security recovery

8/7/2019 Security Recovery

1/16

Security Recovery

and

Concurrency control

Lakshmi KantaKumar N


2/16

Security: The state of being free from danger, injury and

defence against failure.

Data Base Management System: is a collection

interrelated data and a set of Programs to access those

data.

Importance of Data:Payment information

Personal files

Bank account details

Credit card, Salary, Income tax data

University admissions, marks/grades

All of this information can be hard to replace and potentially dangerous

if it falls into the wrong hands. Data lost due to disasters such as a flood

or fire is crushing, but losing it to hackers or a malware infection can have

much greater consequences.


3/16

Database Security: protection from malicious attempts

to steal (view) or modify data.

Database Vulnerabilities:

Database security can be broken down into the

following key points of interest:

Server Security

Database ConnectionsTable Access Control

Restricting Database Access

Server Security:

Server security is the process of limiting actual access to

the database server itself


4/16

It is the most important angle of security and should be

carefully planned.

Trusted IP addresses:

Every server should be configured to only allow trusted IPaddresses.

Database Connections:

These days with the number of Dynamic Applications it

becomes tempting to allow immediate unauthenticated

updates to a database.

If you are going to allow users to make updates to adatabase via a web page, ensure that you validate all

updates to ensure that all updates are warranted and safe.


5/16

Table Access Control:

Table access control is related to an access control list,

which is a table that tells a computer operating system

which access rights each user has to a particular system

object.

Table access control has been referred to as one of the

most overlooked forms of database security. This is

primarily because it is so difficult to apply.In order to properly use Table access control, the system

administrator and the database developer will need to

collaborate.

Restricting Database Access:

Internet based databases have been the most recent targets

of attacks, due to their open access or open ports.


6/16

There are many ways to prevent open access

from the Internet and each database system has its own

set of unique features as well as each OS.

Trusted IP addresses - Servers can be configured to

answer pings from a list of trusted hosts only.

Server account disabling- The server ID can besuspended after three password attempts. Without user ID

suspension, an attacker can run a program that

generates millions of passwords until it guesses the user

ID and password combination.

Special tools -Products such as Real Secure by ISS send

an alert when an external server is attempting to breach

your system's security.


7/16

Recovery

A computer system, like any other device is subject tofailure from variety of causes:

Disk Crash

Power Outage

Software Error

Fire

Sabotage

In any failure information may be lost

An integral part of a database system is a

recovery scheme that can restore the database to the

consistent state that existed before failure.


8/16

Data Access:

The database system resides permanently on non-

volatile storage (usually disks) and is partitioned in to

fixed length storage units called blocks.Blocks are units of data transfer to and from disk,

and may contain several data items.

Transactions input information from the disk to

main memory, and then output the information back on the

disk.

The input and output operations are done in block

units.

The blocks residing on the disk are referred to as

physical blocks.The blocks residing temporarily in main memory

are referred to as buffer blocks.

The area of main memory where the blocks reside

temporarily is calleddisk buffer

.


9/16

Block movement between disk and main memory are

initiated through the following two operations:

1. Input(B) transfer the physical block B to main

memory2. Output (B) transfer the buffer blockB to the disk,

and replaces the appropriate physical block there.


10/16

Why Recovery:

Let us take a simple transaction

Account A Account B

Initial Amount Rs: 1000 1500

Transaction Ti that transfer Rs: 50 from Account A to B

Suppose System crash has occurred during the execution of Tiafter output B

A

has taken place, but before output BB

was executed,

where BA, BB are buffer blocks.

Since memory contents were lost, thus we could invoke one of

two possible recovery procedures:

Re-execute Ti : This will result the value A become Rs: 900rather than 950.

Do not execute Ti : The current system state has value of Rs:

950 & 1500 for A and B respectively.

In both cases the system enters in consistent state.


11/16

Log Based Recovery:

The most widely used structure for recording database

modifications is the log. Log is a sequence of log records, recording all the update

activities in the database.

Fields of Log Based Recovery:

Transaction identifier: is the unique identifier of the

transaction that performed the write operation.

Data item identifier: is the unique identifier of the data

item written, typically it is the location on disk of the data item.

Old value: is the value of the data item prior to the writing.

New value: is the value that the data item will have after

write.

< Ti start> Transaction Ti has started

< Ti , Xj , V1, V2 > Transaction Ti has performed a write on

data item Xj, Xj had value

V1 before the write, and will have value V2 after write

< Ti commit> Transaction Ti has committed

< Ti abort> Transaction Ti has aborted


12/16

Concurrency Control

Concurrency control is a database management systems(DBMS) concept that is used to address conflicts with the

simultaneous accessing or altering of data that can occur with a

multi-user system. Concurrency control, when applied to a DBMS,

is meant to coordinate simultaneous transactions while preserving

data integrity.

Example:

Consider two travellers who go to electronic kiosks at the same

time to purchase a train ticket to the same destination on the same

train. There's only one seat left in the coach, but without

concurrency control, it's possible that both travellers will end uppurchasing a ticket for that one seat. However, with concurrency

control, the database wouldn't allow this to happen. Both travellers

would still be able to access the train seating database, but

concurrency control would preserve data accuracy and allow only

one traveller to purchase the seat.


13/16

Concurrency Control Locking Strategies:

Pessimistic Locking:

This concurrency control strategy involves keeping an entity in

a database locked the entire time it exists in the database'smemory.

This limits or prevents users from altering the data entity that is

locked.

There are two types of locks that fall under the category of

pessimistic locking:

Write lock

Read lock

With write lock, everyone but the holder of the lock isprevented from reading, updating, or deleting the entity. With

read lock, other users can read the entity, but no one except for

the lock holder can update or delete it.


14/16

Optimistic Locking:

This strategy can be used when instances ofsimultaneous transactions, or collisions, are

expected to be infrequent.

In contrast with pessimistic locking, optimistic

locking doesn't try to prevent the collisions fromoccurring.

Instead, it aims to detect these collisions and

resolve them on the chance occasions when they

occur.


15/16

References:

http://www.governmentsecurity.org/articleshttp://databasemanagement.wikia.com

Om Purna- madah, purna-midam purnat-purnam-udacyate

Purnaysa purna-madaya purna-meva-vasisyate

"That is the whole, this is the Whole; from the Whole, the Whole

arises; taking away the Whole from the Whole, the Wholeremains"


16/16

security recovery

Documents