290 likes | 386 Vues
Security and Transaction. Nhi Tran CS 157B - Dr. Lee Fall, 2003. Database Security is the mechanisms that protect the database against intentional or accidental threats. A threat is any situation or event, whether intentional or accidental, that will adversely
E N D
Security and Transaction Nhi Tran CS 157B - Dr. Lee Fall, 2003
Database Security is the mechanisms that protect the database against intentional or accidental threats. A threat is any situation or event, whether intentional or accidental, that will adversely affect a system and consequently an organization.
Database security is concerned with avoiding the following situations: • Theft and fraud • Loss of confidentiality • Loss of privacy • Loss of integrity • Loss of availability
Computer-based security controls for multi-user environment • Authorization • Views • Backup and recovery • Integrity • Encryption • RAID technology
AuthorizationThe granting of a right or privilege that enables a subject to have legitimate access to a system or a system’s object. Authentication A mechanism that determines whether a user is who he or she claims to be.
ViewA view is the dynamic result of one or more relational operations operating on the base relations to produce another relation.
Backup and RecoveryThe process of periodically taking a copy of the database and log file on to offline storage media.
Integrity Integrity constraints contribute to maintaining a secure database system by preventing data from becoming invalid, and hence giving misleading or incorrect results.
EncryptionThe encoding of the data by a special algorithm that renders the data unreadable by any program without the decryption key. • Symmetric encryption A technique uses the same key for both encryption and decryption and relies on safe communication lines for exchanging the key. • Asymmetric encryption A technique uses different keys for encryption and decryption.
RAIDRedundant Array of Independent Disks • RAID works on having a large disk array comprising an arrangement of several independent disks that are organized to improve reliability and at the same time increase performance. • Performance is increased through data striping: the data is segmented into equal size partitions (striping unit) which are transparently distributed across multiple disks. • Reliability is improved through storing redundant information across the disks using a parity scheme or an error-correcting scheme.
Functions are intended to ensure the database is reliable and remains in a consistent state: • Transaction support • Concurrency control service • Recovery services
Transaction SupportTransaction: The execution of a program that access or change the contents of database. Two possible outcomes • Committed Transactions can terminate successfully. • Aborted Transactions terminate unsuccessfully. Aborted transactions must be undone or roll back.
Properties of Transactions (ACID) • Atomicity: A transaction is either performed in its entirety or is not performed at all. It is the responsibility of the recovery subsystem of the DBMS to ensure atomicity. • Consistency: A transaction must transform the database from one consistent state to another consistent state. It is the responsibility of DBMS and the application developer to ensure consistency.
Transaction Properties (cont’d) • Isolation: Transactions execute independently of one another. It is the responsibility of the concurrency control subsystem to ensure isolation. • Durability: A successfully completed (committed) transaction are permanently recorded in the database. It is the responsibility of the recovery subsystem to ensure durability.
Concurrency Control: The process of managing simultaneous operations on the database without having them interfere with one another.
Potential problems caused by concurrency • Lost update problem An apparently successfully completed update operation by one user can be overridden by another user. • Uncommitted dependency problem It occurs when one transaction is allowed to see the intermediate results of another transaction before it has committed. • Inconsistent analysis problem It occurs when a transaction reads several values from the database but a second transaction updates some of them during the execution of the first.
The objective of Serializability is to find non-serial schedules that allow transactions to execute concurrently without interfering with one another, and thereby produce a database state that could be produce by a serial execution. • Schedule shows the sequence of the operations of transaction. • Serial schedule: A schedule where the operations of each transaction are executed consecutively without any interleaved operations from other transactions. • Non-serial schedule: A schedule where the operations from a set of concurrent transactions are interleaved.
Two methods guarantee serializability • Two-phase locking • Timestamping LockingA procedure used to control current access to data. When one transaction is accessing the database, a lock may deny access to other transaction to prevent incorrect results. • Shared lock: If a transaction has a shared lock on a data item, it can read the item but not update it. • Exclusive lock: If a transaction has an exclusive lock on a data item, it can both read and update the item.
Two-phase lockingA transaction follows the two-phase locking protocol if all locking operations precede the first unlock operation in the transaction. • Growing phase It acquires all the locks needed but cannot release any locks. • Shrinking phase It releases its locks but cannot acquire any new locks.
Two-phase locking (cont’d) It never releases any lock until it has reached the stage where no new locks are needed. The rules are: • A transaction must acquire a lock on an item before operating on the item. The lock may be read or write, depending on the type of access needed. • Once the transaction releases a lock, it can never acquire any new locks.
Problems with two-phase locking • Cascading rollback The situation, in which a single transaction leads to a series of rollbacks. • Deadlock It occurs when two or more transactions are waiting to access data the other transaction has locked.
Rigorous 2PL Leave the release of all locks until the end of the transaction. Strict 2PL Only holds exclusive locks until the end of the transaction Timeouts The transaction requires a lock waits for at most a specified period of time Deadlock prevention DBMS looks ahead to determine if a transaction would cause a dead lock, and never allows deadlock to occur Deadlock detection and recovery DBMS allows deadlock to occur but recognizes occurrences of deadlock and break them. Solutions to the problems with two-phase locking.Cascading rollback Deadlock
TimestampingA concurrency control protocol that orders transactions in such a way that older transactions get priority in the event of conflict.
Timestamps and locking • Generally, timestamping is superior in situations where either most transactions are read-only, or it is rare that concurrent transactions will try to read and write the same element. • In high-conflict situations, locking performs better. Locking will frequently delay transactions as they wait for locks, and can even lead to deadlocks where several transactions for a long time, and then one has to be rolled back. But if concurrent transactions frequently read and write elements in common, then rollbacks will be frequently, introducing even more delay than a locking system.
Database RecoveryThe process of restoring the database to a correct state in the event of a failure. The storage of data generally includes four different types of media with an increasing degree of reliability: • Main memory • Magnetic disk • Magnetic tape • Optical disk
Causes of failure • System crush due to hardware or software errors, resulting in loss of main memory • Media failures , such as head crashes or unreadable media, resulting in the loss of parts of secondary storage • Application software errors, such as logical errors in the program that is accessing the database, which cause one or more transactions to fail • Natural physical disasters, such as fires, floods, earthquakes, or power failures • Carelessness or unintentional destruction of data or facilities by operator or users • Sabotage or intentional corruption or destruction of data, hardware, or software facilities.
Recovery Techniques • Maintain a log file containing transactions records that identify the start/end of transactions and the before-and after-images of the write operation. • Using deferred update, writes are done initially to the log only and log records are used to perform actual updates to the database. • If the system fails, it examines the log to determine which transactions it needs to redo, but there is no need to undo any writes. • Using immediate updates, an update may be made to the database itself any time after a long record is written. The log can be used to undo and redo transactions in the event of failure.