1 . Ching, Ph.D. • MIS • California State University, Sacramento Week 14 Week 14 November 28 November 28 • Database Security Database Security • Transaction Management and Transaction Management and Concurrency Controls Concurrency Controls • Distributed Database Distributed Database • Data Warehouse, Data Marts and Data Warehouse, Data Marts and MMDBMS MMDBMS • OODBMS OODBMS
59
Embed
1 R. Ching, Ph.D. MIS California State University, Sacramento Week 14 November 28 Database SecurityDatabase Security Transaction Management and Concurrency.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
R. Ching, Ph.D. • MIS • California State University, Sacramento
Week 14Week 14November 28November 28
• Database SecurityDatabase Security• Transaction Management and Concurrency ControlsTransaction Management and Concurrency Controls
• Distributed DatabaseDistributed Database• Data Warehouse, Data Marts and MMDBMSData Warehouse, Data Marts and MMDBMS
• OODBMSOODBMS
2
R. Ching, Ph.D. • MIS • California State University, Sacramento
Controls Controls (objectives for system)(objectives for system)Controls Controls (objectives for system)(objectives for system)
Database SecurityDatabase Security
• The protection of the database against threats using both The protection of the database against threats using both technical and administrative controlstechnical and administrative controls
• Database security aims to Database security aims to minimizeminimize losses caused by losses caused by anticipated events in a anticipated events in a cost-effectivecost-effective manner without manner without unduly constraining the usersunduly constraining the users
Organization PolicyOrganization PolicyOrganization PolicyOrganization Policy Threats:Threats: Theft and fraudTheft and fraud Loss of confidentialityLoss of confidentiality Loss of privacyLoss of privacy Loss of integrityLoss of integrity Loss of availabilityLoss of availability
Organizational ResourceOrganizational Resource
3
R. Ching, Ph.D. • MIS • California State University, Sacramento
Countermeasures and Contingency PlansCountermeasures and Contingency PlansCountermeasures and Contingency PlansCountermeasures and Contingency Plans
ThreatsThreats
• Any situation or event, whether intentional or Any situation or event, whether intentional or unintentional, that will adversely affect a system and unintentional, that will adversely affect a system and consequently the organization.consequently the organization.
R. Ching, Ph.D. • MIS • California State University, Sacramento
Threats and CountermeasuresThreats and Countermeasures
• Initiate countermeasures to overcome threatsInitiate countermeasures to overcome threats
– Consider the types of threat and their impact on the Consider the types of threat and their impact on the organizationorganization
• Cost-effectivenessCost-effectiveness
• FrequencyFrequency
• SeveritySeverity
5
R. Ching, Ph.D. • MIS • California State University, Sacramento
Threats and CountermeasuresThreats and Countermeasures
• Objective is to achieve a balance between a reasonable Objective is to achieve a balance between a reasonable secure operation, which does not unduly hinder users, and secure operation, which does not unduly hinder users, and the costs of maintaining it.the costs of maintaining it.
• Risks are independent of the countermeasuresRisks are independent of the countermeasures
R. Ching, Ph.D. • MIS • California State University, Sacramento
CountermeasuresCountermeasures
• Computer-based vs. Non-computer-basedComputer-based vs. Non-computer-based
Implemented through Implemented through the operating system the operating system and/or DBMSand/or DBMS
Management policies Management policies and proceduresand procedures
7
R. Ching, Ph.D. • MIS • California State University, Sacramento
Computer-Based ControlsComputer-Based Controls
• Computer-based controlsComputer-based controls
– AuthorizationAuthorization
– ViewsViews
– Backup (and recovery)Backup (and recovery)
– JournalingJournaling
– CheckpointingCheckpointing
– IntegrityIntegrity
– EncryptionEncryption
– Associated proceduresAssociated procedures
8
R. Ching, Ph.D. • MIS • California State University, Sacramento
Computer-based Control: Computer-based Control:
Authorization or Access ControlsAuthorization or Access Controls
• Granting privileges which enables users and applications Granting privileges which enables users and applications to legitimately have access to a system or object (table, to legitimately have access to a system or object (table, view, application, procedure, etc.)view, application, procedure, etc.)
– Authentication ensures the user is who s/he claims Authentication ensures the user is who s/he claims her/himself to beher/himself to be
• Layers of access or penetration into a systemLayers of access or penetration into a system
– Ownership and privilegesOwnership and privileges
• Access to database(s)Access to database(s)
• Manipulation and definition of dataManipulation and definition of data
9
R. Ching, Ph.D. • MIS • California State University, Sacramento
Authorization and AuthenticationAuthorization and Authentication
Operating SystemOperating System
DBMSDBMS
O/S UserO/S User
DBMS UserDBMS User
DatabaseDatabase DatabaseDatabase
TableTableObjects and PrivilegesObjects and Privileges
TableTable
GrantsGrants
10
R. Ching, Ph.D. • MIS • California State University, Sacramento
Computer-based Control: Computer-based Control:
ViewsViews
• Virtual relation to support a user’s particular needsVirtual relation to support a user’s particular needs
– Restricts access and actionsRestricts access and actions
– Created upon demand of the userCreated upon demand of the user
Virtual relationVirtual relation
Base Base RelationsRelations
11
R. Ching, Ph.D. • MIS • California State University, Sacramento
Computer-based Control:Computer-based Control:
TablesTables
SQL> grant select, update, delete on comp_products to SQL> grant select, update, delete on comp_products to scott;scott;
Grant succeeded.Grant succeeded.
SQL> revoke delete on comp_products from scott;SQL> revoke delete on comp_products from scott;
Revoke succeeded.Revoke succeeded.
User nameUser name
PrivilegePrivilege
TableTable
GRANT GRANT privilegeprivilege ON ON tabletable TO TO useruser;;REVOKE REVOKE privilegeprivilege ON ON tabletable FROM FROM useruser;;
GRANT GRANT privilegeprivilege ON ON tabletable TO TO useruser;;REVOKE REVOKE privilegeprivilege ON ON tabletable FROM FROM useruser;;
12
R. Ching, Ph.D. • MIS • California State University, Sacramento
Transaction ManagementTransaction Management
What is a “transaction?”What is a “transaction?”
• An action or series of actions, carried out by a single user An action or series of actions, carried out by a single user or application program which reads or updates (changes) or application program which reads or updates (changes) the contents of the databasethe contents of the database
– RetrievalsRetrievals
– Updates (modifications)Updates (modifications)
– InsertionsInsertions
– DeletionsDeletions
13
R. Ching, Ph.D. • MIS • California State University, Sacramento
What is a “transaction?”What is a “transaction?”
• CharacteristicsCharacteristics
– Atomicity (entirety of action)Atomicity (entirety of action)
– Consistency (from one consistent state to another)Consistency (from one consistent state to another)
– Isolation (independent of other transactions)Isolation (independent of other transactions)
– Durability (permanence)Durability (permanence)
14
R. Ching, Ph.D. • MIS • California State University, Sacramento
Transaction ManagementTransaction Management
• Provide a means for maintaining the integrity of the Provide a means for maintaining the integrity of the databasedatabase
• Importance:Importance:
– In a multi-user environment, the order of transactions In a multi-user environment, the order of transactions actions must be maintained through actions must be maintained through concurrency concurrency controlcontrol
– In the event of a failure or destruction of data, data In the event of a failure or destruction of data, data must be reconstructed through must be reconstructed through database recover database recover
Data IntegrityData Integrity
15
R. Ching, Ph.D. • MIS • California State University, Sacramento
Concurrency ControlConcurrency Control
• The process of managing simultaneous operations on the The process of managing simultaneous operations on the database without having them interfere with one anotherdatabase without having them interfere with one another
• Potential problems:Potential problems:
– Lost update problem (one update overrides another)Lost update problem (one update overrides another)
– Uncommitted dependency problem (intermediate results Uncommitted dependency problem (intermediate results of one update viewed by another before it has been of one update viewed by another before it has been committed)committed)
– Inconsistent analysis problem (data retrieved by one user Inconsistent analysis problem (data retrieved by one user updated by another before the end of the retrievals) updated by another before the end of the retrievals)
– Nonrepeatable read (retrieval results cannot be repeated)Nonrepeatable read (retrieval results cannot be repeated)
16
R. Ching, Ph.D. • MIS • California State University, Sacramento
Concurrency ControlConcurrency Control
• Serializability - scheduling transactions to maximize Serializability - scheduling transactions to maximize concurrency and parallelism, yet preventing them from concurrency and parallelism, yet preventing them from interfering with one another and maintaining consistencyinterfering with one another and maintaining consistency
– Serial schedule - non-interleaved transactionsSerial schedule - non-interleaved transactionsTT11 T T22 T T33 ... ... T Tnn
• Locking methods – lock denies other users from accessing Locking methods – lock denies other users from accessing the data while user accessing themthe data while user accessing them
– Shared vs. exclusive lockShared vs. exclusive lock
– ““Deadly embrace” or deadlock – when a user has a lock Deadly embrace” or deadlock – when a user has a lock on one data item and awaits another, and a second user on one data item and awaits another, and a second user awaits the data item locked by the first user and has a awaits the data item locked by the first user and has a lock on the data item sought by the firstlock on the data item sought by the first
• All transactions assigned a timestamp (unique identifier All transactions assigned a timestamp (unique identifier that indicates its relative starting time)that indicates its relative starting time)
• Smaller (older) timestamps are given prioritySmaller (older) timestamps are given priority
• Conflicts resolved through rollbacks and restartsConflicts resolved through rollbacks and restarts
– Transaction rolled back (to its beginning) and restarted Transaction rolled back (to its beginning) and restarted (reassigned a newer timestamp)(reassigned a newer timestamp)
20
R. Ching, Ph.D. • MIS • California State University, Sacramento
TimestampingTimestamping
• ProblemsProblems
– A younger transaction writes a data item before an A younger transaction writes a data item before an older transaction accesses itolder transaction accesses it
– An older transaction needs to write a data item already An older transaction needs to write a data item already accessed by a younger transactionaccessed by a younger transaction
– An older transaction needs to write a data item already An older transaction needs to write a data item already written by a younger transactionwritten by a younger transaction
• Resolved through roll backs and restartsResolved through roll backs and restarts
21
R. Ching, Ph.D. • MIS • California State University, Sacramento
Distributed DatabasesDistributed Databases
• Distributed database:Distributed database:A logically interrelated collection of shared data, A logically interrelated collection of shared data, physically distributed over a computer networkphysically distributed over a computer network
DDBMS – DDBMS – software system that software system that permits the management of the permits the management of the distributed database and makes the distributed database and makes the distribution transparent to the user.distribution transparent to the user.
TransparencyTransparency
Site 1Site 1
DatabaseDatabase
Local DBMSLocal DBMS
Global Data Global Data DictionaryDictionary
Global Data Global Data DictionaryDictionary
DDBMSDDBMSDDBMSDDBMS
Site 1Site 1
DatabaseDatabase
Local DBMSLocal DBMS
Global Data Global Data DictionaryDictionary
Global Data Global Data DictionaryDictionary
DDBMSDDBMSDDBMSDDBMS
Site 1Site 1
DatabaseDatabase
Local DBMSLocal DBMS
Global Data Global Data DictionaryDictionary
Global Data Global Data DictionaryDictionary
DDBMSDDBMSDDBMSDDBMS
Site 1Site 1
Heterogeneous Heterogeneous vs. vs.
HomogenousHomogenous
22
R. Ching, Ph.D. • MIS • California State University, Sacramento
Site 1Site 1
DatabaseDatabase
Local DBMSLocal DBMS
Global Data Global Data DictionaryDictionary
Global Data Global Data DictionaryDictionary
DDBMS ArchitectureDDBMS Architecture
Site 2Site 2
DataDataCommunicationsCommunications
DatabaseDatabase
Local DBMSLocal DBMS
Global Data Global Data DictionaryDictionary
Global Data Global Data DictionaryDictionary
Local external schemaLocal external schemaLocal conceptual schemaLocal conceptual schema
Local internal schemaLocal internal schema
Local external schemaLocal external schemaLocal conceptual schemaLocal conceptual schema
• TransactionTransaction– All distributed transactions maintain the distributed All distributed transactions maintain the distributed
database’s integrity and consistencydatabase’s integrity and consistency• Concurrency transparencyConcurrency transparency• Failure transparencyFailure transparency
The user should NOT be The user should NOT be aware of where the data aware of where the data reside or are allocatedreside or are allocated
29
R. Ching, Ph.D. • MIS • California State University, Sacramento
TransparencyTransparency
• PerformancePerformance
– DDBMS must perform as if it were a centralized DDBMS must perform as if it were a centralized DBMSDBMS
• DBMSDBMS
– Hides the knowledge that the local DBMS may be Hides the knowledge that the local DBMS may be different (applicable to heterogeneous DDBMS)different (applicable to heterogeneous DDBMS)
30
R. Ching, Ph.D. • MIS • California State University, Sacramento
Inte
rnal
Inte
rnal
Ext
erna
lE
xter
nal
Wel
l def
ined
Wel
l def
ined
Wid
eW
ide
Det
aile
dD
etai
led
Agg
rega
teA
ggre
gate
His
toric
alH
isto
rical
Fut
ure
Fut
ure
Qui
te o
ldQ
uite
old
Ver
y fr
eque
ntV
ery
freq
uent
Infr
eque
ntIn
freq
uent
Hig
hH
igh
Low
Low
Management Management ControlControl
Operational Operational ControlControl
StrategicStrategicPlanningPlanning
Hig
hly
curr
ent
Hig
hly
curr
ent
Leve
l of
Agg
rega
tion
Leve
l of
Agg
rega
tion
Sou
rce
Sou
rce
Sco
peS
cope
Tim
e H
oriz
onT
ime
Hor
izon
Cur
renc
yC
urre
ncy
Fre
quen
cy o
f U
seF
requ
ency
of
Use
Req
uire
d A
ccur
acy
Req
uire
d A
ccur
acy
Robert Anthony’s Taxonomy of Managerial Robert Anthony’s Taxonomy of Managerial Information RequirementsInformation Requirements
Information RequirementsInformation Requirements
Information requirements change Information requirements change between levels of managementbetween levels of management
31
R. Ching, Ph.D. • MIS • California State University, Sacramento
Inte
rnal
Inte
rnal
Ext
erna
lE
xter
nal
Wel
l def
ined
Wel
l def
ined
Wid
eW
ide
Det
aile
dD
etai
led
Agg
rega
teA
ggre
gate
His
toric
alH
isto
rical
Fut
ure
Fut
ure
Qui
te o
ldQ
uite
old
Ver
y fr
eque
ntV
ery
freq
uent
Infr
eque
ntIn
freq
uent
Hig
hH
igh
Low
Low
Management Management ControlControl
Operational Operational ControlControl
StrategicStrategicPlanningPlanning
Hig
hly
curr
ent
Hig
hly
curr
ent
Leve
l of
Agg
rega
tion
Leve
l of
Agg
rega
tion
Sou
rce
Sou
rce
Sco
peS
cope
Tim
e H
oriz
onT
ime
Hor
izon
Cur
renc
yC
urre
ncy
Fre
quen
cy o
f U
seF
requ
ency
of
Use
Req
uire
d A
ccur
acy
Req
uire
d A
ccur
acy
Robert Anthony’s Taxonomy of Managerial Robert Anthony’s Taxonomy of Managerial Information RequirementsInformation Requirements
R. Ching, Ph.D. • MIS • California State University, Sacramento
Data WarehousingData Warehousing
• A subject-oriented, integrated, time-variant, and non-A subject-oriented, integrated, time-variant, and non-volatile collection of data in support of management’s volatile collection of data in support of management’s decision-making process. decision-making process.
Internal dataInternal data(within the organization)(within the organization)
Competitive or Strategic AdvantageCompetitive or Strategic Advantage
Summarized dataSummarized data
33
R. Ching, Ph.D. • MIS • California State University, Sacramento
Data Warehousing CharacteristicsData Warehousing Characteristics
• Subject-oriented - Organized around the major business Subject-oriented - Organized around the major business subjects or entities, such as customers, order or productssubjects or entities, such as customers, order or products
• Integrated - Operational (internal) data and external data are Integrated - Operational (internal) data and external data are integrated into the data warehouse to provide a single integrated into the data warehouse to provide a single unified database for decision supportunified database for decision support
• Time-variant - Use time stamps to represent historical data. Time-variant - Use time stamps to represent historical data. Data warehouses consist of a long series of snapshots, each Data warehouses consist of a long series of snapshots, each of which represents operational data captured at a point in of which represents operational data captured at a point in timetime
• Nonvolatile - New data are appended, rather than replaced, Nonvolatile - New data are appended, rather than replaced, so that historical data are preservedso that historical data are preserved
34
R. Ching, Ph.D. • MIS • California State University, Sacramento
End-user tools:End-user tools:• ReportingReporting• EISEIS• OLAPOLAP• Data miningData mining
• A A subsetsubset of a data warehouse that supports the of a data warehouse that supports the requirements of a particular department or business requirements of a particular department or business functionfunction
Data WarehouseData Warehouse
Data MartData Mart
36
R. Ching, Ph.D. • MIS • California State University, Sacramento
ImplementationImplementation
• Build data warehouse firstBuild data warehouse first
• Build data marts firstBuild data marts first
• Build both in parallelBuild both in parallel
Data WarehouseData Warehouse
Data MartsData Marts
ArchitectureArchitecture
Developed and implemented in parallelDeveloped and implemented in parallel
37
R. Ching, Ph.D. • MIS • California State University, Sacramento
R. Ching, Ph.D. • MIS • California State University, Sacramento
SQL> create or replace type contact_addresses as varray(4) of varchar2(30);SQL> create or replace type contact_addresses as varray(4) of varchar2(30); 2 /2 /
Type created.Type created.
SQL> create or replace type contact_zip_codes as varray(4) of char(8);SQL> create or replace type contact_zip_codes as varray(4) of char(8); 2 /2 /
Type created.Type created.
New Data Type: VARRAYNew Data Type: VARRAY
• Single dimension arrays of fixed lengthsSingle dimension arrays of fixed lengths
50
R. Ching, Ph.D. • MIS • California State University, Sacramento
Object TypesObject Types
• Three components:Three components:
– Name - unique identifier of the objectName - unique identifier of the object
– Attributes - describes the object through built-in and Attributes - describes the object through built-in and abstract data typesabstract data types
– Method - dictates the behavior of the objectMethod - dictates the behavior of the object
SQL> create type students as objectSQL> create type students as object 2 (student_ID char(9),2 (student_ID char(9), 3 student_information personal_information);3 student_information personal_information); 4 /4 /
Type created.Type created.
51
R. Ching, Ph.D. • MIS • California State University, Sacramento
SQL> create or replace type SQL> create or replace type contact_addressescontact_addresses as varray(4) of varchar2(30); as varray(4) of varchar2(30); 2 /2 /
Type created.Type created.
SQL> create or replace type SQL> create or replace type contact_zip_codescontact_zip_codes as varray(4) of char(8); as varray(4) of char(8); 2 /2 /
Type created.Type created.
SQL> create or replace SQL> create or replace type personal_informationtype personal_information as as objectobject 2 (first_name varchar2(20),2 (first_name varchar2(20), 3 middle_name varchar2(20),3 middle_name varchar2(20), 4 last_name varchar2(30),4 last_name varchar2(30), 5 address contact_addresses,5 address contact_addresses, 6 zip_code contact_zip_codes);6 zip_code contact_zip_codes); 7 /7 /
Type created.Type created.
Embedding a user-defined data typeEmbedding a user-defined data type
Data nameData name Data typeData type
ADTADT
52
R. Ching, Ph.D. • MIS • California State University, Sacramento
SQL> create or replace type SQL> create or replace type personal_informationpersonal_information as object as object 2 (first_name varchar2(20),2 (first_name varchar2(20), 3 middle_name varchar2(20),3 middle_name varchar2(20), 4 last_name varchar2(30),4 last_name varchar2(30), 5 address contact_addresses,5 address contact_addresses, 6 zip_code contact_zip_codes);6 zip_code contact_zip_codes); 7 /7 /
R. Ching, Ph.D. • MIS • California State University, Sacramento
MethodsMethods
SQL> create or replace type transactionsSQL> create or replace type transactions 2 (trans_id number,2 (trans_id number, 3 trans_date date)3 trans_date date) 4 map member function get_date4 map member function get_date 5 return date is5 return date is 6 begin6 begin 7 select sysdate from dual;7 select sysdate from dual; 8 end;8 end; 9 );9 ); 10 /10 /
FunctionFunction
Map method:Map method:
59
R. Ching, Ph.D. • MIS • California State University, Sacramento