Downloaded 39 times
Uploaded byGyanmanjari Institute Of Technology
PPTX, PDF12,281 views
Distributed DBMS - Unit 5 - Semantic Data Control
The document discusses semantic data control in database systems, focusing on data security, access control, and integrity management. It outlines approaches such as discretionary and multilevel access control, and emphasizes the importance of semantic integrity constraints to maintain database consistency. Additionally, it covers both centralized and distributed integrity control mechanisms for enforcing constraints across different data environments.
More Related Content
What's hot
Similar to Distributed DBMS - Unit 5 - Semantic Data Control
More from Gyanmanjari Institute Of Technology
Distributed DBMS - Unit 5 - Semantic Data Control
- 1.
- 2.Outlines…• Introduction ofSemantic Data Control• View Management• Authentication Control• Semantic Integrity Control• Cost of Enforcing Semantic Integrity1/11/2017 2Prof. Dhaval R. Chandarana
- 3.Data Security• Datasecurity is an important function of a database system thatprotects data against unauthorized access.• Data security includes two aspects: data protection and accesscontrol.• Data protection is required to prevent unauthorized users fromunderstanding the physical content of data.• The main data protection approach is data encryption.• Access control must be refined so that different users have differentrights on the same database objects.• There are two main approaches to database access controldiscretionary (or authorization control) mandatory or multilevel.1/11/2017 3Prof. Dhaval R. Chandarana
- 4.Discretionary Access Control•Three main actors are involved in discretionary access control.1. The subject (e.g., users, groups of users) who trigger the executionof application programs.2. Operations, which are embedded in application programs.3. The database objects, on which the operations are performed.1/11/2017 4Prof. Dhaval R. Chandarana
- 5.Authorization control• Authorizationcontrol consists of checking whether a given triple(subject, operation, object) can be allowed to proceed.• The introduction of a subject in the system is typically done by a pair(user name, password).• The objects to protect are subsets of the database. Relational systemsprovide finer and more general protection granularity than do earliersystems.• A right expresses a relationship between a subject and an object for aparticular set of operations.GRANT <operation type(s)> ON <object> TO <subject(s)>REVOKE <operation type(s)> FROM <object> TO <subject(s)>1/11/2017 5Prof. Dhaval R. Chandarana
- 6.Multilevel Access Control•Discretionary access control has some limitations. One problem isthat a malicious user can access unauthorized data through anauthorized user.• For instance, consider user A who has authorized access to relations Rand S and user B who has authorized access to relation S only. If Bsomehow manages to modify an application program used by A so itwrites R data into S, then B can read unauthorized data withoutviolating authorization rules.• Multilevel access control answers this problem and further improvessecurity by defining different security levels for both subjects anddata objects.1/11/2017 6Prof. Dhaval R. Chandarana
- 7.Multilevel Access Control•process has a security level also called clearance derived from that of theuser.• In its simplest form, the security levels are Top Secret (TS), Secret (S),Confidential (C) and Unclassified (U), and ordered as TS > S >C >U, where“>” means “more secure”.• Access in read and write modes by subjects is restricted by two simplerules:Rule 1 (called “no read up”)• protects data from unauthorized disclosure, i.e., a subject at a givensecurity level can only read objects at the same or lower security levels.Rule 2 (called “no write down”)• protects data from unauthorized change, i.e., a subject at a given securitylevel can only write objects at the same or higher security levels.1/11/2017 7Prof. Dhaval R. Chandarana
- 8.Distributed Access Control•The additional problems of access control in a distributedenvironment stem from the fact that objects and subjects aredistributed and that messages with sensitive data can be read byunauthorized users.• These problems are: remote user authentication, management ofdiscretionary access rules, handling of views and of user groups, andenforcing multilevel access control.• Remote user authentication is necessary since any site of adistributed DBMS may accept programs initiated, and authorized, atremote sites.1/11/2017 8Prof. Dhaval R. Chandarana
- 9.Distributed Access Control•Three solutions are possible for managing authentication1. Authentication information is maintained at a central site for globalusers which can then be authenticated only once and then accessedfrom multiple sites.2. The information for authenticating users (user name and password)is replicated at all sites in the catalog.3. Intersite communication is thus protected by the use of the sitepassword. Once the initiating site has been authenticated, there isno need for authenticating their remote users.1/11/2017 9Prof. Dhaval R. Chandarana
- 10.Semantic Integrity Control•Another important and difficult problem for a database system is howto guarantee database consistency.• A database state is said to be consistent if the database satisfies a setof constraints, called semantic integrity constraints.• Maintaining a consistent database requires various mechanisms suchas concurrency control, reliability, protection, and semantic integritycontrol, which are provided as part of transaction management.• Semantic integrity control ensures database consistency by rejectingupdate transactions that lead to inconsistent database states, or byactivating specific actions on the database state, which compensatefor the effects of the update transactions.1/11/2017 10Prof. Dhaval R. Chandarana
- 11.Semantic Integrity Control•Two main types of integrity constraints can be distinguished:structural constraints and behavioral constraints.• Structural constraints express basic semantic properties inherent to amodel. Examples of such constraints are unique key constraints in therelational model, or one-to-many associations between objects in theobject-oriented model.• Behavioral constraints are essential in the database design process.They can express associations between objects, such as inclusiondependency in the relational model, or describe object propertiesand structures.1/11/2017 11Prof. Dhaval R. Chandarana
- 12.Centralized Semantic IntegrityControl• Specification of Integrity Constraints• triggers (event-condition-action rules) can be used to automaticallypropagate updates, and thus to maintain semantic integrity.• We can distinguish between three types of integrity constraints:predefined, precondition, or general constraints.• EMP(ENO, ENAME, TITLE)• PROJ(PNO, PNAME, BUDGET)• ASG(ENO, PNO, RESP, DUR)1/11/2017 12Prof. Dhaval R. Chandarana
- 13.Centralized Semantic IntegrityControl• Predefined constraints are based on simple keywords. Through them,it is possible to express concisely the more common constraints of therelational model, such as non-null attribute, unique key, foreign key,or functional dependency.• Employee number in relation EMP cannot be null.ENO NOT NULL IN EMP• The project number PNO in relation ASG is a foreign key matching theprimary key PNO of relation PROJ.PNO IN ASG REFERENCES PNO IN PROJ1/11/2017 13Prof. Dhaval R. Chandarana
- 14.Centralized Semantic IntegrityControl• Precondition constraints express conditions that must be satisfied by alltuples in a relation for a given update type. The update type, which mightbe INSERT, DELETE, or MODIFY, permits restricting the integrity control.• Precondition constraints can be expressed with the SQL CHECK statementenriched with the ability to specify the update type.CHECK ON <relation name > WHEN <update type>(<qualification over relation name>)• The budget of a project is between 500K and 1000K.CHECK ON PROJ (BUDGET+ >= 500000 AND BUDGET <= 1000000)• Only the tuples whose budget is 0 may be deleted.CHECK ON PROJ WHEN DELETE (BUDGET = 0)1/11/2017 14Prof. Dhaval R. Chandarana
- 15.Centralized Semantic IntegrityControl• General constraints are formulas of tuple relational calculus where allvariables are quantified. The database system must ensure that thoseformulas are always true.CHECK ON list of <variable name>:<relation name>,(<qualification>)• The total duration for all employees in the CAD project is less than100.• CHECK ON g:ASG, j:PROJ (SUM(g.DUR WHERE g.PNO=j.PNO)<100 IFj.PNAME="CAD/CAM")1/11/2017 15Prof. Dhaval R. Chandarana
- 16.Distributed Semantic IntegrityControl• Definition of Distributed Integrity Constraints• Assertions can involve data stored at different sites, the storage of theconstraints must be decided so as to minimize the cost of integritychecking. There is a strategy based on a taxonomy of integrity constraintsthat distinguishes three classes:• Individual constraints: single-relation single-variable constraints. Theyrefer only to tuples to be updated independently of the rest of thedatabase.• Set-oriented constraints: include single-relation multivariable constraintssuch as functional dependency and multirelation multivariable constraintssuch as foreign key constraints• Constraints involving aggregates: require special processing because of thecost of evaluating the aggregates.1/11/2017 16Prof. Dhaval R. Chandarana
- 17.Individual constraints• Considerrelation EMP, horizontally fragmented across three sitesusing the predicates and the domain constraint C: ENO < “E4”. p1 : 0 ENO < “E3” p2 : ”E3” ENO “E6” p3 : ENO > “E6”• Constraint C is compatible with p1 (if C is true, p1 is true) and p2 (if Cis true, p2 is not necessarily false), but not with p3 (if C is true, thenp3 is false). Therefore, constraint C should be globally rejectedbecause the tuples at site 3 cannot satisfy C, and thus relation EMPdoes not satisfy C.1/11/2017 17Prof. Dhaval R. Chandarana
- 18.Set-oriented constraints.• Set-orientedconstraint are multivariable; that is, they involve joinpredicates.• Three cases, given in increasing cost of checking, can occur:1. The fragmentation of R is derived from that of S based on a semijoin on the attribute used in the assertion join predicate.2. S is fragmented on join attribute.3. S is not fragmented on join attribute.1/11/2017 18Prof. Dhaval R. Chandarana
- 19.Set-oriented constraints.• Inthe first case, compatibility checking is cheap since the tuple of Smatching a tuple of R is at the same site.• In the second case, each tuple of R must be compared with at mostone fragment of S, because the join attribute value of the tuple of Rcan be used to find the site of the corresponding fragment of S.• In the third case, each tuple of R must be compared with allfragments of S. If compatibility is found for all tuples of R, theconstraint can be stored at each site.1/11/2017 19Prof. Dhaval R. Chandarana
- 20.Constraints involving aggregates•These constraints are among the most costly to test because theyrequire the calculation of the aggregate functions.• The aggregate functions generally manipulated are MIN, MAX, SUM,and COUNT.• Each aggregate function contains a projection part and a selectionpart.1/11/2017 20Prof. Dhaval R. Chandarana