chapter 12 database control issues: security, backup and recovery, concurrency fundamentals of...
TRANSCRIPT
Chapter 12Chapter 12Database Control Issues: Database Control Issues:
Security, Backup and Recovery, Security, Backup and Recovery, ConcurrencyConcurrency
Fundamentals of Database Management Systemsby
Mark L. Gillenson, Ph.D.
University of Memphis
Presentation by: Amita Goyal Chin, Ph.D.
Virginia Commonwealth University
John Wiley & Sons, Inc.
12-12-22
Chapter ObjectivesChapter Objectives
List the major data control issues handled List the major data control issues handled by database management systems. by database management systems.
List and describe the types of data security List and describe the types of data security breaches. breaches.
List and describe the types of data security List and describe the types of data security measures. measures.
12-12-33
Chapter ObjectivesChapter Objectives
Describe the concept of backup and Describe the concept of backup and recovery. recovery.
Describe the major backup and recovery Describe the major backup and recovery techniques. techniques.
Explain the problem of disaster recovery. Explain the problem of disaster recovery.
12-12-44
Chapter ObjectivesChapter Objectives
Describe the concept of concurrency Describe the concept of concurrency control. control.
Describe such concurrency control issues Describe such concurrency control issues and measures as the lost update problem, and measures as the lost update problem, locks and deadlock, and versioning. locks and deadlock, and versioning.
12-12-55
Database Control IssuesDatabase Control Issues Different corporate resources have different Different corporate resources have different
management requirements.management requirements. Money must be protected from theftMoney must be protected from theft Equipment must be secured against misuseEquipment must be secured against misuse Buildings may require security guardsBuildings may require security guards
Data is a corporate resource and has its own peculiar Data is a corporate resource and has its own peculiar concerns, which we call database control issues.concerns, which we call database control issues. Data securityData security Backup and recoveryBackup and recovery Concurrency controlConcurrency control
12-12-66
Database Control IssuesDatabase Control Issues
Data Security - protecting the data from theft, Data Security - protecting the data from theft, from malicious destruction, from unauthorized from malicious destruction, from unauthorized updating, etc.updating, etc.
Backup and Recovery - having procedures in Backup and Recovery - having procedures in place to recreate data that has been lost, for any place to recreate data that has been lost, for any reason.reason.
Concurrency Control - problems that can occur Concurrency Control - problems that can occur when two or more transactions or users attempt when two or more transactions or users attempt to update a piece of data simultaneously.to update a piece of data simultaneously.
12-12-77
The Importance of Data The Importance of Data SecuritySecurity
Good data security is absolutely critical to every Good data security is absolutely critical to every company and organization.company and organization.
A data security breach can dramatically affect a A data security breach can dramatically affect a company’s ability to continue normal functioning.company’s ability to continue normal functioning.
Customer data, which, for example, can be Customer data, which, for example, can be financial, medical, or legal in nature, must be financial, medical, or legal in nature, must be carefully guarded.carefully guarded.
12-12-88
Types of Data Security Types of Data Security BreachesBreaches
Unauthorized Data Access - someone obtains Unauthorized Data Access - someone obtains data that she is not authorized to see.data that she is not authorized to see.
Unauthorized Data or Program Modification - Unauthorized Data or Program Modification - someone changes the value of stored data that someone changes the value of stored data that they are not entitled to change.they are not entitled to change.
Malicious Mischief - someone can corrupt or Malicious Mischief - someone can corrupt or even erase some of a company’s data; hardware even erase some of a company’s data; hardware can be damaged, making data unusable.can be damaged, making data unusable.
12-12-99
Methods of Breaching Data Methods of Breaching Data SecuritySecurity
12-12-1010
Methods of Breaching Data Methods of Breaching Data SecuritySecurity
Unauthorized Computer AccessUnauthorized Computer Access Intercepting Data CommunicationsIntercepting Data Communications Stealing Disks or ComputersStealing Disks or Computers Computer VirusesComputer Viruses Damaging Computer HardwareDamaging Computer Hardware
12-12-1111
Unauthorized Computer Unauthorized Computer AccessAccess
By “hacking” or gaining access from outside of By “hacking” or gaining access from outside of the company.the company. Some hackers are software experts.Some hackers are software experts. Some hackers have stolen identification names and Some hackers have stolen identification names and
passwords and can enter a computer looking like passwords and can enter a computer looking like legitimate users.legitimate users.
Legitimate users, e.g., employees stealing dataLegitimate users, e.g., employees stealing data
12-12-1212
Intercepting Data Intercepting Data CommunicationsCommunications
““Wiretapping”Wiretapping”
Data can be stolen while it is being transmitted.Data can be stolen while it is being transmitted.
Twisted-pair telephone wire or coaxial cable can be Twisted-pair telephone wire or coaxial cable can be tapped.tapped.
Data bounced off satellites may be intercepted.Data bounced off satellites may be intercepted.
Light pulses with fiber-optic transmission cannot be Light pulses with fiber-optic transmission cannot be easily tapped.easily tapped.
12-12-1313
Stealing Disks or ComputersStealing Disks or Computers
Zip Disks, 3.5” diskettes, and CDs all have Zip Disks, 3.5” diskettes, and CDs all have the potential of being stolen.the potential of being stolen.
Laptop computers can be stolen.Laptop computers can be stolen.
Even desktop computers have been stolen Even desktop computers have been stolen from company offices.from company offices.
12-12-1414
Computer VirusesComputer Viruses
A malicious piece of software that is A malicious piece of software that is capable of copying itself and “spreading” capable of copying itself and “spreading” from computer to computer on diskettes from computer to computer on diskettes and through telecommunications lines.and through telecommunications lines.
Computer viruses that travel along data Computer viruses that travel along data communications lines are also called communications lines are also called wormsworms..
12-12-1515
Damaging Computer Damaging Computer HardwareHardware
Might be either deliberate or accidental.Might be either deliberate or accidental. FiresFires Coffee spillsCoffee spills HurricanesHurricanes Disgruntled or newly fired employees with Disgruntled or newly fired employees with
hammers or whatever other hard objects were hammers or whatever other hard objects were handy.handy.
12-12-1616
Types of Data Security Types of Data Security MeasuresMeasures
12-12-1717
Physical Security of Company Physical Security of Company PremisesPremises
Don’t put the computer in the basement Don’t put the computer in the basement because of the possibility of floods.because of the possibility of floods.
Don’t put the computer on the ground floor Don’t put the computer on the ground floor because of the possibility of a truck driving because of the possibility of a truck driving into the building, accidentally or on into the building, accidentally or on purpose.purpose.
12-12-1818
Physical Security of Company Physical Security of Company PremisesPremises
Don’t put the computer above the eighth Don’t put the computer above the eighth floor because that’s as high as fire truck floor because that’s as high as fire truck ladders can reach.ladders can reach.
Don’t put the computer on the top floor of Don’t put the computer on the top floor of the building because it is subject to the building because it is subject to helicopter landing and attack. helicopter landing and attack.
12-12-1919
Physical Security of Company Physical Security of Company PremisesPremises
If you occupy at least three floors of the If you occupy at least three floors of the building, don’t put the computer on your building, don’t put the computer on your topmost floor because its ceiling is another topmost floor because its ceiling is another company’s floor, and don’t put the company’s floor, and don’t put the computer on your bottommost floor computer on your bottommost floor because its floor is another company’s because its floor is another company’s ceiling.ceiling.
12-12-2020
Physical Security of Company Physical Security of Company PremisesPremises
Whatever floor you put the computer on, Whatever floor you put the computer on, keep it in an interior space away from the keep it in an interior space away from the windows.windows.
12-12-2121
Physical Security: Limit Physical Security: Limit AccessAccess
Access should be limited to those people Access should be limited to those people who have a legitimate need to be in the who have a legitimate need to be in the computer room.computer room.
Control access to the room.Control access to the room.
12-12-2222
Physical Security: Access to Physical Security: Access to RoomRoom
Require something people know, such as a secret code Require something people know, such as a secret code to be punched in.to be punched in.
Require people have something, such as a magnetic Require people have something, such as a magnetic stripe card, possibly combined with a secret code.stripe card, possibly combined with a secret code.
Use some human part that can be measured or Use some human part that can be measured or scanned. These biometric systems can be based on scanned. These biometric systems can be based on fingerprints, the dimensions and positions of facial fingerprints, the dimensions and positions of facial features, retinal blood vessel patterns, or voice patterns. features, retinal blood vessel patterns, or voice patterns.
12-12-2323
Controlled Access to the Controlled Access to the Computer SystemComputer System
First line of defense:First line of defense: Identification tagIdentification tag PasswordPassword
12-12-2424
PasswordPassword
Must be kept secret.Must be kept secret.
Must be changed periodically.Must be changed periodically.
Must not be written down.Must not be written down.
Should not appear on the terminal screen when Should not appear on the terminal screen when typed.typed.
Should be user-created.Should be user-created.
12-12-2525
Access to the DatabaseAccess to the Database
Restrict access to specific data so that only Restrict access to specific data so that only specific people can retrieve or modify it.specific people can retrieve or modify it.
Some systems have such controls in the Some systems have such controls in the operating system or in other utility software.operating system or in other utility software.
An additional layer of passwords may also be An additional layer of passwords may also be introduced.introduced.
12-12-2626
Access to the DatabaseAccess to the Database
At the DBMS level a user cannot simply At the DBMS level a user cannot simply access any data he wants to; users have access any data he wants to; users have to be given explicit authorization to access to be given explicit authorization to access data.data.
Use views (CREATE VIEW)Use views (CREATE VIEW)
Use SQL GRANT command.Use SQL GRANT command.
12-12-2727
Data EncryptionData Encryption
Data is changed, bit-by-bit or character-by-Data is changed, bit-by-bit or character-by-character, into a form that looks totally character, into a form that looks totally garbled.garbled.
Data can be stored, transmitted, etc. Data can be stored, transmitted, etc. encrypted.encrypted.
To be used, data must be decrypted.To be used, data must be decrypted.
12-12-2828
Data EncryptionData Encryption
Encryption generally involves a data Encryption generally involves a data conversion algorithm and a secret key.conversion algorithm and a secret key.
The recipient must be aware of both the The recipient must be aware of both the algorithm and the secret key so that it can algorithm and the secret key so that it can work the algorithm in reverse and decrypt work the algorithm in reverse and decrypt the data.the data.
12-12-2929
Data Encryption TechniquesData Encryption Techniques
Symmetric or private key encryptionSymmetric or private key encryption
Asymmetric or public key encryptionAsymmetric or public key encryption
12-12-3030
Symmetric EncryptionSymmetric Encryption
Require the same long bit-by-bit key for Require the same long bit-by-bit key for encrypting and decrypting the data.encrypting and decrypting the data.
Transmitting the private key may Transmitting the private key may compromise the key.compromise the key.
12-12-3131
Asymmetric EncryptionAsymmetric Encryption
Uses two different keys:Uses two different keys: Public key - used for encrypting the dataPublic key - used for encrypting the data Private key - used for decrypting the dataPrivate key - used for decrypting the data
Process tends to be slower than Process tends to be slower than symmetric encryption.symmetric encryption.
12-12-3232
SSL TechnologySSL Technology
Secure Socket LayerSecure Socket Layer
A combination of private key and public A combination of private key and public key encryption.key encryption.
Used on the World Wide Web.Used on the World Wide Web.
12-12-3333
SSL - Usage ExampleSSL - Usage Example
A person at home who wants to buy A person at home who wants to buy something from an online store.something from an online store.
Her PC and its WWW browser are the Her PC and its WWW browser are the client.client.
The online store’s computer is the server.The online store’s computer is the server.
12-12-3434
SSL - Usage ExampleSSL - Usage Example
Both sides want to conduct the secure Both sides want to conduct the secure transaction using private key technology.transaction using private key technology.
They have the problem of one side picking They have the problem of one side picking a private key and getting it to the other a private key and getting it to the other side in a secure manner.side in a secure manner.
How do they do it?How do they do it?
12-12-3535
SSL - Usage ExampleSSL - Usage Example
The client contacts the serverThe client contacts the server
The server sends the client its public key for its The server sends the client its public key for its public key algorithm.public key algorithm. No one cares if this public key is stolen.No one cares if this public key is stolen.
The client, using a random number generator, The client, using a random number generator, creates a “session key.”creates a “session key.” the key for the private key algorithm with which the the key for the private key algorithm with which the
secure transaction will be conductedsecure transaction will be conducted
12-12-3636
SSL - Usage ExampleSSL - Usage Example
The problemThe problem: How is the client going to : How is the client going to securely transmit the session key it securely transmit the session key it generated to the server, since both must generated to the server, since both must have it to use the private key algorithm for have it to use the private key algorithm for the transaction? the transaction?
12-12-3737
SSL - Usage ExampleSSL - Usage Example
The client is going to send the session key The client is going to send the session key to the server securely, using a public key to the server securely, using a public key algorithm and the server’s public key.algorithm and the server’s public key. The client encrypts the session key using the The client encrypts the session key using the
server’s public keyserver’s public key
The client transmits the encrypted session The client transmits the encrypted session key to the server with the public key key to the server with the public key algorithm.algorithm.
12-12-3838
SSL - Usage ExampleSSL - Usage Example
Once the session key has been securely Once the session key has been securely transmitted to the server, both the client transmitted to the server, both the client and the server have it and the secure and the server have it and the secure transaction can proceed using the private transaction can proceed using the private key algorithm.key algorithm.
12-12-3939
Antivirus SoftwareAntivirus Software
Used to combat computer viruses.Used to combat computer viruses.
Two basic methods:Two basic methods: Virus signatures - portions of the virus code Virus signatures - portions of the virus code
that are considered to be unique to it.that are considered to be unique to it.
Monitoring - software constantly monitors the Monitoring - software constantly monitors the computer environment to watch for requests computer environment to watch for requests or commands for any unusual activity.or commands for any unusual activity.
12-12-4040
FirewallsFirewalls
Software or a combination of hardware Software or a combination of hardware and software that protects a company’s and software that protects a company’s computer and its data against external computer and its data against external attack via data communications lines.attack via data communications lines.
Different kinds of firewalls.Different kinds of firewalls.
12-12-4141
Firewall: Proxy ServerFirewall: Proxy Server
A firewall that is a combination of hardware and software.A firewall that is a combination of hardware and software.
The proxy server takes apart the incoming message, extracts the The proxy server takes apart the incoming message, extracts the legitimate pieces of data, reformats the data for the company’s legitimate pieces of data, reformats the data for the company’s mainframe, and passes the data on to the company’s main mainframe, and passes the data on to the company’s main computer.computer.
12-12-4242
Training Employees in Good Training Employees in Good Security PracticesSecurity Practices
Log off your computer or at least lock your Log off your computer or at least lock your office door when you leave your office.office door when you leave your office.
Don’t write your computer password down Don’t write your computer password down anywhere.anywhere.
Don’t respond to any unusual requests for Don’t respond to any unusual requests for information about the computer system information about the computer system from anyone over the telephone. from anyone over the telephone.
12-12-4343
Training Employees in Good Training Employees in Good Security PracticesSecurity Practices
Don’t leave diskettes or other storage Don’t leave diskettes or other storage media lying around your office.media lying around your office.
Don’t take diskettes or other storage Don’t take diskettes or other storage media out of the building.media out of the building.
Don’t assume that a stranger in the Don’t assume that a stranger in the building is there legitimately without building is there legitimately without checking.checking.
12-12-4444
Backup and RecoveryBackup and Recovery
We have to assume that from time to time We have to assume that from time to time something will go wrong with our data, and something will go wrong with our data, and so we have to have the tools available to so we have to have the tools available to correct or reconstruct it.correct or reconstruct it.
12-12-4545
Backup Copies and JournalsBackup Copies and Journals
Two basic but very important tasks:Two basic but very important tasks: backing up the databasebacking up the database maintaining a journalmaintaining a journal
12-12-4646
BackupBackup
On a regularly scheduled basis, a On a regularly scheduled basis, a company’s databases must be backed up company’s databases must be backed up or copied.or copied.
The backup copy must be put in a safe The backup copy must be put in a safe place, away from the original in the place, away from the original in the computer system.computer system.
12-12-4747
Maintaining a JournalMaintaining a Journal
Tracks all changes that take place in the Tracks all changes that take place in the data.data. Updates to existing recordsUpdates to existing records Insertion of new recordsInsertion of new records Deletion of existing recordsDeletion of existing records
Does not track Does not track readread operations, because operations, because they do not change the data.they do not change the data.
12-12-4848
Database LogDatabase Log
Started immediately after the data is backup up.Started immediately after the data is backup up.
Two types:Two types: Change log / before and after image logChange log / before and after image log
• Records data value before and after a changeRecords data value before and after a change
Transaction logTransaction log• Keeps a record of the program that changed the data and all Keeps a record of the program that changed the data and all
of the inputs that the program used.of the inputs that the program used.
12-12-4949
(Roll) Forward Recovery(Roll) Forward Recovery
Assume a database table has been lost.Assume a database table has been lost.
To recreate this table:To recreate this table: Ready the last backup copy of the table.Ready the last backup copy of the table. Ready the logReady the log Roll forward in the log, applying the changes Roll forward in the log, applying the changes
that were made to the table since the last that were made to the table since the last backup.backup.
12-12-5050
Forward RecoveryForward Recovery
12-12-5151
Change LogChange Log
Only the last one of the changes to the Only the last one of the changes to the particular piece of data, which shows the particular piece of data, which shows the value of this piece of data at the point that value of this piece of data at the point that the table was destroyed, needs to be used the table was destroyed, needs to be used in updating the database copy in the roll-in updating the database copy in the roll-forward operation.forward operation.
12-12-5252
Backward Recovery or Backward Recovery or RollbackRollback
Suppose that in the midst of normal Suppose that in the midst of normal operation an error is discovered that operation an error is discovered that involves a piece of recently updated data.involves a piece of recently updated data.
The discovered error, and all other The discovered error, and all other changes that were made to the database changes that were made to the database since the error was discovered, must be since the error was discovered, must be backed out.backed out.
12-12-5353
Backward RecoveryBackward Recovery
Start with the Start with the database in its current database in its current state.state.
The log is positioned The log is positioned at the last entry.at the last entry.
12-12-5454
Backward RecoveryBackward Recovery
A recovery program A recovery program proceeds backwards proceeds backwards through the log, through the log, resetting each resetting each updated data value in updated data value in the database to its the database to its “before image,” until it “before image,” until it reaches the point reaches the point where the error was where the error was made.made.
12-12-5555
Duplicate or Mirrored Duplicate or Mirrored DatabasesDatabases
Two copies of the Two copies of the entire database are entire database are maintained, and both maintained, and both are updated are updated simultaneously.simultaneously.
12-12-5656
Duplicate or Mirrored Duplicate or Mirrored DatabasesDatabases
Advantage: If one system Advantage: If one system is destroyed, the is destroyed, the applications that use the applications that use the database can just keep database can just keep on running with the on running with the duplicate database.duplicate database.
Disadvantage: This is a Disadvantage: This is a relatively expensive relatively expensive proposition.proposition.
12-12-5757
Disaster RecoveryDisaster Recovery
Rebuilding an entire information system or Rebuilding an entire information system or significant parts of one, after a significant parts of one, after a catastrophic natural disaster such as:catastrophic natural disaster such as: a hurricanea hurricane a tornadoa tornado a earthquakea earthquake a building collapsea building collapse a major firea major fire
12-12-5858
Being Prepared for Disaster Being Prepared for Disaster RecoveryRecovery
Maintain totally mirrored systems (not just Maintain totally mirrored systems (not just databases) in different cities.databases) in different cities.
Contract with a company that maintains Contract with a company that maintains hardware similar to yours (a hot site) so that you hardware similar to yours (a hot site) so that you can be up and running again quickly after a can be up and running again quickly after a disaster.disaster.
Build a computer center that is relatively disaster Build a computer center that is relatively disaster proof.proof.
12-12-5959
Being Prepared for Disaster Being Prepared for Disaster RecoveryRecovery
Maintain space (a cold site) with electrical Maintain space (a cold site) with electrical connections, air conditioning, etc., into connections, air conditioning, etc., into which new hardware can be moved if need which new hardware can be moved if need be.be.
Make a reciprocal arrangement with Make a reciprocal arrangement with another company with hardware similar to another company with hardware similar to yours to aid each other in case one suffers yours to aid each other in case one suffers a disaster.a disaster.
12-12-6060
Concurrency ControlConcurrency Control
Many people using today’s applications Many people using today’s applications systems will require access to the same systems will require access to the same data at the same time.data at the same time.
Two or more users attempting to update Two or more users attempting to update some data simultaneously will conflict.some data simultaneously will conflict.
12-12-6161
The Lost Update ProblemThe Lost Update Problem
12-12-6262
Locks and DeadlockLocks and Deadlock
When a user begins an update operation When a user begins an update operation on a piece of data, the DBMS locks that on a piece of data, the DBMS locks that data. data.
Any attempt to begin another update Any attempt to begin another update operation on that same piece of data will operation on that same piece of data will be blocked, or “locked out,” until the first be blocked, or “locked out,” until the first update operation is completed and its lock update operation is completed and its lock on the data is released.on the data is released.
12-12-6363
LocksLocks
Prevents the Lost Update Problem.Prevents the Lost Update Problem.
Granularity of lock can vary.Granularity of lock can vary. Entire tableEntire table Record levelRecord level Etc.Etc.
12-12-6464
DeadlockDeadlock
Two or more transactions must each Two or more transactions must each update the same, multiple pieces of data.update the same, multiple pieces of data.
They each wait endlessly for the other to They each wait endlessly for the other to release the data that each has already release the data that each has already locked.locked.
Also called the deadly embrace.Also called the deadly embrace.
12-12-6565
DeadlockDeadlock
12-12-6666
Handling DeadlockHandling Deadlock
Deadlock PreventionDeadlock Prevention Difficult to accomplishDifficult to accomplish
Deadlock DetectionDeadlock Detection Allow deadlock to occurAllow deadlock to occur Detect occurrenceDetect occurrence Abort one of the deadlocked transactionsAbort one of the deadlocked transactions
12-12-6767
VersioningVersioning
Does not involve locks at all.Does not involve locks at all.
Each transaction is given a copy or “version” of Each transaction is given a copy or “version” of the data that it needs for an update operation.the data that it needs for an update operation.
Each transaction records its result in its own Each transaction records its result in its own copy of the data.copy of the data.
Then each transaction tries to update the actual Then each transaction tries to update the actual database with its result.database with its result.
12-12-6868
VersioningVersioning
Monitoring software checks to see if there Monitoring software checks to see if there is a conflict between two or more is a conflict between two or more transactions trying to update the same transactions trying to update the same data at the same time.data at the same time.
If there is, the software allows one of the If there is, the software allows one of the transactions to update the database and transactions to update the database and makes the other(s) start over again. makes the other(s) start over again.
12-12-6969
“Copyright 2004 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without express permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages caused by the use of these programs or from the use of the information contained herein.”