Security and Transaction

Security and Transaction

Nhi Tran

CS 157B - Dr. Lee

Fall, 2003

Database Security is the mechanisms that protect the database against intentional or accidental threats.

A threat is any situation or event, whether

intentional or accidental, that will adversely

affect a system and consequently an

organization.

Database security is concerned with avoiding the following situations:

• Theft and fraud

• Loss of confidentiality

• Loss of privacy

• Loss of integrity

• Loss of availability

Computer-based security controls for multi-user environment

• Authorization

• Views

• Backup and recovery

• Integrity

• Encryption

• RAID technology

AuthorizationThe granting of a right or privilege that enables a subject to have legitimate access to a system or a system’s object.

Authentication

A mechanism that determines whether a user is who he or she claims to be.

ViewA view is the dynamic result of one or more relational operations operating on the base relations to produce another relation.

Backup and RecoveryThe process of periodically taking a copy of the database and log file on to offline storage media.

Integrity

Integrity constraints contribute to

maintaining a secure database

system by preventing data from

becoming invalid, and hence giving

misleading or incorrect results.

EncryptionThe encoding of the data by a special algorithm that renders the data unreadable by any program without the decryption key.

• Symmetric encryption

A technique uses the same key for both

encryption and decryption and relies on safe

communication lines for exchanging the key.• Asymmetric encryption

A technique uses different keys for encryption

and decryption.

RAIDRedundant Array of Independent Disks

• RAID works on having a large disk array comprising an arrangement of several independent disks that are organized to improve reliability and at the same time increase performance.

• Performance is increased through data striping: the data is segmented into equal size partitions (striping unit) which are transparently distributed across multiple disks.

• Reliability is improved through storing redundant information across the disks using a parity scheme or an error-correcting scheme.

Functions are intended to ensure the database is reliable and remains in a consistent state:

• Transaction support

• Concurrency control service

• Recovery services

Transaction Support

Transaction: The execution of a program that access or change the contents of database.

Two possible outcomes• Committed

Transactions can terminate successfully.• Aborted

Transactions terminate unsuccessfully. Aborted transactions must be undone or roll back.

Properties of Transactions (ACID)

• Atomicity: A transaction is either performed in its entirety or is not performed at all. It is the responsibility of the recovery subsystem of the DBMS to ensure atomicity.

• Consistency: A transaction must transform the database from one consistent state to another consistent state.It is the responsibility of DBMS and the application developer to ensure consistency.

Transaction Properties (cont’d)

• Isolation: Transactions execute independently of one another. It is the responsibility of the concurrency control subsystem to ensure isolation.

• Durability: A successfully completed (committed) transaction are permanently recorded in the database.It is the responsibility of the recovery subsystem to ensure durability.

Concurrency Control: The process of managing simultaneous operations on the database without having them interfere with one another.

Potential problems caused by concurrency

• Lost update problemAn apparently successfully completed update operation by one user can be overridden by another user.

• Uncommitted dependency problemIt occurs when one transaction is allowed to see the intermediate results of another transaction before it has committed.

• Inconsistent analysis problemIt occurs when a transaction reads several values from the database but a second transaction updates some of them during the execution of the first.

The objective of Serializability is to find non-serial schedules that allow transactions to execute concurrently without interfering with one another, and thereby produce a database state that could be produce by a serial execution.

• Schedule shows the sequence of the operations of transaction.

• Serial schedule: A schedule where the operations of each transaction are executed consecutively without any interleaved operations from other transactions.

• Non-serial schedule: A schedule where the operations from a set of concurrent transactions are interleaved.

Two methods guarantee serializability

• Two-phase locking• Timestamping

LockingA procedure used to control current access to data. When one transaction is accessing the database, a lock may deny access to other transaction to prevent incorrect results.

• Shared lock: If a transaction has a shared lock on a data item, it can read the item but not update it.

• Exclusive lock: If a transaction has an exclusive lock on a data item, it can both read and update the item.

Two-phase lockingA transaction follows the two-phase locking protocol if all locking operations precede the first unlock operation in the transaction.

• Growing phase

It acquires all the locks needed but cannot release any locks.

• Shrinking phase

It releases its locks but cannot acquire any new locks.

Two-phase locking (cont’d)

It never releases any lock until it has reached the stage where no new locks are needed.The rules are:• A transaction must acquire a lock on an item

before operating on the item. The lock may be read or write, depending on the type of access needed.

• Once the transaction releases a lock, it can never acquire any new locks.

Problems with two-phase locking

• Cascading rollback

The situation, in which a single transaction leads to a series of rollbacks.

• Deadlock

It occurs when two or more transactions are waiting to access data the other transaction has locked.

Solutions to the problems with two-phase locking.Cascading rollback Deadlock

• Rigorous 2PLLeave the release of all locks until the end of the transaction.

• Strict 2PLOnly holds exclusive locks until the end of the transaction

• TimeoutsThe transaction requires a lock waits for at most a specified period of time

• Deadlock preventionDBMS looks ahead to determine if a transaction would cause a dead lock, and never allows deadlock to occur

• Deadlock detection and recoveryDBMS allows deadlock to occur but recognizes occurrences of deadlock and break them.

TimestampingA concurrency control protocol that orders transactions in such a way that older transactions get priority in the event of conflict.

Timestamps and locking• Generally, timestamping is superior in situations where either

most transactions are read-only, or it is rare that concurrent transactions will try to read and write the same element.

• In high-conflict situations, locking performs better.

Locking will frequently delay transactions as they wait for locks, and can even lead to deadlocks where several transactions for a long time, and then one has to be rolled back. But if concurrent transactions frequently read and write elements in common, then rollbacks will be frequently, introducing even more delay than a locking system.

Database RecoveryThe process of restoring the database to a correct state in the event of a failure.The storage of data generally includes four

different types of media with an increasing

degree of reliability:• Main memory• Magnetic disk• Magnetic tape• Optical disk

Causes of failure

• System crush due to hardware or software errors, resulting in loss of main memory

• Media failures , such as head crashes or unreadable media, resulting in the loss of parts of secondary storage

• Application software errors, such as logical errors in the program that is accessing the database, which cause one or more transactions to fail

• Natural physical disasters, such as fires, floods, earthquakes, or power failures

• Carelessness or unintentional destruction of data or facilities by operator or users

• Sabotage or intentional corruption or destruction of data, hardware, or software facilities.

Recovery Techniques• Maintain a log file containing transactions records that

identify the start/end of transactions and the before-and after-images of the write operation.

• Using deferred update, writes are done initially to the log only and log records are used to perform actual updates to the database.

• If the system fails, it examines the log to determine which transactions it needs to redo, but there is no need to undo any writes.

• Using immediate updates, an update may be made to the database itself any time after a long record is written. The log can be used to undo and redo transactions in the event of failure.

Thank You!

Have a Nice Day! *_*