Security Recovery

and
Concurrency control

Lakshmi KantaKumar N
Security: The state of being free from danger, injury and
defence against failure.

Data Base Management System: is a collection

interrelated data and a set of Programs to access those
data.
Importance of Data:
Payment information
Personal files
Bank account details
Credit card, Salary, Income tax data
University admissions, marks/grades
All of this information can be hard to replace and potentially dangerous
if it falls into the wrong hands. Data lost due to disasters such as a flood
or fire is crushing, but losing it to hackers or a malware infection can have
much greater consequences.
Database Security: protection from malicious attempts
to steal (view) or modify data.

Database Vulnerabilities:
Database security can be broken down into the
following key points of interest:
Server Security
Database Connections
Table Access Control
Restricting Database Access

Server Security:
•Server security is the process of limiting actual access to
the database server itself
•It is the most important angle of security and should be
carefully planned.
•Trusted IP addresses:
Every server should be configured to only allow trusted IP
addresses.

Database Connections:

•These days with the number of Dynamic Applications it

becomes tempting to allow immediate unauthenticated
updates to a database.

•If you are going to allow users to make updates to a

database via a web page, ensure that you validate all
updates to ensure that all updates are warranted and safe.
Table Access Control:

•Table access control is related to an access control list,

which is a table that tells a computer operating system
which access rights each user has to a particular system
object.
•Table access control has been referred to as one of the
most overlooked forms of database security. This is
primarily because it is so difficult to apply.
•In order to properly use Table access control, the system
administrator and the database developer will need to
collaborate.
Restricting Database Access:

•Internet based databases have been the most recent targets

of attacks, due to their open access or open ports.
 There are many ways to prevent open access
from the Internet and each database system has its own
set of unique features as well as each OS.

•Trusted IP addresses - Servers can be configured to

answer pings from a list of trusted hosts only.

•Server account disabling- The server ID can be

suspended after three password attempts. Without user ID
suspension, an attacker can run a program that
generates millions of passwords until it guesses the user
ID and password combination.

•Special tools -Products such as Real Secure by ISS send

an alert when an external server is attempting to breach
your system's security.
 Recovery

A computer system, like any other device is subject to

failure from variety of causes:
Disk Crash
Power Outage
Software Error
Fire
Sabotage

In any failure information may be lost

An integral part of a database system is a

“recovery scheme” that can restore the database to the
consistent state that existed before failure.
Data Access:
The database system resides permanently on non-
volatile storage (usually disks) and is partitioned in to
fixed length storage units called “blocks”.
Blocks are units of data transfer to and from disk,
and may contain several data items.
Transactions input information from the disk to
main memory, and then output the information back on the
disk.
The input and output operations are done in block
units.
The blocks residing on the disk are referred to as
“physical blocks”.
The blocks residing temporarily in main memory
are referred to as “buffer blocks”.
The area of main memory where the blocks reside
temporarily is called “disk buffer”.
Block movement between disk and main memory are
initiated through the following two operations:
1. Input(B) transfer the physical block „B’ to main
memory
2. Output (B) transfer the buffer block „B‟ to the disk,
and replaces the appropriate physical block there.
 Why Recovery:

Let us take a simple transaction

Account A Account B
Initial Amount Rs: 1000 1500

Transaction Ti that transfer Rs: 50 from Account A to B

Suppose System crash has occurred during the execution of Ti

after output BA has taken place, but before output BB was executed,
where BA, BB are buffer blocks.

Since memory contents were lost, thus we could invoke one of

two possible recovery procedures:

Re-execute Ti : This will result the value A become Rs: 900

rather than 950.
Do not execute Ti : The current system state has value of Rs:
950 & 1500 for A and B respectively.
In both cases the system enters in consistent state.
 Log Based Recovery:

 The most widely used structure for recording database

modifications is the log.
 Log is a sequence of log records, recording all the update
activities in the database.
Fields of Log Based Recovery:
Transaction identifier: is the unique identifier of the
transaction that performed the write operation.
Data item identifier: is the unique identifier of the data
item written, typically it is the location on disk of the data item.
Old value: is the value of the data item prior to the writing.
New value: is the value that the data item will have after
write.
< Ti start> Transaction Ti has started
< Ti , Xj , V1, V2 > Transaction Ti has performed a write on
data item Xj, Xj had value
V1 before the write, and will have value V2 after write
< Ti commit> Transaction Ti has committed
< Ti abort> Transaction Ti has aborted
 Concurrency Control

Concurrency control is a database management systems

(DBMS) concept that is used to address conflicts with the
simultaneous accessing or altering of data that can occur with a
multi-user system. Concurrency control, when applied to a DBMS,
is meant to coordinate simultaneous transactions while preserving
data integrity.

Example:
Consider two travellers who go to electronic kiosks at the same
time to purchase a train ticket to the same destination on the same
train. There's only one seat left in the coach, but without
concurrency control, it's possible that both travellers will end up
purchasing a ticket for that one seat. However, with concurrency
control, the database wouldn't allow this to happen. Both travellers
would still be able to access the train seating database, but
concurrency control would preserve data accuracy and allow only
one traveller to purchase the seat.
Concurrency Control Locking Strategies:

Pessimistic Locking:
This concurrency control strategy involves keeping an entity in
a database locked the entire time it exists in the database's
memory.
This limits or prevents users from altering the data entity that is
locked.
There are two types of locks that fall under the category of
pessimistic locking:

Write lock
Read lock

With write lock, everyone but the holder of the lock is

prevented from reading, updating, or deleting the entity. With
read lock, other users can read the entity, but no one except for
the lock holder can update or delete it.
Optimistic Locking:

This strategy can be used when instances of

simultaneous transactions, or collisions, are
expected to be infrequent.
In contrast with pessimistic locking, optimistic
locking doesn't try to prevent the collisions from
occurring.
Instead, it aims to detect these collisions and
resolve them on the chance occasions when they
occur.
 References:
http://www.governmentsecurity.org/articles
http://databasemanagement.wikia.com

“Om Purna- madah, purna-midam purnat-purnam-udacyate

Purnaysa purna-madaya purna-meva-vasisyate”

"That is the whole, this is the Whole; from the Whole, the Whole
arises; taking away the Whole from the Whole, the Whole
remains"