Concept Explanation-Database security

• Database security is the protection of the database against intentional and unintentional threats that
may be computer-based or non-computer-based.
• Database security encompasses hardware, software, infrastructure, people and data of the organization.

•Data Security Risks

 Data Tampering
Privacy of communications is essential to ensure that data cannot be modified or viewed in transit.
 Data Theft
Data must be stored and transmitted securely, so that information such as credit card numbers cannot
be stolen.
 Falsifying User Identities
In a distributed environment, it becomes more feasible for a user to falsify an identity to gain access to
sensitive and important information
 Password-Related Threats
 Unauthorized Access to Tables and Columns , data rows
The database may contain confidential tables, or confidential columns in a table, which should not be
available indiscriminately to all users authorized to access the database.
 Lack of Accountability
If the system administrator is unable to track users' activities, then users cannot held responsible for
their actions. There must be some reliable ways to monitor who is performing what operations on the
data.
 Complex User Management Requirements
In large-scale environments, the burden of managing user accounts and passwords makes your system
vulnerable to error and attack.

1/6/2023 S.V.Bahale 5
Concept Explanation-Database Security

Security Levels:
To protect the database, we must take security measures at several levels:
• Physical: The sites containing the computer systems must be secured against armed or surreptitious
entry by intruders.
• Human: Users must be authorized carefully to reduce the chance of any such user giving access to an
intruder in exchange for a bribe or other favors .
•Operating System: No matter how secure the database system is, weakness in operating system security
may serve as a means of unauthorized access to the database.
• Network: Since almost all database systems allow remote access through terminals or networks,
software-level security within the network software is as important as physical security.
• Database System: Some database-system users may be authorized to access only a limited portion of the
database. It is responsibility of the database system to ensure that these authorization restrictions are not
violated.

1/6/2023 S.V.Bahale 5
Concept Explanation- Data Security Requirements
Confidentiality
A secure system ensures the confidentiality of data. This means that it allows individuals to see only the
data they are supposed to see.
Confidentiality has several aspects like privacy of communications, secure storage of sensitive data,
authenticated users and authorization of users.
Privacy of Communications
The DBMS should be capable of controlling the spread of confidential personal information such as health,
employment, and credit records.
Once confidential data has been entered, its integrity and privacy must be protected on the databases and
servers wherein it resides.
Authentication
One of the most basic concepts in database security is authentication, which is quite simply the process by
which system verifies a user's identity.
Authorization
Authorization is the process through which system obtains information about the authenticated user,
including which database operations that user may perform and which data objects that user may access.
A user may have several forms of authorization on parts of the database. There are
• Read authorization allows reading, but not modification, of data.
• Insert authorization allows insertion of new data, but not modification of existing data.
• Update authorization allows modification, but not deletion of data.
• Delete authorization allows deletion of data.
• Index authorization allows the creation and deletion of indexes.
• Resource authorization allows the creation of new relations.
• Alteration authorization allows the addition or deletion of attributes in a relation.
• Drop authorization allows the deletion of relations.
1/6/2023 S.V.Bahale 5
Concept Explanation- Data Security Requirements
Integrity
A secure system ensures that the data it contains is valid.
Data integrity means that data is protected from deletion and corruption.

Availability
A secure system makes data available to authorized users, without delay.
Denial of service attacks are attempts to block authorized users' ability to access and use the system when
needed.

1/6/2023 S.V.Bahale 5
Concept Explanation-Database Users
1)Naive users are unsophisticated users who interact with the system by invoking one of the application
programs. The typical user interface for naive users is a forms interface.
Naive users may also simply read reports generated from the database.
2)Application programmers are computer professionals who write application programs.
Rapid application development (RAD) tools are tools that enable an application programmer to construct
forms and reports without writing a program.
3)Sophisticated users interact with the system by forming their requests in a database query language.
4)Specialized users are sophisticated users who write specialized database applications.
Among these applications are computer-aided design systems, knowledge base and expert systems,
systems that store data with complex data types.
5)A database administrator (DBA) person who has central control over the system.
• The functions of a DBA include:
• Schema definition.
• Storage structure and access-method definition.
• Schema and physical-organization modification.
• Granting of authorization for data access.
• Routine maintenance.
Periodically backing up the database, Ensuring enough free disk space, Monitoring jobs running on
the database.

1/6/2023 S.V.Bahale 5
Concept Explanation-Creating , altering and Deleting Users
 Create User:
Database administrator creates user by executing create user statement.
Creates a database user with no privileges.
Syntax:
CREATE USER user_name IDENTIFIED BY password ;
Example:
create user jyoti identified by gpy;

 Alter User:
Changes a database user password.
Syntax:
ALTER USER user_name IDENTIFIED BY password ;
Example:
alter user jyoti identified by yavatmal ;

 Drop User:
Removes a user from the database.
Syntax:
DROP USER user_name [CASCADE] ;
CASCADE :- Drops all objects associated with the user.

To drop a user when the user's schema does not contain any objects
DROP USER <user_name>
To drop all objects in the user's schema before dropping the user
DROP USER <user_name> CASCADE
Example:
DROP USER jyoti;
1/6/2023 S.V.Bahale 5
Concept Explanation-Creating , altering and Deleting Users
Create role:
A role is a group of privileges. Instead of granting individual privileges to users, you can group related
privileges into a role and grant this role to users.
Syntax:
CREATE ROLE role_name [IDENTIFIED BY password] [NOT IDENTIFIED]

Example:
create role r1 identified by gpy; OR create role r1 ;
After a role is created, it is empty. To grant privileges to a role, you use the GRANT statement:

Syntax:

GRANT {system_privileges | object_privileges} TO role_name; OR

GRANT role_name TO another_role_name;

Example:

GRANT SELECT, INSERT, UPDATE, DELETE ON customers TO r1;

 Drop Role:
The DROP ROLE statement to remove a role from the database. When you drop a role, it is revoked
from all users and roles to whom it has been granted.

Example:

Drop role r1;

1/6/2023 S.V.Bahale 5
Concept- Database privileges
Database privileges:
When multiple users can access database objects, authorization can be controlled to these objects with
privileges. Privileges control if a user can modify an object owned by another user. Privileges are granted or
revoked either by the instance administrator, a user with the ADMIN privilege or, for privileges to a
certain object, by the owner of the object.

1) System Privileges:
System privileges are privileges given to users to allow them to perform certain functions that deal with
managing the database and the server
e.g. Create user, Create table, Drop table etc.
2) Object Privileges:
Object privileges are privileges given to users as rights and restrictions to change contents of database
object – where database objects are things like tables, stored procedures, indexes, etc.
Ex. Select,insert,delete,update,execute,references etc.

Procedure for granting privileges :

Grant: This command is used to give permission to user to do operations on the other user’s object.
Syntax: Grant <object privileges> on <objectname> to <username> [with grant option] ;
Example: Grant select, update on emp to user1;

Procedure for revoking privileges :

Revoke: This command is used to withdraw the privileges that has been granted to a user.
Syntax: Revoke <object privileges>on<object name> from <username> ;
Example: Revoke select, update on emp from user1;

1/6/2023 S.V.Bahale 5
Concept Explanation-Transaction
A transaction is a unit of program execution that accesses and possibly updates various data items.

E.g., transaction to transfer $50 from account A to account B:

1. read(A)
2. A := A – 50
3. write(A)
4. read(B)
5. B := B + 50
6. write(B)

Two main issues to deal with:

• Failures of various kinds, such as hardware failures and system crashes
• Concurrent execution of multiple transactions

1/6/2023 S.V.Bahale 5
Concept Explanation- Properties of a Transaction
Consider a transaction to transfer $50 from account A to account B:
1. read(A)
2. A := A – 50
3. write(A)
4. read(B)
5. B := B + 50
6. write(B)

Atomicity :
• Either all operations of the transaction are properly reflected in the database or none are.
• If the transaction fails after step 3 and before step 6, money will be “lost” leading to an inconsistent
database state.
• Failure could be due to software or hardware.
• The system should ensure that updates of a partially executed transaction are not reflected in the
database.

Durability :
• After a transaction completes successfully, the changes it has made to the database persist, even if
there are system failures.

• Once the user has been notified that the transaction has completed (i.e., the transfer of the $50 has
taken place), the updates to the database by the transaction must persist even if there are software or
hardware failures.

1/6/2023 S.V.Bahale 5
Concept Explanation- Properties of a Transaction
Consistency :
• Execution of a transaction in isolation preserves the consistency of the database.
• The sum of A and B is unchanged by the execution of the transaction.
• A transaction, when starting to execute, must see a consistent database.
• During transaction execution the database may be temporarily inconsistent.
• When the transaction completes successfully the database must be consistent, erroneous transaction
logic can lead to inconsistency.

Isolation :
• Although multiple transactions may execute concurrently, each transaction must be unaware of other
concurrently executing transactions.
• Intermediate transaction results must be hidden from other concurrently executed transactions.
• That is, for every pair of transactions Ti and Tj , it appears to Ti that either TJ , finished execution
before Ti started, or TJ started execution after TI finished.
• If between steps 3 and 6 (of the fund transfer transaction) , another transaction T2 is allowed to access
the partially updated database, it will see an inconsistent database.

T1 T2
1. read(A)
2. A := A – 50
3. write(A)
read(A), read(B), print(A+B)
4. read(B)
5. B := B + 50
6. write(B)
Isolation can be ensured trivially by running transactions serially that is, one after the other.
1/6/2023 S.V.Bahale 5
Concept Explanation-Transaction States

• Active – the initial state; the transaction stays in this state while it is executing.
• Partially committed – after the final statement has been executed.
• Failed -- after the discovery that normal execution can no longer proceed.
• Aborted – after the transaction has been rolled back and the database restored to its state prior to
the start of the transaction. Two options after it has been aborted:
• Restart the transaction, can be done only if no internal logical error
• Kill the transaction
• Committed – after successful completion.
1/6/2023 S.V.Bahale 5
Concept Explanation-Database Backup
Backing up data is vital for businesses.
• Common cause of data loss:
 Hardware failure
 Incorrect or invalid data
 Human error
 Computer virus
 Natural disaster

• Types of database failure

1. Aborted transactions :
A transaction in progress that terminates abnormally.
2. Incorrect data :
Database that has been updated with incorrect, but valid data.
3. System failure :
Some components of the system fails (due to power loss, loss of communication transmission,
system software failure) but the database is not damaged.
4. Database destruction :
The database is lost, destroyed or cannot be read (which is usually caused by disk drive failure)

1/6/2023 S.V.Bahale 5
Concept Explanation-Database Backup
Regular backups are required to protect database and ensure its restoration in case of failure.
Three common types of database backups are: normal (full), incremental and differential.

i) Normal or Full Backups:

• In a normal or full backup, all the files on that drive are backed up and copied to the selected
destination , and all the archive bits are then cleared.
• This, includes system files, application files, user data — everything.
• Normal backups are the fastest source to restore lost data because all the data on a drive is saved in one
location.

ii) Incremental Backups:

• An incremental backup will grab only the files that have been updated since the last normal backup.
• Incremental backups take far less time.

iii) Differential Backups:

• An alternative to incremental database backups that has a less complicated restore process is a
differential backup.
• Differential backups and recovery are similar to incremental in that these backups grab only files that
have been updated since the last normal backup.
• However, differential backups do not clear the archive bit. So a file that is updated after a normal backup
will be archived every time a differential backup is run until the next normal backup runs and clears the
archive bit.

1/6/2023 S.V.Bahale 5
Concept Explanation-Database Backup

1/6/2023 S.V.Bahale 5
Concept Explanation-Logs
Two basic logs or journals:
a) Transaction log – record of essential data for each transaction processed against the database
• e.g. Transaction code, action, time, terminal no/user ID, input data values , tables/records accessed &
modified and the old & new field values.
b) Database change log - images of updated data
• Before-image: copy of a record before modification
• After-image: copy of a record after modification

1/6/2023 S.V.Bahale 5
Concept Explanation-Backup and recovery overview:
Backup and recovery overview:
• At t1, a database backup operation is performed
• At t2, a problem that damages the database occurs
• At t3, all committed data is recovered

1/6/2023 S.V.Bahale 5
Concept Explanation-Database Recovery
Recovery Manager:
• A module of the DBMS that restores the database to a correct condition when a failure occurs and then
resumes processing user requests.
• The recovery manager used the logs to restore the database.

1/6/2023 S.V.Bahale 5
Concept Explanation-Database Recovery
Recovery Techniques :
1. Disk Mirroring
• 2 copies of the database must be kept & updated simultaneously.
• Media failure occurs: processing switch to the duplicate copy.
• Allows fastest recovery for applications requiring high availability.
• Hot-swappable: damaged disk can be rebuilt from mirrored disk with no disruption in service to user.
• Does not protect against power loss or catastrophic damage.

1/6/2023 S.V.Bahale 5
Concept Explanation-Database Recovery
Recovery Techniques :
2. Restore/Rerun :
• Involves reprocessing the day’s transactions (up to the point of failure) against the backup copy of the
database.
• Database is shut down, the most recent copy of the database /file to be recovered is mounted.
• All transactions that have occurred since that copy (stored on the transaction log) are rerun.

3. The Redo Log and Rolling Forward (REDO operation)

• The redo log is a set of operating system files that record all changes made to any database buffer,
including data, index, and rollback segments, whether the changes are committed or uncommitted.
The redo log protects changes made to database buffers in memory that have not been written to the
data files.
• The first step of recovery from an instance or disk failure is to roll forward, or reapply all of the changes
recorded in the redo log to the data files. Because rollback data is also recorded in the redo log, rolling
• forward also regenerates the corresponding rollback segments.
• Rolling forward proceeds through as many redo log files as necessary to bring the database forward in
time. Rolling forward usually includes online redo log files and may include archived redo log files.
• After roll forward, the data blocks contain all committed changes as well as any uncommitted changes
that were recorded in the redo log.

1/6/2023 S.V.Bahale 5
Concept Explanation-Database Recovery
Example: Transfer Rs100 from CUSTOMER A account to CUSTOMER B account
• Program reads the record for customer A and subtracts Rs100 from the account balance.
• Program reads the record for customer B and adds Rs100 to the account balance.
• Program writes the updated record for customer A to the database.
• In attempting to write the record for customer B, program encounters an error condition and cannot
write the record.
• An UNDO command – recovery manager to apply the before image for record customer A to restore
account balance to its original value.

4. Rollback Segments and Rolling Back (UNDO operation)

• Rollback segments record database actions that should be undone during certain database operations.
In database recovery, rollback segments undo the effects of uncommitted transactions previously
applied by the rolling forward phase.
• After the roll forward, any changes that were not committed must be undone. After redo log files have
reapplied all changes made to the database, then the corresponding rollback segments are used.
• Rollback segments are used to identify and undo transactions that were never committed, yet were
recorded in the redo log and applied to the database during roll forward. This process is called rolling
back.

1/6/2023 S.V.Bahale 5
Concept Explanation-Transaction Recovery
When a system with concurrent transactions crashes and recovers, it behaves in the following manner :
• The recovery system reads the logs backwards from the end to the last checkpoint.
• It maintains two lists, an undo-list and a redo-list.
• If the recovery system sees a log with <Tn, Start> and <Tn, Commit> or just <Tn,Commit>, it puts the
transaction in the redo-list.
• If the recovery system sees a log with <Tn, Start> but no commit or abort log found, it puts the
transaction in undo-list.
• All the transactions in the undo-list are then undone and their logs are removed.
• All the transactions in the redo-list and their previous logs are removed and then redone before saving
their logs.

1/6/2023 S.V.Bahale 5