Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Chapter 7 Data Protection. 2 7.1. Data Recovery As with almost all complex forms of computer hardware and software, there is always the possibility.

Published byAsher Russell Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Chapter 7 Data Protection. 2 7.1. Data Recovery As with almost all complex forms of computer hardware and software, there is always the possibility."— Presentation transcript:

1 1 Chapter 7 Data Protection

2 2 7.1. Data Recovery As with almost all complex forms of computer hardware and software, there is always the possibility of failure in database systems Therefore, it becomes crucial for data administrators to have system recovery features in place to be able to recover database contents that are damaged or lost when problems occur Performing an actual recovery can be a difficult task In all likelihood, it may not be possible to completely and seamlessly restore data once an interruption has taken place

3 3 The volatility of computer memory and timing and complexity of computer processing inhibit the ability of data administrators to re-create data accurately However, a variety of strategies may be used to facilitate system recovery when problems occur Two of the more common approaches include mirroring and reprocessing –Mirroring involves making frequent simultaneous copies of a database to ensure that two or more copies are maintained in different locations at all times –This approach is expensive, but is most suitable when rapid recovery is needed –Travel agencies and airline reservation system databases often rely on this method of recovery

4 4 –Reprocessing involves going back to a known point of database activity before the problem occurred and reprocessing work from that point forward –However, periodic database saves must be performed so that the data administrator can go back and begin again at a clean starting point –In addition, records must be kept of all transactions made since the last save –These records are used to reenter and reprocess transactions that were lost as a result of the failure –This strategy is more time-consuming than mirroring, and all other transactions are delayed until the recovery process is complete

5 5 7.2. Concurrency Concurrency is the ability of a database to allow multiple users to affect multiple transactions This is one of the main properties that separate a database from other forms of data storage like spreadsheets A transaction is a logical unit of database processing that includes one or more access operations (read -retrieval, write - insert or update, delete) A transaction (set of operations) may be stand-alone specified in a high level language like SQL submitted interactively, or may be embedded within a program Transaction boundaries: Begin and End transaction An application program may contain several transactions separated by the Begin and End transaction boundaries

6 6 The ability to offer concurrency is unique to databases Spreadsheets or other flat file means of storage are often compared to databases, but they differ in this one important regard Spreadsheets cannot offer several users the ability to view and work on the different data in the same file; since once the first user opens the file it is locked to him or her Other users can read, but not edit data in the same file, regardless of whether or not the data they want to edit is the same data being edited by the original user who has locked the file

7 7 The problems caused by concurrency are even more important than the ability to support concurrent transactions For example, when one user is changing data but has not yet saved (committed) that data, then the database should not allow other users who query the same data to view the changed, unsaved data Instead they should only view the original data Almost all databases deal with concurrency the same way, though the terminology may differ The general principle is that changed but unsaved data is held in some sort of temporary log or file

8 8 Once it is saved, then it is written to the database’s physical storage in place of the original data As long as the user performing the change has not saved it, only he should be able to view the data he is changing All other users querying for the same data should view the ‘old’ data prior to the change Once the user saves the data, then new queries should view the new value of the data Concurrency control is a database management systems (DBMS) concept that is used to address conflicts with the simultaneous accessing or altering of data that can occur with a multi-user system

9 9 Concurrency control, when applied to a DBMS, is meant to coordinate simultaneous transactions while preserving data integrity Why Concurrency Control is needed: The Lost Update Problem This occurs when two transactions that access the same database items have their operations interleaved in a way that makes the value of some database item incorrect The Temporary Update (or Dirty Read) Problem This occurs when one transaction updates a database item and then the transaction fails for some reason. The updated item is accessed by another transaction before it is changed back to its original value

10 10 The Incorrect Summary Problem If one transaction is calculating an aggregate summary function on a number of records while other transactions are updating some of these records, the aggregate function may calculate some values before they are updated and others after they are updated

11 11 7.3. Data Security A database represents an essential corporate resource that should be properly secured using appropriate controls Database security encompasses hardware, software, people and data In multi-user database system - DBMS must provide a database security and authorization subsystem to enforce limits on individual and group access rights and privileges Database security and integrity is about protecting the database from being inconsistent and being disrupted; We can also call it database misuse Database misuse could be intentional or accidental, where accidental misuse is easier to cope with than intentional misuse

12 12 Accidental inconsistency could occur due to: –System crash during transaction processing –Anomalies due to concurrent access –Anomalies due to redundancy –Logical errors Like wise, even though there are various threats that could be categorized in this group, intentional misuse could be: –Unauthorized reading of data –Unauthorized modification of data or –Unauthorized destruction of data

13 13 Most systems implement good Database Integrity to protect the system from accidental misuse while there are many computer based measures to protect the system from intentional misuse, which is termed as Database Security measures Database security is considered in relation to the following situations: – Theft and fraud – Loss of confidentiality (secrecy) – Loss of privacy – Loss of integrity – Loss of availability

14 14 Security Issues and general considerations: –Legal, ethical and social issues regarding the right to access information –Physical control –Policy issues regarding privacy of individual level at enterprise and national level –Operational consideration on the techniques used (password, etc) –System level security including operating system and hardware control –Security levels and security policies in enterprise level

15 15 Database security - the mechanisms that protect the database against intentional or accidental threats Threat – any situation or event, whether intentional or accidental, that may adversely affect a system and consequently the organization A threat may be caused by a situation or event involving a person, action, or circumstance that is likely to bring harm to an organization The harm to an organization may be tangible or intangible –Tangible – loss of hardware, software, or data –Intangible – loss of credibility or client confidence

16 16 Examples of threats: –Using another persons’ means of access –Unauthorized amendment/modification or copying of data –Program alteration –Inadequate policies and procedures that allow a mix of confidential and normal out put –Wire-tapping –Illegal entry by hacker –Blackmail –Creating ‘trapdoor’ into system –Theft of data, programs, and equipment –Failure of security mechanisms, giving greater access than normal

17 17 –Staff shortages or strikes –Inadequate staff training –Viewing and disclosing unauthorized data –Electronic interference and radiation –Data corruption owing to power loss or surge –Fire (electrical fault, lightning strike, arson), flood, bomb –Physical damage to equipment –Breaking cables or disconnection of cables –Introduction of viruses

18 18 Levels of Security Measures Security measures can be implemented at several levels and for different components of the system. These levels are: 1.Physical Level: concerned with securing the site containing the computer system should be physically secured. The backup systems should also be physically protected from access except for authorized users 2.Human Level: concerned with authorization of database users for access the content at different levels and privileges 3.Operating System: concerned with the weakness and strength of the operating system security on data files. Weakness may serve as a means of unauthorized access to the database. This also includes protection of data in primary and secondary memory from unauthorized access

19 19 4.Database System: concerned with data access limit enforced by the database system. Access limit like password, isolated transaction and etc Even though we can have different levels of security and authorization on data objects and users, who access which data is a policy matter rather than technical These policies –should be known by the system: should be encoded in the system –should be remembered: should be saved somewhere (the catalogue)

20 20 An organization needs to identify the types of threat it may be subjected to and initiate appropriate plans and countermeasures, bearing in mind the costs of implementing them Countermeasures: Computer based controls The types of countermeasure to threats on computer systems range from physical controls to administrative procedures Despite the range of computer-based controls that are available, it is worth noting that, generally, the security of a DBMS is only as good as that of the operating system, owing to their close association

21 21 The following are computer-based security controls for a multi-user environment: Authorization –The granting of a right or privilege that enables a subject to have legitimate access to a system or a system’s object –Authorization controls can be built into the software, and govern not only what system or object a specified user can access, but also what the user may do with it –Authorization controls are sometimes referred to as access controls –The process of authorization involves authentication of subjects (i.e. a user or program) requesting access to objects (i.e. a database table, view, procedure, trigger, or any other object that can be created within the system)

22 22 Views –A view is the dynamic result of one or more relational operations operation on the base relations to produce another relation –A view is a virtual relation that does not actually exist in the database, but is produced upon request by a particular user –The view mechanism provides a powerful and flexible security mechanism by hiding parts of the database from certain users –Using a view is more restrictive than simply having certain privileges granted to a user on the base relation (s)

23 23 Integrity –Integrity constraints contribute to maintaining a secure database system by preventing data from becoming invalid and hence giving misleading or incorrect results –Domain Integrity –Entity integrity –Referential integrity –Key constraints

24 24 Backup and recovery – Backup is the process of periodically taking a copy of the database and log file (and possibly programs) on to offline storage media – A DBMS should provide backup facilities to assist with the recovery of a database following failure – Database recovery is the process of restoring the database to a correct state in the event of a failure – Journaling is the process of keeping and maintaining a log file (or journal) of all changes made to the database to enable recovery to be undertaken effectively in the event of a failure – The advantage of journaling is that, in the event of a failure, the database can be recovered to its last known consistent state using a backup copy of the database and the information contained in the log file

25 25 –If no journaling is enabled on a failed system, the only means of recovery is to restore the database using the latest backup version of the database –However, without a log file, any changes made after the last backup to the database will be lost Encryption –The encoding of the data by a special algorithm that renders the data unreadable by any program without the decryption key –If a database system holds particularly sensitive data, it may be deemed necessary to encode it as a precaution against possible external threats or attempts to access it

26 26 –The DBMS can access data after decoding it, although there is a degradation in performance because of the time taken to decode it –Encryption also protects data transmitted over communication lines

Download ppt "1 Chapter 7 Data Protection. 2 7.1. Data Recovery As with almost all complex forms of computer hardware and software, there is always the possibility."

Similar presentations

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Database Management System MIS 520 – Database Theory Fall 2001 (Day) Lecture 13.

Database Management System MIS 520 – Database Theory Fall 2001 (Day) Lecture 13.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
Security and Integrity

Security and Integrity
Database Management System

Database Management System
Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.

Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.
Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.

Security Dale-Marie Wilson, Ph.D.. Why Database Security? Data Valuable resource Must be strictly controlled and managed Corporate resource Have strategic.
Database Administration Chapter Six DAVID M. KROENKE’S DATABASE CONCEPTS, 2 nd Edition.

Database Administration Chapter Six DAVID M. KROENKE’S DATABASE CONCEPTS, 2 nd Edition.
1 7 Concepts of Database Management, 4 th Edition, Pratt & Adamski Chapter 7 DBMS Functions.

1 7 Concepts of Database Management, 4 th Edition, Pratt & Adamski Chapter 7 DBMS Functions.
Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.

Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.

1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
IS 4420 Database Fundamentals Chapter 12: Data and Database Administration Leon Chen.

IS 4420 Database Fundamentals Chapter 12: Data and Database Administration Leon Chen.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Concepts of Database Management Seventh Edition

Concepts of Database Management Seventh Edition
Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 19 Security Transparencies © Pearson Education Limited 1995, 2005.
Chapter 1 Introduction to Databases

Chapter 1 Introduction to Databases
DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.

DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.

Similar presentations

Ads by Google