Integrity and security


Published on


Published in: Education
  • Be the first to comment

Integrity and security

  1. 1. Integrity and securityIntroductionIntegrity constraints ensure that changes made to the database by authorized users don’t result in a lossof data consistency. Thus, integrity constraints guard against accidental damage to the database. Inaddition to protecting data against accidental introduction of inconsistency, the data stored in thedatabase need to be protected from unauthorized access and malicious destruction or alteration.A constraint is an object in a RDBMS that places rules on data inserted into a column of a table. Thereare several different types of constraints in SQL.Data integrityConstraints are used to ensure accuracy and consistency of data in a relational database. Data integrityis this assurance of accurate and consistent data in the database. Data integrity is handled in a relationaldatabase through the use of constraints on the tables. Any time humans are entering data into adatabase, mistakes are made that may violate the accuracy.Data integrity involves making sure data is entered consistently and stored consistently in the database.You don’t want one data entry clerk to enter somebody’s phone number as3178889222And another to enter the phone number as(317)888-9222Data must be accurate and stored consistently in the database to allow accurate data to be retrievedfrom the database.Why use constraints?Why use constraints? To answer that question, let’s look at the basic components of data integrity (dataaccuracy and consistency) and how you would enforce data integrity in the database through the use ofconstraints.Accuracy of data involves placing rules (constraints) on table columns so that the database only allowscertain types of data to be inserted into these columns. For example, you may want only numeric datainserted into a column containing employee’s pay rates. You want to make sure that the NAME columnof the table accepts alphanumeric values. You may want to make sure that STATE_CODE contains valuesthat consist of only two characters.
  2. 2. There are different ways to ensure data is entered correctly. The first thing you want to do is placeconstraints on your table columns that allow only certain types of data and lengths of data to beinserted.Database normalization can help provide data consistency since the occurrence of redundant data isbeing reduced in the database.Exploring types of constraintsNow, you study the different types of constraints that can be created in the database tables. Following isa list of those constraints. NOT NULL PRIMARY KEY UNIQUE FOREIGN KEY CHECKNOT NULL constraintsWhen you initially create a table, you must assign a data type to each column in a table. The data typeassigned to a column tells the database what kind of data can be inserted into a column in a table. If youdon’t insert a value in a column when you insert a row of data into a table, the value of that column isNULL. If you specify a column as NOT NULL, that means that NULL values are not allowed in the column.NOT NULL means that column is required.ExampleCreate table whist(Std_id varchar2(10) NOT NULL,Std_name varchar2(15) NOT NULL,Phone varchar2(11));Here, you must enter the values of std_id and std_name as they have constraints NOT NULL but you canskip entering the value for phone column.PRIMARY KEY constraints
  3. 3. A primary key is the term that is used to identify one or more columns in a table that make a row of dataunique. Although the primary key typically consists of one column in a table, more than one column cancomprise the primary key also. For example, the primary key for an employee table would be employeeid number as it is unique for all the employees.The primary key is assigned upon the table creation.ExampleCreate table emp(Empid varchar2(3) PRIMARY KEY,Address varchar2(20) NOT NULLZip number (5) NOT NULL,Phone number (10));ORCreate table emp(Empid varchar2(3),Address varchar2(20) NOT NULL,Zip number(5) NOT NULL,Phone number(10),Primary key(empid));You can also use the ALTER TABLE statement to specify a primary key on a table after the table has beencreated as follows.ALTER TABLE empADD PRIMAY KEY(empid);Or
  4. 4. ALTER TABLE emp ADD CONSTRAINT emp_pk PRIMARY KEY(empid);UNIQUE constraintsA UNIQUE constraint is similar to the primary key in the sense that every value in that column must beunique. While a primary key constraint is placed on one column, you can place a unique constraint onany number of columns and it can be kept NULL either.ExampleCreate table emp(Empid varchar2(3) PRIMARY KEY,Ename varchar2(19) UNIQUE);CHECK constraintsCheck constraints can be utilized to check the validity of data entered into particular columns of a table.Example (checks if the person is from palpa or not)Create table emp(Empid varchar2(3) PRIMARY KEY,Address varchar2(19) NOT NULL,Check (address=’palpa’));Example (checks if person is from ktm or bkt or patan)Create table emp(Empid varchar2(3) PRIMARY KEY,Address varchar2(19) NOT NULL,Check (address in(‘ktm’,’bkt’,’patan’))
  5. 5. );Example (checks if emp id is between 100 and 1000)Create table emp(Empid varchar2(3) PRIMARY KEY,Address varchar2(19) NOT NULL,Check(empid between 100 and 1000));FOREIGN KEY constraints (REFERENCIAL INTEGRITY)Foreign key represents relationships between two or more tables. A foreign key is a column or a groupof columns whose values are derived from the primary key of any other table. The table in which theforeign key is defined is called the foreign table (child table). The table that defines the primary key andreferred by the foreign key is called master table.A foreign key is a column in a child table that references a column in the parent table. The foreign keyconstraint is the mechanism used to enforce referential integrity between tables in the relationaldatabase. A column defined as a foreign key is used to reference a column defined as primary key inanother table.SyntaxThe syntax for foreign key definition is as given below.[CONSTRAINT constrant-name]FOREIGN KEY (column-comma-list) references-definitionHere the column-comma-list is the name of the column(s) separated by commas that form the foreignkey and the refernces-definition takes the following form.REFERNCES base-table-name [(column-comma-list)][MATCH {FULL|PARTIAL}][ON DELETE {NO ACTION|CASCADE|SET DEFAULT|SET NULL}][ON UPDATE {NO ACTION|CASCADE|SET DEFAULT|SET NULL}]
  6. 6. The optional MATCH clause has no effect and can safely be ignored, if either the foreign key consists ofsingle column or if every component column of foreign key has null not allowed specification. But if anyof these conditions are not true then MATCH will have significance. The MATCH FULL option requiresthe foreign keys in a child table fully match a primary key in the parent table. The MATCH PARTIALoption allows null values in parts of the foreign key as long as the non-null values match thecorresponding parts to some primary key in the parent table.The option ON DELETE and ON UPDATE clauses denote the referential actions. The idea behind thereferential actions is the it might sometimes be possible to maintain referential integrity, not simply byrejecting an update that would violate it, but rather performing another compensating action in additionto the one that is requested.Specifying the NO ACTION option is equivalent to omitting the ON DELETE/ON UPDATE entirely.ON DELETE CASCADE tells the RDBMS that when a parent row is deleted, all the child rows should alsobe automatically deleted from the child tableON UPDATE CASCASE tells the RDBMS that when a primary key value is changed in the parent row, thecorresponding foreign key values in all its child rows should also automatically changed in the childtable.Similar explanations are for other options.ExampleCreate table emp_pay(Emp_id char (9) NOT NULL,Position varchar2(15) NOT NULL,Pay_rate number(4,2) NOT NULL,Foreign key(emp_id) references emp (emp_id));In this example, the emp_id column has been designated as the foreign key for the emp_pay table. Thisforeign key, as you can see, references the emp_id column in the emp table. This foreign key ensuresthat for every emp_id in the emp_pay table, there is corresponding emp_id in the emp table.EMPEmp_idName Parent tableEMP_PAY
  7. 7. Emp_id Child tableSalaryThe emp_id column in the child table references emp_id column in the parent table. In order for a valueto be inserted into emp_id in the child table, there must first exist a value in emp_id in the parent table.Likewise, in order for a value to be removed from emp_id in the parent table, all corresponding values ofemp_id must first be removed from the child table. This is how referential integrity works.As with primary keys, a foreign key can be added to a table using a ALTER TABLE command.Alter table emp_payAdd foreign key (emp_id) references emp (emp_id);ASSERTIONAn assertion is a predicate expressing a condition that we wish the database always to satisfy. Domainconstraints and referential integrity constraints are special forms of assertions.An assertion in SQL takes the form.Create assertion <assertion_name> check <predicate>TRIGGERA trigger is a statement that the system executes automatically as a side effect of a modification to thedatabase. To design a trigger mechanism, we must meet two requirements. Specify when a trigger is to be executed. This is broken up into an event that causes the trigger to be checked and a condition that must be satisfied for trigger execution to proceed. Specify the actions to be taken when the trigger executes.Security and authorizationThe data stored in the database need protection from unauthorized access and malicious destruction oralteration, in addition to the protection against accidental introduction of inconsistency that integrityconstraints provide.Among the forms of malicious access are: Unauthorized reading of data Unauthorized modification of data Unauthorized destruction of data
  8. 8. Database security refers to protection from malicious access. To protect the database, we must takesecurity measures at several levels. Database system: Some database users may be authorized to access only a limited portion of the database. Other users may be allowed to issue queries, but may be forbidden to modify the data. It is the responsibility of database system to ensure that these authorization restrictions are not violated. Operating system: No matter how secure the database system is, weakness in operating system security may serve as a means of unauthorized access to the database. Network: Physical: Sites with computer systems must be physically secured against armed or surreptitious entry by intruders. Human: Users must be authorized carefully to reduce the chance of any user giving access to an intruder in exchange for a bribe or other favors.Security at all these levels must be maintained if database security is to be ensured. A weakness at a lowlevel of security (physical or human) allows circumvention of strict high level (database) securitymeasures.AUTHORISATIONWe may assign a user several forms of authorization on parts of the database. For example, Read authorization: allows reading, but not modification, of data Insert authorization: allows insertion of new data, but not modification of existing data Update authorization: allows modification, but not deletion of data Delete authorization: allows deletion of dataIn addition to these forms of authorization for access to data, we may grant a user authorization tomodify the dataset schema. Index authorization: allows the creation and deletion of indices. Resource authorization: allows the creation of new relations. Alteration authorization: allows the addition or deletion of attributes in the relation Drop authorization: allows the deletion of relations.PRIVILEGES AND ROLES a) To grant system privileges to user Syntax: GRANT system-privileges TO username; System privileges are used to permit access to various features like connecting to the database, ability to create new database objects. Eg CONNECT, CREATE SESSION, RESOURCE etc To view all the system privileges you can execute, we use SQL statement as:
  9. 9. SELECT * FROM DBA_SYS_PRIVS; Example GRANT CONNECT TO ram; For this, there must be a user called ram. To create a user, we use the syntax as; CREATE USER username IDENTIFIED BY password; Eg CREATE USER ram IDENTIFIED BY sita; Similarly, to alter the user we use: ALTER USER username IDENTIFIED BY new_password; Eg ALTER USER ram IDENTIFIED BY hari; To drop the existing user, we use: DROP USER username; Eg; DROP USER ram; b) To grant object privileges to user Syntax: GRANT object-privilege ON object_name TO username [WITH GRANT OPTION] Object privileges are used to control access to specific database objects (tables, procedures etc). Most frequently used object privileges are SELECT, INSERT, UPDATE, ALTER etc. To view all the object privileges, we use SQL statement as: SELECT * FROM ROLE_TAB_PRIVS;ROLESWith the role command, you can create a named role or set of privileges. When you grant the role to auser, you grant to the user all the privileges of that role. The role is first created with CREATE ROLE andthen privileges are granted to the role using the GRANT command.ExampleCREATE ROLE student;GRANT CONNECT, RESOURCE TO student;CREATE USER student1 IDENTIFIED BY pass1;CREATE USER student2 IDENTIFIED BY pass2;
  10. 10. If we create a role and then define what privileges are required for a particular role, we can grant thatrole to a number of users who play the same role. Instead of granting privileges to each of the studentusers individually, we can grant the role student to these two users jointly.GRANT student TO student1, student1;The privileges that are granted to users or roles can be revoked using the REVOKE command.EgREVOKE CONNECT, RESOURCE FROM student;ENCRYPTION AND DECRYPTIONWhenever the data that is transmitted over the network is sensitive and needs protection from theunauthorized users, it is transformed to another form. The message/data before encryption is calledplaintext and after encryption is called the cipher text. So encryption algorithm transforms the plain textto cipher text and decryption algorithm transforms the cipher text back to the plain text. The senderuses the encryption and receiver uses the decryption algorithm. sender receiver encryption network decryption Pliaintext ciphertext ciphertext plaintextThis is not to say that every sender receiver pair needs its very own unique algorithm for a securecommunication. Instead, through the use of public algorithms with secret key, one algorithm can servemillions of communication pairs. A key is a number (value) that the algorithm operates on. To encryptthe message, we need an encryption algorithm, encryption key and the plain text. To decrypt themessage, we need a decryption algorithm, a decryption key and the ciphertext. Encryption keyplaintext Encryption cipher text algorithm
  11. 11. . decryption keyciphertext decryption plaintext algorithmfig: decryptionIn cryptography ( the science of transforming message to make them secure and immune to attacks),the encryption and decryption algorithm are public whereas the keys are secret.It is customary to introduce three characters in cryptography: we use Alice, Bob and Eve. Alice is theperson who needs to send secure data. Bob is the recipient of the data. Eve is the person who somehowdisturbs the communication between Alice and Bob by intercepting messages or sending her owndisguised messages.We divide the cryptography algorithms into two groups. Symmetric key (secret key or private key) algorithms Asymmetric key (public key) algorithmsSymmetric key algorithmsIn symmetric key cryptography, the same key is used by both sender and receiver. The sender uses thiskey and an encryption algorithm to encrypt the data, the receiver uses the same key and thecorresponding decryption algorithm to decrypt the data.Symmetric key algorithms are efficient. It takes less time to encrypt the message. The reason is that thekey size is smaller so used to encrypt and decrypt longer messages.The disadvantage is that each pair of users must have a unique symmetric key. This means if N people inthe world want to use this method, there needs to be N(N-1)/2 symmetric keys.
  12. 12. Shared key sender receiver encryption network decryption Pliaintext ciphertext ciphertext plaintextPUBLIC KEY ALGORITHMSIn public key cryptography, there are two keys: a private key and a public key. The private keys are keptby the receiver and the public keys are announced to the public.Image the Alice as shown in figure below, wants to send a message to Bob. Alice uses the public key toencrypt the message. When the message is received by Bob, the private key is used to decrypt themessage.The advantage is number of keys needed is reduced tremendouslyThe disadvantage is the complexity of the algorithm. Since key size is larger, calculating the ciphertextfrom the plaintext using the long keys takes a lot of time. So it is not recommended for longer messages. Public Bob’s key private key sender receiver encryption network decryption Pliaintext ciphertext ciphertext plaintext
  13. 13. AUTHENTICATIONIt refers to the task of verifying the identity of a person/software connecting to the database. Thesimplest form of authentication consists of a secret password which must be presented when aconnection is opened to a database.Password based authentication is used widely by operating systems as well as databases. However, theuse of passwords has some drawbacks, especially over a network. If an eavesdropper is able to sniff thedata being sent over the network, he/she may be able to find the password as it is being sent across thenetwork. Once the eavesdropper has a user name and password, she can connect to the database,pretending to be the legitimate user.So other approaches like DIGITAL SIGNATURE (not in scope of this course) is used. CONCURRENCY CONTROLTransactionA collection of several operations on the database appears to be a single unit from the point of view ofthe database user. For example, a transfer of fund from a checking account to a saving account is asingle operation from the customer’s standpoint; within the database system, however, it consists ofseveral operations. Collections of operations that form a single logical unit of work are calledtransactions.Properties of transactionTo ensure the integrity of data, we require that the database system maintain the following propertiesof transactions. Atomicity: Either all operations of the transaction are reflected properly in the database or none are. Consistency: Execution of a transaction in isolation ( that is, with no other transaction executing concurrently) preserves the consistency of the database. Isolation: Even though multiple transactions may execute concurrently, the system guarantees that, for every pair of transactions Ti and Tj, it appears to Ti that either Tj finished execution before Ti started, or TJ started execution after Ti finished. Thus, each transaction is unaware of other transactions executing concurrently in the system. Durability: After a transaction completes successfully, the changes it has made to the database persist, even if there are system failures.ACID properties explanation
  14. 14. To understand ACID properties, consider a simplified banking system consisting of several accounts anda set of transactions that access and update those accounts. Transactions access data using twooperations. Read (x): reads data item x from the database Write (x): writes data item x into the databaseLet Ti be the transaction that transfers 50 from account A to account B. This transaction can be definedas:Ti:Read(A);A:=A-50;Write (A);Read (B);B:=B+50;Write (B);ConsistencyThe consistency requirement here is that the sum of A and B be unchanged by the execution of thetransaction. It can be verified easily that, if the database is consistent before an execution of thetransaction, the database remains consistent after the execution of the transaction.AtomicitySuppose that, just before the execution of transaction Ti, the values of accounts A and B are 1000 and2000, respectively. Now suppose that, during the execution of transaction Ti, a failure occurs thatprevents Ti from completing its execution successfully. Examples of such failures include power failures,hardware failures and software errors. Further, suppose that the failure happened after the write (A)operation but before the Write (B) operation. In this case, the values of a account A and B reflected inthe database are 950 and 2000. The system destroyed 50 as a result of this failure. In particular, wenotice that the sum A+B is not preserved.So the transaction brought the system into inconsistent state. So transaction should guarantee that,after the completion of transaction, the system must be in consistent state. That is, either all theoperations of transaction must execute completely or none.Durability
  15. 15. Once the execution of the transaction completes successfully, and the user who initiated the transactionhas been notified that the transfer of funds has taken place, it must be the case that not system failurewill result in a loss of data corresponding to this transfer of funds.IsolationEven if the consistency and atomicity properties are ensured for each transaction, if several transactionsare executed concurrently, their operations may interleave in some undesirable way, resulting in aninconsistent state.For example, as we saw earlier, the database is temporarily inconsistent while the transaction totransfer fund from A to B is executing, with the deducted total written to A and the increased total yetto be written to B. if a second concurrently running transaction reads A and B at this intermediate pointand computes A+B, it will observe an inconsistent state.A way to avoid the problem of concurrently executing transactions is to execute transactions serially,that is, one after the other.TRANSACTION STATEA transaction must be in one of the following states. Active: the initial state, the transaction stays in this state while it is executing Partially committed: after the final statement has been executed. Failed: after the discovery that normal execution can no longer proceed Aborted: after the transaction has been rolled back and the database has been restored to its state prior to the start of the transaction. Committed: after the successful transaction. Partially committed committed Active failed aborted
  16. 16. ConcurrencyTransaction processing systems usually allow multiple transactions to run concurrently. Allowingmultiple transactions to update data concurrently causes several complications with consistency of thedata, as we saw earlier. Ensuring consistency in spite of concurrent execution of transactions requiresextra work, it is far easier to insist that transactions run serially, that is, each starting only after thepervious one has completed. However, there are two good reasons for allowing concurrency. Improved throughput and resource utilization Reduced waiting timeConsider a transaction T1 that transfers 50 from account A to B.Read (A);A:=A-50;Write (A);Read (B);B:=B+50;Write (B);Consider an another transaction T2 that transfers 10% of the balance from account A to B.Read (A);Temp:=A*0.1;A:=A-temp;Write (A);Read (B);B:=B+temp;Write (B);Suppose the current values of accounts A and B are 1000 and 2000 respectively. Suppose also that twotransactions are executed one at a time in the order T1 followed by T2.T1 T2Read (A);A:=A-50;Write (A);
  17. 17. Read (B);B:=B+50;Write (B); Read (A); Temp:=A*0.1; A:=A-temp; Write (A); Read (B); B:=B+temp; Write (B);The final values of accounts A and B, after above execution are 855 and 2145, and A+B is preserved.Similarly if the transactions are executed one at a time in the order T2 followed by T1, then A+B is alsopreserved with account A having 850 and B having 2150.T1 T2 Read (A); Temp:=A*0.1; A:=A-temp; Write (A); Read (B); B:=B+temp; Write (B);Read (A);A:=A-50;Write (A);Read (B);B:=B+50;Write (B);Above two are the examples of serial execution. When the database system executes severaltransactions concurrently, the corresponding schedule no longer needs to be serial. It two transactionsare running concurrently, the operating system may execute one transaction for a little while, thenperform a switch, execute the second transaction for some time and then switch back to the firsttransaction for some time and so on. With multiple transactions, the CPU time is shared among all thetransactions and the performance of CPU in increased.The two example of concurrent execution are as follows.T1 T2Read (A)A:=A-50Write (A) Read (A) Temp:=A*0.1
  18. 18. A:=A-temp Write (A)Read (B)B:=B+50Write (B) Read (B) B:=B+temp Write (B)Another concurrent schedule is:T1 T2Read (A)A:=A-50 Read (A) Temp:=A*0.1 A:=A-temp Write (A) Read (B)Write (A)Read (B)B:=B+50Write (B) B:=B+temp Write (B)SERIALIZABILTIYStudy selfSQL