7.1.

Data Recovery
As with almost all complex forms of computer hardware and
software, there is always the possibility of failure in database
systems
Therefore, it becomes crucial for data administrators to have
system recovery features in place to be able to recover
database contents that are damaged or lost when problems
occur
Performing an actual recovery can be a difficult task
In all likelihood, it may not be possible to completely and

Chapter 7
Data Protection

seamlessly restore data once an interruption has taken place

1

The volatility of computer memory and timing and complexity

of computer processing inhibit the ability of data
administrators to re-create data accurately
However, a variety of strategies may be used to facilitate
system recovery when problems occur
Two of the more common approaches include mirroring and
reprocessing
Mirroring involves making frequent simultaneous copies of
a database to ensure that two or more copies are maintained
in different locations at all times
This approach is expensive, but is most suitable when rapid
recovery is needed
Travel agencies and airline reservation system databases
3
often rely on this method of recovery

Reprocessing involves going back to a known point of

database activity before the problem occurred and
reprocessing work from that point forward
However, periodic database saves must be performed so
that the data administrator can go back and begin again at a
clean starting point
In addition, records must be kept of all transactions made
since the last save
These records are used to reenter and reprocess transactions
that were lost as a result of the failure
This strategy is more time-consuming than mirroring, and
all other transactions are delayed until the recovery process
is complete
4

7.2. Concurrency
Concurrency is the ability of a database to allow multiple users
to affect multiple transactions
This is one of the main properties that separate a database from
other forms of data storage like spreadsheets
A transaction is a logical unit of database processing that
includes one or more access operations (read -retrieval, write insert or update, delete)
A transaction (set of operations) may be stand-alone specified
in a high level language like SQL submitted interactively, or
may be embedded within a program
Transaction boundaries: Begin and End transaction
An application program may contain several transactions
separated by the Begin and End transaction boundaries

The ability to offer concurrency is unique to databases

Spreadsheets or other flat file means of storage are often
compared to databases, but they differ in this one important
regard
Spreadsheets cannot offer several users the ability to view and
work on the different data in the same file; since once the first
user opens the file it is locked to him or her
Other users can read, but not edit data in the same file,
regardless of whether or not the data they want to edit is the
same data being edited by the original user who has locked the
file

The problems caused by concurrency are even more important

than the ability to support concurrent transactions
For example, when one user is changing data but has not yet
saved (committed) that data, then the database should not
allow other users who query the same data to view the
changed, unsaved data
Instead they should only view the original data
Almost all databases deal with concurrency the same way,
though the terminology may differ

The general principle is that changed but unsaved

data is held in some sort of temporary log or file

Once it is saved, then it is written to the databases physical

storage in place of the original data
As long as the user performing the change has not saved it,
only he should be able to view the data he is changing
All other users querying for the same data should view the
old data prior to the change
Once the user saves the data, then new queries should view the
new value of the data
Concurrency control is a database management systems
(DBMS) concept that is used to address conflicts with the
simultaneous accessing or altering of data that can occur with
a multi-user system

 Concurrency control, when applied to a DBMS, is meant to

coordinate simultaneous transactions while preserving data
integrity
Why Concurrency Control is needed:
The Lost Update Problem
This occurs when two transactions that access the same
database items have their operations interleaved in a way
that makes the value of some database item incorrect
The Temporary Update (or Dirty Read) Problem
This occurs when one transaction updates a database item
and then the transaction fails for some reason. The updated
item is accessed by another transaction before it is changed
back to its original value

The Incorrect Summary Problem

If one transaction is calculating an aggregate summary
function on a number of records while other transactions
are updating some of these records, the aggregate function
may calculate some values before they are updated and
others after they are updated

10

A database represents an essential corporate resource that

should be properly secured using appropriate controls
Database security encompasses hardware, software, people
and data
In multi-user database system - DBMS must provide a
database security and authorization subsystem to enforce limits
on individual and group access rights and privileges
Database security and integrity is about protecting the database
from being inconsistent and being disrupted; We can also call
it database misuse
Database misuse could be intentional or accidental, where
accidental misuse is easier to cope with than intentional misuse

Accidental inconsistency could occur due to:

System crash during transaction processing
Anomalies due to concurrent access
Anomalies due to redundancy
Logical errors
Like wise, even though there are various threats that could be
categorized in this group, intentional misuse could be:
Unauthorized reading of data
Unauthorized modification of data or
Unauthorized destruction of data

11

12

7.3. Data Security

 Most systems implement good Database Integrity to protect

the system from accidental misuse while there are many
computer based measures to protect the system from
intentional misuse, which is termed as Database Security
measures
Database security is considered in relation to the following
situations:
Theft and fraud
Loss of confidentiality (secrecy)
Loss of privacy
Loss of integrity
Loss of availability
13

Database security - the mechanisms that protect the database

against intentional or accidental threats
Threat any situation or event, whether intentional or
accidental, that may adversely affect a system and
consequently the organization
A threat may be caused by a situation or event involving a
person, action, or circumstance that is likely to bring harm to
an organization
The harm to an organization may be tangible or intangible
Tangible loss of hardware, software, or data
Intangible loss of credibility or client confidence
15

Security Issues and general considerations:

Legal, ethical and social issues regarding the right to
access information
Physical control
Policy issues regarding privacy of individual level at
enterprise and national level
Operational consideration on the techniques used
(password, etc)
System level security including operating system and
hardware control
Security levels and security policies in enterprise level
14

Examples of threats:
Using another persons means of access
Unauthorized amendment/modification or copying of data
Program alteration
Inadequate policies and procedures that allow a mix of
confidential and normal out put
Wire-tapping
Illegal entry by hacker
Blackmail
Creating trapdoor into system
Theft of data, programs, and equipment
Failure of security mechanisms, giving greater access than
normal
16

Staff shortages or strikes

Inadequate staff training
Viewing and disclosing unauthorized data
Electronic interference and radiation
Data corruption owing to power loss or surge
Fire (electrical fault, lightning strike, arson), flood, bomb
Physical damage to equipment
Breaking cables or disconnection of cables
Introduction of viruses

Levels of Security Measures

Security measures can be implemented at several levels and
for different components of the system. These levels are:
1. Physical Level: concerned with securing the site
containing the computer system should be physically
secured. The backup systems should also be
physically protected from access except for authorized
users
2. Human Level: concerned with authorization of
database users for access the content at different levels
and privileges
3. Operating System: concerned with the weakness and
strength of the operating system security on data files.
Weakness may serve as a means of unauthorized
access to the database. This also includes protection of
data in primary and secondary memory from
unauthorized access

17

18

4. Database System: concerned with data access limit

enforced by the database system. Access limit like
password, isolated transaction and etc
Even though we can have different levels of security and
authorization on data objects and users, who access which
data is a policy matter rather than technical
These policies
should be known by the system: should be encoded in the
system
should be remembered: should be saved somewhere (the
catalogue)

An organization needs to identify the types of threat it may be

subjected to and initiate appropriate plans and
countermeasures, bearing in mind the costs of implementing
them
Countermeasures: Computer based controls
The types of countermeasure to threats on computer systems
range from physical controls to administrative procedures
Despite the range of computer-based controls that are
available, it is worth noting that, generally, the security of a
DBMS is only as good as that of the operating system, owing
to their close association

19

20

 The following are computer-based security controls for a multi-user

environment:
Authorization
The granting of a right or privilege that enables a subject to
have legitimate access to a system or a systems object
Authorization controls can be built into the software, and
govern not only what system or object a specified user can
access, but also what the user may do with it
Authorization controls are sometimes referred to as access
controls
The process of authorization involves authentication of
subjects (i.e. a user or program) requesting access to objects
(i.e. a database table, view, procedure, trigger, or any other
object that can be created within the system)
21

Views
A view is the dynamic result of one or more
relational operations operation on the base relations
to produce another relation
A view is a virtual relation that does not actually
exist in the database, but is produced upon request
by a particular user
The view mechanism provides a powerful and
flexible security mechanism by hiding parts of the
database from certain users
Using a view is more restrictive than simply having
certain privileges granted to a user on the base
relation (s)
22

Backup and recovery

Backup is the process of periodically taking a copy of
the database and log file (and possibly programs) on to
offline storage media
A DBMS should provide backup facilities to assist with
the recovery of a database following failure
Database recovery is the process of restoring the
database to a correct state in the event of a failure
Journaling is the process of keeping and maintaining a
log file (or journal) of all changes made to the database
to enable recovery to be undertaken effectively in the
event of a failure
The advantage of journaling is that, in the event of a
failure, the database can be recovered to its last known
consistent state using a backup copy of the database and
the information contained in the log file

Integrity
Integrity constraints contribute to maintaining a
secure database system by preventing data from
becoming invalid and hence giving misleading or
incorrect results
Domain Integrity
Entity integrity
Referential integrity
Key constraints

23

24

 If no journaling is enabled on a failed system, the

only means of recovery is to restore the database
using the latest backup version of the database
However, without a log file, any changes made after
the last backup to the database will be lost
Encryption
The encoding of the data by a special algorithm that
renders the data unreadable by any program without
the decryption key
If a database system holds particularly sensitive
data, it may be deemed necessary to encode it as a
precaution against possible external threats or
attempts to access it
25

The DBMS can access data after decoding it,

although there is a degradation in
performance because of the time taken to
decode it
Encryption also protects data transmitted over
communication lines

26