CHAPTER 5 SECURITY ADVANCED DATABASE SYSTEMS. Assist. Prof. Dr. Volkan TUNALI
|
|
- Preston Richardson
- 6 years ago
- Views:
Transcription
1 CHAPTER 5 SECURITY ADVANCED DATABASE SYSTEMS Assist. Prof. Dr. Volkan TUNALI
2 Topics 2 Introduction Discretionary Access Control Mandatory Access Control Statistical Databases Data Encryption SQL Facilities
3 Introduction 3 Security protecting data against unauthorized users Integrity protecting data against authorized users Constraints for assuring Security and Integrity Must be explicitly defined Maintained and stored in the catalog Continuous monitoring by the DBMS so that Constraints are not violated
4 Security Aspects 4 Aspects of the Security problem Legal, social, and ethical aspects Physical controls Policy questions Operational problems Hardware controls Operating system support Issues related to the database itself
5 Database Security 5 Approaches to the database security Discretionary control (flexible) Users have different privileges on different objects Mandatory control (rigid) Each data object has a certain classification level Each user has a certain clearance level
6 Security Policy 6 Security is a policy issue, not a technical one Access request checked by security subsystem authorization Requested operation Requested object Requesting user Authentication checking that users are who they say User groups have the same same privileges roles A powerful tool commonly used to administer large databases
7 Discretionary Access Control 7 Security languages usually state what is allowed rather than constrained. AUTHORITY SA3 GRANT RETRIEVE ( S#, SNAME, CITY ), DELETE ON S TO Jim, Fred, Mary ; AUTHORITY <authority name> GRANT <privilege commalist> ON <relvar name> TO <user ID commalist> ; Unauthorized attempts may be logged DROP AUTHORITY <authority name> ;
8 Discretionary Access Control 8 AUTHORITY EX1 GRANT RETRIEVE ( P#, PNAME, WEIGHT ) ON P TO Jacques, Anne, Charley ; AUTHORITY EX2 GRANT RETRIEVE, UPDATE ( SNAME, STATUS ), DELETE ON LS TO Dan, Misha ; VAR SSPPR VIEW ( S JOIN SP JOIN (P WHERE CITY = Rome ) { P# }) { ALL BUT P#, QTY } ; AUTHORITY EX3 GRANT RETRIEVE ON SSPPR TO Giovanni ;
9 Discretionary Access Control 9 VAR SSQ VIEW SUMMARIZE SP PER S { S# } ADD SUM ( QTY ) AS SQ ; AUTHORITY EX4 GRANT RETRIEVE ON SSQ TO Fidel ; AUTHORITY EX5 GRANT RETRIEVE, UPDATE ( STATUS ) ON S WHEN DAY( ) IN ( Mon, Tue, Wed, Thu, Fri ) AND NOW( ) >= TIME 09:00:00 AND NOW( ) <= TIME 17:00:00 TO Purchasing ;
10 Discretionary Access Control 10 Request modification (University Ingres and QUEL) QUEL requests are modified so that no constraint violation possible DEFINE PERMIT RETRIEVE ON P TO U WHERE P.CITY = London RETRIEVE ( P.P#, P.WEIGHT ) WHERE P.COLOR = Red The system modifies these to the following: RETRIEVE ( P.P#, P.WEIGHT ) WHERE P.COLOR = Red AND P.CITY = London
11 Discretionary Access Control 11 Request modification (cont d) DEFINE PERMIT APPEND, RETRIEVE, REPLACE ON S ( S#, CITY ) TO Joe AT TTA4 FROM 9:00 TO 17:00 ON Sat TO Sun WHERE S.STATUS < 50 AND S.S# = SP.S# AND SP.P# = P.P# AND P.COLOR = Red Audit trail a special file or db in which the system keeps track of all operations performed by users Request, terminal, user, time, relvars, tuples, attributes, old values, new values
12 Mandatory Access Control 12 Mandatory access controls are usually applicable to static and rigid databases An example of clearance level of users and classification level of db objects Top secret > Secret > Confidential Simple security property user i can retrieve object j only if his/her clearance level is greater than or equal to classification level of j Star property user i can update object j only if his/her clearance level is equal to the classification level of j In the 1990s most DBMSs supported MAC because of DoD requirement
13 Mandatory Access Control 13 Multi-level security S WHERE CITY = London S WHERE CITY = London AND CLASS <= user clearance
14 Mandatory Access Control 14 Multi-level security (cont d) INSERT INTO S RELATION { TUPLE { S# S# ( S4 ), SNAME NAME ( Baker ), STATUS 25, CITY Rome } } ; This insert is not rejected but modified as follows: INSERT INTO S RELATION { TUPLE { S# S# ( S4 ), SNAME NAME ( Baker ), STATUS 25, CITY Rome } }, CLASS CLASS ( 3 ) } } ;
15 Statistical Databases 15 Statistical dbs permit queries that derive aggregated information but not queries that derive individual information. What is the average employee salary? Allowed Whay is the salary of employee mary? Rejected Problem: Deduction of confidential information by inference. Data Warehouses
16 Statistical Databases 16 WITH ( STATS WHERE SEX = M AND OCCUPATION = Programmer AS X : COUNT ( X ) WITH ( STATS WHERE SEX = M AND OCCUPATION = Programmer AS X : SUM ( X, SALARY )
17 Statistical Databases 17 The system should refuse queries for which the cardinality of the set to be summarized is less than some lower bound b and greater than the upper bound N b where N is the cardinality of the given relation ( b <= c <= N-b ) COUNT ( STATS ) WITH ( STATS WHERE NOT ( SEX = M AND OCCUPATION = Programmer )) AS X: COUNT (X) SUM ( STATS, SALARY ) WITH ( STATS WHERE NOT ( SEX = M AND OCCUPATION = Programmer )) AS X: SUM ( X, SALARY )
18 Statistical Databases 18 Using STATS table, assume that b=2 (N=10) Queries will be answered if (2 <= c <= 8 ) Therefore SEX = M and OCCUPATION = Programmer will not be answered. BUT: WITH ( STATS WHERE SEX = M ) AS X: COUNT (X) WITH ( STATS WHERE SEX = M AND NOT (OCCUPATION = Programmer )) AS X: COUNT (X) WITH ( STATS WHERE SEX = M ) AS X: SUM ( X, SALARY ) WITH ( STATS WHERE SEX = M AND NOT ( OCCUPATION = Programmer ) ) AS X: SUM ( X, SALARY ) Individual tracker enables the user to track down info about a particular record
19 Statistical Databases 19 If BE identifies some specific individual I, and if BE can be expressed in the form BE1 AND BE2 then BE1 AND NOT BE2 is a tracker for I set (BE)= set (BE1 AND BE2 ) = set (BE1 ) minus set ( BE1 AND NOT BE2 )
20 Statistical Databases 20 General tracker a boolean expression that can be used to find the answer to any inadmissible query T is a general tracker if and only if NOT T is also a general tracker ( 2b <= c <= N-2b ) Example: assume b=2 and 4<=c<= 6 and AUDITS=0 WITH ( STATS WHERE AUDITS = 0 ) AS X : COUNT ( X ) WITH ( STATS WHERE NOT ( AUDITS = 0 ) ) AS X : COUNT ( X ) WITH ( STATS ( WHERE ( SEX = M AND OCCUPATION = Programmer ) OR AUDITS = 0 ) AS X : COUNT ( X ) WITH ( STATS ( WHERE ( SEX = M AND OCCUPATON= Programmer ) OR NOT (AUDITS=0)) AS X: COUNT ( X )
21 Statistical Databases 21 Example (cont d) WITH ( STATS WHERE AUDITS = 0 ) AS X : SUM ( X, SALARY ) WITH ( STATS WHERE NOT ( AUDITS = 0 ) ) AS X : SUM ( X, SALARY ) WITH ( STATS ( WHERE ( SEX = M AND OCCUPATION = Programmer ) OR AUDITS = 0 ) AS X : SUM ( X, SALARY ) WITH ( STATS ( WHERE ( SEX = M AND OCCUPATON= Programmer ) OR NOT (AUDITS=0)) AS X: SUM ( X, SALARY ) Result : =
22 Statistical Databases 22 General tracker: set (BE) = (set(be OR T) plus set (BE OR NOT T)) minus set (T OR NOT T) A General Tracker almost always exists.
23 Data Encryption 23 Usually for data in transmission, but also for the data in the database Terminology: Plaintext original data Encryption algorithm used to encrypt by an encryption key Ciphertext encrypted data Two approaches Substitution of other characters Permutation plaintext characters are arranged into some different sequence Data Encryption Standard (DES) by IBM in 1977 Plaintext is divided into 64-bit blocks, then permutation
24 Data Encryption 24 Public key encryption both the encryption algorithm and the encryption key are freely available, but not decryption key RSA scheme There is a known fast algorithm for determining whether a given number is prime There is no known fast algoritm for finding the prime factors of a given nonprime number
25 SQL Facilities 25 SQL supports only Discretionary Access Control Plus View mechanism Authorization subsystem CREATE VIEW LS AS SELECT S.S#, S.SNAME, S.STATUS, S.CITY FROM S WHERE S.CITY = London ; GRANT SELECT, UPDATE (SNAME, STATUS), DELETE ON LS TO Dan, Misha ; CREATE VIEW SSQ AS SELECT S.S#, (SELECT SUM (SP.QTY) FROM SP WHERE SP.S# = S.S# ) AS SQ FROM S ; GRANT SELECT ON SSQ TO Fidel ;
26 SQL Facilities 26 Creator of any object (owner) has all privileges on that object GRANT <privilege commalist> ON <object> TO <user ID commalist> [WITH GRANT OPTION] ; Privileges USAGE, SELECT, INSERT, UPDATE, DELETE, REFERENCES Objects DOMAIN, TABLE <user ID commalist> or PUBLIC WITH GRANT OPTION the users can in turn grant privileges to other users REVOKE [GRANT OPTION FOR] <privilege commalist> ON <object> FROM <user ID commalist> <option> ;
Unit 14 Security and Integrity
Unit 14 Security and Integrity 14-1 Contents 14.1 Introduction 14.2 Security 14.3 Integrity 14.4 Security and Integrity in INGRES 14.5 Security in Statistical Databases user 14.6 Data Encryption DBMS user
More informationCHAPTER 4 MISSING INFORMATION ADVANCED DATABASE SYSTEMS. Assist. Prof. Dr. Volkan TUNALI
CHAPTER 4 MISSING INFORMATION ADVANCED DATABASE SYSTEMS Assist. Prof. Dr. Volkan TUNALI Topics 2 Introduction The 3VL Approach NULLs and Keys Outer Join SQL Facilities Introduction 3 Information is often
More informationChapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao
Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database
More informationChapter 8 INTEGRITY 1
Chapter 8 INTEGRITY 1 Introduction Integrity refers to the correctness or accuracy of data in the database For examples: In Supplier-Part-Project database, the status values might have to be in the range
More informationDatabase Security. Authentification: verifying the id of a user. Authorization: checking the access privileges
Database Security Security Tasks Authentification: verifying the id of a user Authorization: checking the access privileges Auditing: looking for violations (in the past) 1 Data Security Dorothy Denning,
More informationChapter 7 Relational Calculus
Chapter 7 Relational Calculus Relational algebra tells us how to construct a table, while relational calculus tells us what to get for that table. For example, consider the query Get supplier numbers and
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 12: Database Security Department of Computer Science and Engineering University at Buffalo 1 Review of Access Control Types We previously studied four types
More informationDiscretionary Vs. Mandatory
Discretionary Vs. Mandatory Discretionary access controls (DAC) Privilege propagated from one subject to another Possession of an access right is sufficient to access the object Mandatory access controls
More informationSecurity and Authorization
Security and Authorization Sub-sets of SQL Data retrieval: SELECT Data Manipulation Language (DML): INSERT, UPDATE, DELETE Data Definition Language (DDL): CREATE, ALTER, DROP, RENAME Transaction control:
More informationUnit 3 The Relational Model
Unit 3 The Relational Model 3-1 Outline 31 Introduction 32 Relational Data Structure 33 Relational Integrity Rules 34 Relational Algebra 35 Relational Calculus 3-2 31 Introduction 3-3 Relational Model
More informationAccess Control. Protects against accidental and malicious threats by
Access Control 1 Access Control Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects: system resources for which protection
More informationUnit 5.2b - Security 1. Security. Unit 5.2b
Security Unit 5.2b Unit 5.2b - Security 1 Security Database Security involves protection against: unauthorised disclosures alteration destruction The protection which security gives is usually directed
More informationRelational Data Structure and Concepts. Structured Query Language (Part 1) The Entity Integrity Rules. Relational Data Structure and Concepts
Relational Data Structure and Concepts Structured Query Language (Part 1) Two-dimensional tables whose attributes values are atomic. At every row-and-column position within the table, there always exists
More informationIntroduction To Security and Privacy Einführung in die IT-Sicherheit I
Introduction To Security and Privacy Einführung in die IT-Sicherheit I Prof. Dr. rer. nat. Doğan Kesdoğan Institut für Wirtschaftsinformatik kesdogan@fb5.uni-siegen.de http://www.uni-siegen.de/fb5/itsec/
More informationCPS510 Database System Design Primitive SYSTEM STRUCTURE
CPS510 Database System Design Primitive SYSTEM STRUCTURE Naïve Users Application Programmers Sophisticated Users Database Administrator DBA Users Application Interfaces Application Programs Query Data
More informationAccess Control. Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions
Access Control 1 Access Control Access control: ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects: system resources for which protection
More informationInformation Systems. Relational Databases. Nikolaj Popov
Information Systems Relational Databases Nikolaj Popov Research Institute for Symbolic Computation Johannes Kepler University of Linz, Austria popov@risc.uni-linz.ac.at Outline The Relational Model (Continues
More informationDatabase Security Lecture 10
Database Security Lecture 10 Database security Grant-Revoke Model Elisa Bertino bertino@cs.purdue.edu Access Control in Commercial DBMSs Most commercial systems adopt DAC Current discretionary authorization
More informationCPS 510 Data Base I. There are 3 forms of database descriptions the ANSI/SPARK, 1975 and so on
Introduction DBMS 1957 A database can be defined as a set of Master files, organized & administered in a flexible way, so that the files in the database can be easily adapted to new unforeseen tasks! Relation
More informationInstructor: Jinze Liu. Fall 2008
Instructor: Jinze Liu Fall 2008 http://www.securityfocus.com/news/11455 Jinze Liu @ University of Kentucky 9/22/2008 2 Source: http://www.gocsi.com/ Database Security - Farkas 3 Almost all corporate/organizational
More informationDers # 7. Veri Bütünlüğü Programlama ve Güvenlik. From Elmasri/Navathe textbook Ch9,26 Sciore textbook, Ch 9-10
Ders # 7 Veri Bütünlüğü Programlama ve Güvenlik From Elmasri/Navathe textbook Ch9,26 Sciore textbook, Ch 9-10 Outline: General Constraints as Assertions Triggers Security Objective: Specification of more
More informationDatabase Redesign. 1. Additional SQL Statements 3 1) Correlated Sub-Query 3 2) EXISTS 4 3) NOT EXISTS 7 4) double NOT EXISTS (FOR ALL) 9.
Database Redesign 1. Additional SQL Statements 3 1) Correlated Sub-Query 3 2) EXISTS 4 3) NOT EXISTS 7 4) double NOT EXISTS (FOR ALL) 9 [Report] 14 Additional SQL Statements (Database Redesign) What we
More informationCS5300 Database Systems
CS5300 Database Systems Views A.R. Hurson 323 CS Building hurson@mst.edu Note, this unit will be covered in two lectures. In case you finish it earlier, then you have the following options: 1) Take the
More informationCS419 Spring Computer Security. Vinod Ganapathy Lecture 15. Chapter 5: Database security
CS419 Spring 2010 Computer Security Vinod Ganapathy Lecture 15 Chapter 5: Database security Database Security Relational Databases constructed from tables of data each column holds a particular type of
More informationUNIT 11. Query Optimization
UNIT Query Optimiztion Contents Introduction to Query Optimiztion 2 The Optimiztion Process: An Overview 3 Optimiztion in System R 4 Optimiztion in INGRES 5 Implementing the Join Opertors Wei-Png Yng,
More informationProtecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 10 - Identity Management and Access Control MIS5206 Week 10 Identity Management and Access Control Presentation Schedule Test Taking Tip Quiz Identity Management and
More informationAccess Control. Discretionary Access Control
Access Control Discretionary Access Control 1 Outlines Access Control Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role-Based Access Control (RBAC) 2 Access Control Access control
More informationUFCEKG 20 2 : Data, Schemas and Applications
Lecture 11 UFCEKG 20 2 : Data, Schemas and Applications Lecture 11 Database Theory & Practice (5) : Introduction to the Structured Query Language (SQL) Origins & history Early 1970 s IBM develops Sequel
More informationMultilevel relations: Schema and multiple instances based on each access class. A multilevel relation consists of two parts:
The Jajodia & Sandhu model Jajodia & Sandhu (1991), a model for the application of mandatory policies in relational database systems. Based on the sec classifications introduced in BLP. It extends the
More informationIT Service Delivery and Support Week Three. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao
IT Service Delivery and Support Week Three IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao 1 Infrastructure Essentials Computer Hardware Operating Systems (OS) & System Software Applications
More informationDatabase Applications (15-415)
Database Applications (15-415) The Relational Model Lecture 3, January 18, 2015 Mohammad Hammoud Today Last Session: The entity relationship (ER) model Today s Session: ER model (Cont d): conceptual design
More informationDatabase Security Overview. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Database Security Overview Murat Kantarcioglu Topics The access control model of System R Extensions to the System R model Views and content-based
More informationPost-Class Quiz: Access Control Domain
1. In order to perform data classification process, what must be present? A. A data classification policy. B. A data classification standard. C. A data classification procedure. D. All of the above. 2.
More informationData Science 100. Databases Part 2 (The SQL) Slides by: Joseph E. Gonzalez & Joseph Hellerstein,
Data Science 100 Databases Part 2 (The SQL) Slides by: Joseph E. Gonzalez & Joseph Hellerstein, jegonzal@berkeley.edu jhellerstein@berkeley.edu? Previously Database Management Systems A database management
More informationIntroduction The SELECT statement: basics Nested queries Set operators Update commands Table management
Databases Unit 3 DB M B G Introduction The SELECT statement: basics Nested queries Set operators Update commands Table management D B M G 2 2013 Politecnico di Torino 1 Introduction DB M B G Introduction
More informationChapter 6: Integrity and Security.! Domain Constraints! Referential Integrity! Assertions! Triggers! Security! Authorization! Authorization in SQL
Chapter 6: Integrity and Security! Domain Constraints! Referential Integrity! Assertions! Triggers! Security! Authorization! Authorization in SQL 6.1 Domain Constraints! Integrity constraints guard against
More information(All chapters begin with an Introduction end with a Summary, Exercises, and Reference and Bibliography) Preliminaries An Overview of Database
(All chapters begin with an Introduction end with a Summary, Exercises, and Reference and Bibliography) Preliminaries An Overview of Database Management What is a database system? What is a database? Why
More informationData Science 100 Databases Part 2 (The SQL) Previously. How do you interact with a database? 2/22/18. Database Management Systems
Data Science 100 Databases Part 2 (The SQL) Slides by: Joseph E. Gonzalez & Joseph Hellerstein, jegonzal@berkeley.edu jhellerstein@berkeley.edu? Previously Database Management Systems A database management
More informationAccess Control Models
Access Control Models Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu Access Control Models Access Control to regulate
More informationChapter 5: Database Security
i Chapter 5: Comp Sci 3600 Outline i 1 2 i 3 4 5 Outline i 1 2 i 3 4 5 What is a i Structured collection of data stored for use by one or more applications Contains the relationships between data items
More informationMobile and Heterogeneous databases Security. A.R. Hurson Computer Science Missouri Science & Technology
Mobile and Heterogeneous databases Security A.R. Hurson Computer Science Missouri Science & Technology 1 Note, this unit will be covered in two lectures. In case you finish it earlier, then you have the
More informationIntroduction to Data Management CSE 344. Lectures 8: Relational Algebra
Introduction to Data Management CSE 344 Lectures 8: Relational Algebra CSE 344 - Winter 2017 1 Announcements Homework 3 is posted Microsoft Azure Cloud services! Use the promotion code you received Due
More informationCopyright 2016 Ramez Elmasri and Shamkant B. Navathe
CHAPTER 19 Query Optimization Introduction Query optimization Conducted by a query optimizer in a DBMS Goal: select best available strategy for executing query Based on information available Most RDBMSs
More informationCS 356 Lecture 7 Access Control. Spring 2013
CS 356 Lecture 7 Access Control Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,
More informationThe Relational Model. Chapter 3. Comp 521 Files and Databases Fall
The Relational Model Chapter 3 Comp 521 Files and Databases Fall 2012 1 Why Study the Relational Model? Most widely used model by industry. IBM, Informix, Microsoft, Oracle, Sybase, etc. It is simple,
More informationConcepts of Database Management Seventh Edition. Chapter 4 The Relational Model 3: Advanced Topics
Concepts of Database Management Seventh Edition Chapter 4 The Relational Model 3: Advanced Topics Views View: application program s or individual user s picture of the database Less involved than full
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 5 Database Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Database Security 2 Relational Databases constructed
More informationUnit 4 SQL language: other definitions
Databases D B M G Unit 4 SQL language: other definitions SQL language: other definitions Transactions Use of SQL in programming languages, SQL for applications Access control Index management D B M G 2
More informationDiscretionary Access Control (DAC)
CS 5323 Discretionary Access Control (DAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 7 ravi.utsa@gmail.com www.profsandhu.com Ravi Sandhu 1 Authentication, Authorization, Audit AAA
More informationFOREWARD. Keith F. Brewster May 1996 Acting Chief, Partnerships and Processes
NCSC TECHNICAL REPORT - 005 Volume 5/5 Library No. S-243,039 FOREWARD This report is the fifth of five companion documents to the Trusted Database Management System interpretation of the Trusted Computer
More informationRelational Database Languages
Relational Database Languages Tuple relational calculus ALPHA (Codd, 1970s) QUEL (based on ALPHA) Datalog (rule-based, like PROLOG) Domain relational calculus QBE (used in Access) History of SQL Standards:
More informationHistory of SQL. Relational Database Languages. Tuple relational calculus ALPHA (Codd, 1970s) QUEL (based on ALPHA) Datalog (rule-based, like PROLOG)
Relational Database Languages Tuple relational calculus ALPHA (Codd, 1970s) QUEL (based on ALPHA) Datalog (rule-based, like PROLOG) Domain relational calculus QBE (used in Access) History of SQL Standards:
More informationChapter 4. Basic SQL. SQL Data Definition and Data Types. Basic SQL. SQL language SQL. Terminology: CREATE statement
Chapter 4 Basic SQL Basic SQL SQL language Considered one of the major reasons for the commercial success of relational databases SQL Structured Query Language Statements for data definitions, queries,
More informationThe Relational Model. Outline. Why Study the Relational Model? Faloutsos SCS object-relational model
The Relational Model CMU SCS 15-415 C. Faloutsos Lecture #3 R & G, Chap. 3 Outline Introduction Integrity constraints (IC) Enforcing IC Querying Relational Data ER to tables Intro to Views Destroying/altering
More informationRelational Databases BORROWED WITH MINOR ADAPTATION FROM PROF. CHRISTOS FALOUTSOS, CMU /615
Relational Databases BORROWED WITH MINOR ADAPTATION FROM PROF. CHRISTOS FALOUTSOS, CMU 15-415/615 Roadmap 3 Introduction Integrity constraints (IC) Enforcing IC Querying Relational Data ER to tables Intro
More informationWEEK 3. EE562 Slides and Modified Slides from Database Management Systems, R.Ramakrishnan 1
WEEK 3 EE562 Slides and Modified Slides from Database Management Systems, R.Ramakrishnan 1 Find names of parts supplied by supplier S1 (Book Notation) (using JOIN) SP JOIN P WHERE S# = S1 {PNAME} (SP WHERE
More informationCopyright 2016 Ramez Elmasri and Shamkant B. Navathe
CHAPTER 6 Basic SQL Slide 6-2 Chapter 6 Outline SQL Data Definition and Data Types Specifying Constraints in SQL Basic Retrieval Queries in SQL INSERT, DELETE, and UPDATE Statements in SQL Additional Features
More informationChapter 4. Basic SQL. Copyright 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Chapter 4 Basic SQL Copyright 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 4 Outline SQL Data Definition and Data Types Specifying Constraints in SQL Basic Retrieval Queries
More informationRelational Databases
Relational Databases Lecture 2 Chapter 3 Robb T. Koether Hampden-Sydney College Fri, Jan 18, 2013 Robb T. Koether (Hampden-Sydney College) Relational Databases Fri, Jan 18, 2013 1 / 26 1 Types of Databases
More informationDATABASE SECURITY AND PRIVACY. Some slides were taken from Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security
DATABASE SECURITY AND PRIVACY Some slides were taken from 463.5.1 Database Access Control Tutorial, Lars Olson, UIUC CS463, Computer Security Database Security Protect Sensitive Data from Unauthorized
More informationThe Relational Model. Chapter 3
The Relational Model Chapter 3 Why Study the Relational Model? Most widely used model. Systems: IBM DB2, Informix, Microsoft (Access and SQL Server), Oracle, Sybase, MySQL, etc. Legacy systems in older
More informationA Sample Solution to the Midterm Test
CS3600.1 Introduction to Database System Fall 2016 Dr. Zhizhang Shen A Sample Solution to the Midterm Test 1. A couple of W s(10) (a) Why is it the case that, by default, there are no duplicated tuples
More informationRelational Database Systems Part 01. Karine Reis Ferreira
Relational Database Systems Part 01 Karine Reis Ferreira karine@dpi.inpe.br Aula da disciplina Computação Aplicada I (CAP 241) 2016 Database System Database: is a collection of related data. represents
More informationThe Relational Model. Chapter 3. Database Management Systems, R. Ramakrishnan and J. Gehrke 1
The Relational Model Chapter 3 Database Management Systems, R. Ramakrishnan and J. Gehrke 1 Why Study the Relational Model? Most widely used model. Vendors: IBM, Informix, Microsoft, Oracle, Sybase, etc.
More informationMULTILEVEL POLICY BASED SECURITY IN DISTRIBUTED DATABASE
MULTILEVEL POLICY BASED SECURITY IN DISTRIBUTED DATABASE CHAPTER 8 Addressing security demands under fixed budgets and deadline constraints are becoming extremely challenging, time consuming and resource
More informationCSC 261/461 Database Systems Lecture 6. Fall 2017
CSC 261/461 Database Systems Lecture 6 Fall 2017 Use of WITH The WITH clause allows a user to define a table that will only be used in a particular query (not available in all SQL implementations) Used
More informationCPS 510 Data Base I. Query: find all SNRs whose scodes are greater than some SNRs whose name is CB.
11. ANY Query: find all SNRs whose scodes are greater than some SNRs whose name is CB. SQL: SELECT snr FROM s x WHERE scodes > ANY ( SELECT scode FROM s y WHERE y.sname= CB ); snr S2 S4 S5 12. ALL Query:
More informationFundamentals of Database Systems
204222 - Fundamentals of Database Systems Chapter 24 Database Security Adapted for 204222 by Areerat Trongratsameethong Copyright 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Outline
More informationActen (Action Entity) Model
Acten (Action Entity) Model Proposed by Bussolati et al 1983 As an extension to the TG model Further administrative privileges Predicates on authorization Two separate graphs Access Authorizations Administrative
More informationFUNDAMENTALS OF. Database S wctpmc. Shamkant B. Navathe College of Computing Georgia Institute of Technology. Addison-Wesley
FUNDAMENTALS OF Database S wctpmc SIXTH EDITION Ramez Elmasri Department of Computer Science and Engineering The University of Texas at Arlington Shamkant B. Navathe College of Computing Georgia Institute
More informationChapter 4: Access Control
(DAC) Chapter 4: Comp Sci 3600 Security Outline (DAC) 1 2 (DAC) 3 4 5 Attribute-based control (DAC) The prevention of unauthorized use of a resource, including the prevention of use of a resource in an
More informationThe Relational Model. Chapter 3. Comp 521 Files and Databases Fall
The Relational Model Chapter 3 Comp 521 Files and Databases Fall 2014 1 Why the Relational Model? Most widely used model by industry. IBM, Informix, Microsoft, Oracle, Sybase, MySQL, Postgres, Sqlite,
More informationChapter 6 5/2/2008. Chapter Outline. Database State for COMPANY. The Relational Algebra and Calculus
Chapter 6 The Relational Algebra and Calculus Chapter Outline Example Database Application (COMPANY) Relational Algebra Unary Relational Operations Relational Algebra Operations From Set Theory Binary
More informationFundamentals of. Database Systems. Shamkant B. Navathe. College of Computing Georgia Institute of Technology PEARSON.
Fundamentals of Database Systems 5th Edition Ramez Elmasri Department of Computer Science and Engineering The University of Texas at Arlington Shamkant B. Navathe College of Computing Georgia Institute
More informationSystems:;-'./'--'.; r. Ramez Elmasri Department of Computer Science and Engineering The University of Texas at Arlington
Data base 7\,T"] Systems:;-'./'--'.; r Modelsj Languages, Design, and Application Programming Ramez Elmasri Department of Computer Science and Engineering The University of Texas at Arlington Shamkant
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationAsset Analysis -I. 1. Fundamental business processes 2.Critical ICT resources for these processes 3.The impact for the organization if
Asset Analysis Asset Analysis -I It discovers the assets that result in an impact (a loss for the organization) if successfully attacked It should discover which ICT resources an organization needs to
More informationUnix, History
Operating systems Examples from Unix, VMS, Windows NT on user authentication, memory protection and file and object protection. Trusted Operating Systems, example from PitBull Unix, History Unix, History
More informationCSC 474/574 Information Systems Security
omputer cience 474/574 Information ystems ecurity Topic 7.1: DA and MA in Databases 474/574 Dr. Peng Ning 1 Outline DA in DBM Grant and revoke View MA in DBM omputer cience 474/574 Dr. Peng Ning 2 1 DA
More informationIntroduction to Database Management Systems
Relational Data Model Relational Data Model 1 o Relations o Attributes o Tuples o Relations o Primary Keys o Objectives o Comparison to other models o Components o Relation Properties o Kinds of Relations
More informationCT13 DATABASE MANAGEMENT SYSTEMS DEC 2015
Q.1 a. Explain the role of concurrency control software in DBMS with an example. Answer: Concurrency control software in DBMS ensures that several users trying to update the same data do so in a controlled
More informationDatabase Management Systems Triggers
Database Management Systems Triggers 1 Triggers Active Database Systems Oracle Triggers DB2 Triggers Differences between Oracle and DB2 Trigger Design 2 Database Management Systems Active Database Systems
More informationEssay Question: Explain 4 different means by which constrains are represented in the Conceptual Data Model (CDM).
Question 1 Essay Question: Explain 4 different means by which constrains are represented in the Conceptual Data Model (CDM). By specifying participation conditions By specifying the degree of relationship
More informationCompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals
CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals This course contains copyrighted material used by permission of Logical Operations, Inc. Slide 1 Course 01: Security Fundamentals The Information
More informationThe Relational Model 2. Week 3
The Relational Model 2 Week 3 1 We have seen how to create a database schema, how do we create an actual database on our computers? professor(pid : string, name : string) course(pid : string, number :
More informationIntroduction to the Structured Query Language [ SQL ] (Significant Concepts)
Introduction to the Structured Query Language [ SQL ] (Significant Concepts) Learning Objectives This topic is intended to introduce the Structured Query Language (SQL). At the end of the topic it is desired
More informationLast time. User Authentication. Security Policies and Models. Beyond passwords Biometrics
Last time User Authentication Beyond passwords Biometrics Security Policies and Models Trusted Operating Systems and Software Military and Commercial Security Policies 9-1 This time Security Policies and
More informationSQL STRUCTURED QUERY LANGUAGE
STRUCTURED QUERY LANGUAGE SQL Structured Query Language 4.1 Introduction Originally, SQL was called SEQUEL (for Structured English QUery Language) and implemented at IBM Research as the interface for an
More informationTotal points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator
CMSC 414 F08 Exam 1 Page 1 of 10 Name: Total points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator 1. [14 points] a. Are n=221 and e=3 valid numbers for RSA. Explain.
More informationOverview of Information Security
Overview of Information Security Lecture By Dr Richard Boateng, UGBS, Ghana Email: richard@pearlrichards.org Original Slides by Elisa Bertino CERIAS and CS &ECE Departments, Pag. 1 and UGBS Outline Information
More informationDatabase Systems ( 資料庫系統 )
Database Systems ( 資料庫系統 ) 9.28.2011 Lecture #3 1 Course Administration Please download HW #1 from course homepage It is due 10/12/2011. This lecture: R&G Chapter 3 Next week reading: R&G Chapter 41~ 4.1
More informationCSE 544 Principles of Database Management Systems
CSE 544 Principles of Database Management Systems Lecture 1 - Introduction and the Relational Model 1 Outline Introduction Class overview Why database management systems (DBMS)? The relational model 2
More informationSlides by: Ms. Shree Jaswal
Slides by: Ms. Shree Jaswal Overview of SQL, Data Definition Commands, Set operations, aggregate function, null values, Data Manipulation commands, Data Control commands, Views in SQL, Complex Retrieval
More informationIntroduction to Cryptography. Vasil Slavov William Jewell College
Introduction to Cryptography Vasil Slavov William Jewell College Crypto definitions Cryptography studies how to keep messages secure Cryptanalysis studies how to break ciphertext Cryptology branch of mathematics,
More informationAnswers to the review questions can be found in the listed sections. What are the components of a workload description? (Section 20.1.
685 20.13 REVIEW QUESTIONS Answers to the review questions can be found in the listed sections. What are the components of a workload description? (Section 20.1.1) What decisions need to be made during
More informationRelational Model. Topics. Relational Model. Why Study the Relational Model? Linda Wu (CMPT )
Topics Relational Model Linda Wu Relational model SQL language Integrity constraints ER to relational Views (CMPT 354 2004-2) Chapter 3 CMPT 354 2004-2 2 Why Study the Relational Model? Most widely used
More informationThe Relational Model. Roadmap. Relational Database: Definitions. Why Study the Relational Model? Relational database: a set of relations
The Relational Model CMU SCS 15-415/615 C. Faloutsos A. Pavlo Lecture #3 R & G, Chap. 3 Roadmap Introduction Integrity constraints (IC) Enforcing IC Querying Relational Data ER to tables Intro to Views
More informationRelational Model: History
Relational Model: History Objectives of Relational Model: 1. Promote high degree of data independence 2. Eliminate redundancy, consistency, etc. problems 3. Enable proliferation of non-procedural DML s
More informationCOSC 304 Introduction to Database Systems SQL DDL. Dr. Ramon Lawrence University of British Columbia Okanagan
COSC 304 Introduction to Database Systems SQL DDL Dr. Ramon Lawrence University of British Columbia Okanagan ramon.lawrence@ubc.ca SQL Overview Structured Query Language or SQL is the standard query language
More information