaction modified any of the accounts.


8/33

Types of Failure

The database may become unavailable due to Transaction failure: Transactions may fail because of

incorrect input, deadlock, incorrect synchronization.

System failure: System may fail because of addressingerror, application error, operating system fault, RAMfailure, etc.

Media failure: Disk head crash, power disruption, etc.


9/33

The various types of failures can be classified inthree categories:

Transaction Failures:

Logical errors: Transaction cannot complete due to some

internal error condition (bad input, data not found).

System errors: The database system must terminate an activetransaction due to an error condition (e.g. deadlock).


10/33

Software Failures: System crash: A failure causes the system to crash, but

non-volatile storage contents are not corrupted.

Examples: software design errors, bugs, buffer/stackoverflows

Hardware Failures:

Disk failure: A head crash destroys all or part of disk

storage. Examples: overutilization/overloading (used beyond its

design), wearout failure, poor manufacturing


11/33

Recovery Techniques

Deferred update techniques Database is not modified until after the transaction

reaches its commit point.

Immediate update techniques

Database is updated as and when transactionprogresses; however, the updates are logged before

they are made in the database.


12/33

Transaction Log

Recovery from failures, may require data values prior to modification: BFIM - BeFore Image

new value after modification: AFIM AFter Image

These values and other information are stored in asequential file called Transaction log.

Sample log data:

T ID Back P Next P Operation Data item BFIM AFIM

T1 0 1

T1 1 4

T2 0 8

T1 2 5

T1 4 7

T3 0 9

T1 5 nil

Begin

Write

W

R

R

End

BeginX

Y

M

N

X = 200

Y = 100

M = 200

N = 400

X = 100

Y = 50

M = 200

N = 400


13/33

Data Update Options

Immediate Update: As soon as a data item ismodified in cache, the disk copy is updated.

Deferred Update: Modified data items in the

cache are written to disk eitherafter a transaction ends its execution, orafter a fixed number of transactions havecompleted their execution.


14/33

Database

Security

By

Chathuranga Chandrasekara&Buddhika Karunarathne


15/33

Introduction

Threats to Databases

Threats & Security Goals

Counter Measures

Access Control Inference Control

Flow Control

Encryption


16/33

Threats to Databases

What is a Threat ?

A set of circumstances that has the potential tocause loss, misuse ( modify, delete etc.) or harmyour system or data.


17/33

Threats to Databases (Contd..)

Results in the Loss or Degradation of some or allof the Security Goals.

Integrity Availability

Confidentiality


18/33


Loss of Integrity

Refers to the requirement that information in a

database be protected from improper modification.

Ex : Modification of a database containing accountinformation of a Bank


19/33


Loss of Availability

Refers to making objects available to Human user or a

program to which they have a legimate right.

Ex : You have an ATM card, but a threat can obstruct yourwithdrawals.


20/33


Loss of Confidentiality

Refers to protection of data from unauthorized

disclosure.

Ex : Credit Card information from a Bank.

Your Medical Report from the Hospital.


21/33

Countermeasures

Access Control

Inference Control

Flow Control

Encryption


22/33

Access Control

Restricting access to the Database system as

a Whole.

1. Discretionary Access Control2. Mandatory Access Control


23/33

Access Control Methods

Discretionary Access Control

Grants privileges to users, including the capability to access

specific data files, records, or fields in a specific mode. (such asread, insert, delete, or update).

Main Idea is to include statements in the Query Language thatallows the DBA & Selected users to Grant & Revoke previleges.

Ex : User X can read the table Emp_Data etc.


24/33

Access Control Methods

Mandatory Access ControlClassifies users and data into multiple levels of security,and then enforces appropriate rules.

Levels TS, S, C, UEx

Cargo Contents Classification

A Uniforms, Boots Unclassified

B Claymores Confidential

C Atomic Bomb Top Secret

D Chocolates, Butter Unclassified


25/33

DAC Vs MACDAC Higher Flexibility

Vulnerable to Malicious Attacks

MAC

Higher Degree of Protection

Requires a Rigid Classification


26/33

A Weakness in DAC

Revoked

Privilege

System

user1 user2

user3 user4

(System, user1, SELECT ON

EMPLOYEE WITH GRANT

OPTION)

Granted

Privilege


27/33

Countermeasures

Access Control Inference Control

Flow Control

Encryption

By

Buddhika Karunarathne


28/33

Implimenting Security

Legal & Ethical Issues. Policy Issues at the Governmental, Institutional or

Corporate Level.

System related issues Whether a security function should

be handled as Hardware Level, OS Level, DBMS Level etc. The need in some organizations to identify multiple Security

Levels


29/33

Inference Control

The security problem associated with databases isthat of controlling the access to a statisticaldatabase

The countermeasures to statistical databasesecurity problem is called inference controlmeasures.


30/33

Statistical Databases?

Statistical databases are used to produce statistics onvarious populations.

Features are:

individual information is considered confidential.

users may allow to access statistical information on thepopulation

i.e., applying statistic functions to a population of tuples.


31/33

Information Flow

Information flows from X to Y if a process readsfrom X and writes to Y

Copying is the canonical example of information

flow Aggregation is a form of information flow


32/33

Flow Control

Unauthorized flows are regulated Exclusionary/closed

All others are allowed

Admissible flows are regulated Inclusionary/open

All others are denied

Least privilege


33/33

Data Encryption

data encryption, is used to protect sensitive datathat is being transmitted via some typecommunication network.

eg., such as credit card numbers Two main methods

Public Encryption Key

Digital Signature

recovery and security

Documents