How Computer Viruses Work

Similar documents
Several major software companies including IBM, Informix, Microsoft, Oracle, and Sybase have all released object-relational versions of their

CHAPTER 2 LITERATURE REVIEW

The functions performed by a typical DBMS are the following:

Advanced Database Applications. Object Oriented Database Management Chapter 13 10/29/2016. Object DBMSs

CERT-In. Indian Computer Emergency Response Team ANTI VIRUS POLICY & BEST PRACTICES

Database Fundamentals Chapter 1

Use of Inheritance Feature in Relational Database Development

Copyright 2007 Ramez Elmasri and Shamkant B. Navathe Slide 2-1

Database System Concepts and Architecture. Copyright 2007 Pearson Education, Inc. Publishing as Pearson Addison-Wesley

B.H.GARDI COLLEGE OF MASTER OF COMPUTER APPLICATION. Ch. 1 :- Introduction Database Management System - 1

Chapter 11 Database Concepts

Database System Concepts and Architecture

An Introduction to Virus Scanners

ORDBMS - Introduction

DATABASE SYSTEMS CHAPTER 2 DATA MODELS 1 DESIGN IMPLEMENTATION AND MANAGEMENT INTERNATIONAL EDITION ROB CORONEL CROCKETT

DATABASE TECHNOLOGY - 1DL124

No Time for Zero-Day Solutions John Muir, Managing Partner

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems


DQpowersuite. Superior Architecture. A Complete Data Integration Package

Introduction. Example Databases

Types Of Computer Virus Sources Of Virus Virus Warning Signs Virus Detection(Anti-Virus) Virus Prevention and Removal

Management Information Systems (MMBA 6110-SP) Research Paper: Internet Security. Michael S. Pallos April 3, 2002

Transparent Java access to mediated database objects

ODMG 2.0: A Standard for Object Storage

Course Content. Object-Oriented Databases. Objectives of Lecture 6. CMPUT 391: Object Oriented Databases. Dr. Osmar R. Zaïane. University of Alberta 4

Meaning & Concepts of Databases

Migrating to Object Data Management

SQL. History. From Wikipedia, the free encyclopedia.

IT1105 Information Systems and Technology. BIT 1 ST YEAR SEMESTER 1 University of Colombo School of Computing. Student Manual

The Why and How of the imodernize(d) Application Architecture

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Copyright 2006 Prentice-Hall. All rights reserved. 1

Comparing the performance of object and object relational database systems on objects of varying complexity

OBJECT-ORIENTED AND RELATIONAL APPROACHES IN DATABASE MANAGEMENT SYSTEMS (DBMSS): DESIGN, IMPLEMENTATION AND INDUSTRIAL MARKETS

John Edgar 2

CDs & DVDs: Different Types of Disk Explained

Windows Script Host Fundamentals

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Computer Technology Flash Card 2

Fundamentals of Information Systems, Seventh Edition

Database System Concepts and Architecture

A Review Paper on Network Security Attacks and Defences

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

CS Reading Packet: "Database Processing and Development"

IT & DATA SECURITY BREACH PREVENTION

How To Make 3-50 Times The Profits From Your Traffic

DBMS (FYCS) Unit - 1. A database management system stores data in such a way that it becomes easier to retrieve, manipulate, and produce information.

DISCUSSION 5min 2/24/2009. DTD to relational schema. Inlining. Basic inlining

2016 All Rights Reserved

Partner Presentation Faster and Smarter Data Warehouses with Oracle OLAP 11g

XP: Backup Your Important Files for Safety

9. Introduction to MS Access

Full file at

Essential Winlnet: Developing Applications Using The Windows Internet API With RAS, ISAPI, ASP, And COM Ebook

Technology in Action

Constructs in Oracle

Rekayasa Perangkat Lunak 2 (IN043): Pertemuan 8. Data Management Layer Design

Object-Relational and Nested-Relational Databases Dr. Akhtar Ali

Clean & Speed Up Windows with AWO

Fundamentals of Design, Implementation, and Management Tenth Edition

QuickSpecs. ISG Navigator for Universal Data Access M ODELS OVERVIEW. Retired. ISG Navigator for Universal Data Access

Ch. 21: Object Oriented Databases

Of Objects and Databases: A Decade of Turmoil Michael J. Carey, David J. DeWitt. Discussion by: Shervin Presentation by: Roland

White Paper. How the Meltdown and Spectre bugs work and what you can do to prevent a performance plummet. Contents

Caché and Data Management in the Financial Services Industry

RavenDB & document stores

BIS Database Management Systems.

MIS Database Systems.

how its done in about the five most common SQL implementations.

Relational Database Systems Part 01. Karine Reis Ferreira

Panda Security 2010 Page 1

Data, Information, and Databases

Volume 5 Issue 3 (2017) ISSN International Journal of Advance Research and Innovation IJARI

Crystal Reports. Overview. Contents. How to report off a Teradata Database

Database Server. 2. Allow client request to the database server (using SQL requests) over the network.

INFORMATION TECHNOLOGY NOTES

(Refer Slide Time: 1:43)

DOWNLOAD PDF LEARN TO USE MICROSOFT ACCESS

AC : EXPLORATION OF JAVA PERSISTENCE

THINGS TO REMEMBER INTRODUCTION TO COMPUTERS

3. Object-Oriented Databases

UNIT 1 INTRODUCTION TO OBJECT ORIENTED DATABASE MANAGEMENT SYSTEM

Managing the Data Effectively Using Object Relational Data Store

The Right Read Optimization is Actually Write Optimization. Leif Walsh

Lesson-1 Computer Security

Ebook : Overview of application development. All code from the application series books listed at:

Fundamentals of. Database Systems. Shamkant B. Navathe. College of Computing Georgia Institute of Technology PEARSON.

Chapter 12 Databases and Database Management Systems

ITCS Jing Yang 2010 Fall. Class 16: Object and Object- Relational Databases (ch.11) References

Promoting Component Architectures in a Dysfunctional Organization

ITU WSIS THEMATIC MEETING ON CYBERSECURITY, GENEVA, SWITZERLAND, 28 JUNE -1 JULY PAPER ON THE STATE OF CYBERSECURITY IN UGANDA.

MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations

shortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge

Overview. ❶ Short introduction to the company. ❶ Short history of database and DBMS. ❶ What is the next DBMS s generation? ❶ Introduction to Tamino

ITConnect KEEPING TRACK OF YOUR EXPENSES WITH YNAB

Chapter 8: User-Friendly Programming

CISC 3140 (CIS 20.2) Design & Implementation of Software Application II

Word: Print Address Labels Using Mail Merge

COMPUTER MCQs. 1. DOS floppy disk does not have 1) a boot record 2) a file allocation table 3) a root directory

Transcription:

١ How Computer Viruses Work by Marshall Brain abstract: Computer viruses are mysterious and grab our attention. On the one hand, viruses show us how vulnerable we are. A properly engineered virus can have an amazing effect on the worldwide Internet. On the other hand, they show how sophisticated and interconnected human beings have become. For example, the thing making big news right now is the Mydoom worm, which experts estimate infected approximately a quarter-million computers in a single day (Times Online). Back in March 1999, the Melissa virus was so powerful that it forced Microsoft and a number of other very large companies to completely turn off their e-mail systems until the virus could be contained. The ILOVEYOU virus in 2000 had a similarly devastating effect.that's pretty impressive when you consider that the Melissa and ILOVEYOU viruses are incredibly simple. In this article, we will discuss viruses -- both "traditional" viruses and the newer e-mail viruses -- so that you can learn how they work and also understand how to protect yourself. Viruses in general are on the wane, but occasionally a person finds a new way to create one, and that's when they make the news. Types of Infection When you listen to the news, you hear about many different forms of electronic infection. The most common are: Viruses - A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the

٢ virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc. E-mail viruses - An e-mail virus moves around in e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book. Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well. Trojan horses - A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically. What's a "Virus"? Computer viruses are called viruses because they share some of the traits of biological viruses. A computer virus passes from computer to computer like a biological virus passes from person to person. There are similarities at a deeper level, as well. A biological virus is not a living thing. A virus is a fragment of DNA inside a protective jacket. Unlike a cell, a virus has no way to do anything or to reproduce by itself -- it is not alive. Instead, a biological virus must inject its DNA into a cell. The viral DNA then uses the cell's existing machinery to reproduce itself. In some cases, the cell fills with new viral particles until it bursts, releasing the virus. In other cases, the new virus particles bud off the cell one at a time, and the cell remains alive.

٣ A computer virus shares some of these traits. A computer virus must piggyback on top of some other program or document in order to get executed. Once it is running, it is then able to infect other programs or documents. Obviously, the analogy between computer and biological viruses stretches things a bit, but there are enough similarities that the name sticks. What's a "Worm"? A worm is a computer program that has the ability to copy itself from machine to machine. Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand from a single copy incredibly quickly. For example, the Code Red worm replicated itself over 250,000 times in approximately nine hours on July 19, 2001. A worm usually exploits some sort of security hole in a piece of software or the operating system. For example, the Slammer worm (which caused mayhem in January 2003) exploited a hole in Microsoft's SQL server. This article offers a fascinating look inside Slammer's tiny (376 byte) program. Code Red Worms use up computer time and network bandwidth when they are replicating, and they often have some sort of evil intent. A worm called Code Red made huge headlines in 2001. Experts predicted that this worm could clog the Internet so effectively that things would completely grind to a halt. The Code Red worm slowed down Internet traffic when it began to replicate itself, but not nearly as badly as predicted. Each copy of the worm scanned the Internet for Windows NT or Windows 2000 servers that do not have the Microsoft security patch installed. Each time it found an unsecured server, the worm copied itself to that server. The new copy then scanned for other servers

٤ to infect. Depending on the number of unsecured servers, a worm could conceivably create hundreds of thousands of copies. The Code Red worm was designed to do three things: Replicate itself for the first 20 days of each month Replace Web pages on infected servers with a page that declares "Hacked by Chinese" Launch a concerted attack on the White House Web server in an attempt to overwhelm it The most common version of Code Red is a variation, typically referred to as a mutated strain, of the original Ida Code Red that replicated itself on July 19, 2001. According to the National Infrastructure Protection Center: The Ida Code Red Worm, which was first reported by eeye Digital Security, is taking advantage of known vulnerabilities in the Microsoft IIS Internet Server Application Program Interface (ISAPI) service. Un-patched systems are susceptible to a "buffer overflow" in the Idq.dll, which permits the attacker to run embedded code on the affected system. This memory resident worm, once active on a system, first attempts to spread itself by creating a sequence of random IP addresses to infect unprotected web servers. Each worm thread will then inspect the infected computer's time clock. The NIPC has determined that the trigger time for the DOS execution of the Ida Code Red Worm is at 0:00 hours, GMT on July 20, 2001. This is 8:00 PM, EST. Upon successful infection, the worm would wait for the appointed hour and connect to the http://computer.howstuffworks.com/framed.htm?parent=virus.htm&url=http://ww w.whitehouse.gov domain. This attack would consist of the infected systems simultaneously sending 100 connections to port 80 of www.whitehouse.gov (198.137.240.91).

٥ The U.S. government changed the IP address of www.whitehouse.gov to circumvent that particular threat from the worm and issued a general warning about the worm, advising users of Windows NT or Windows 2000 Web servers to make sure they have installed the security patch. More on Code Red For more information on the Code Red worm, check out these links: Windows NT version 4.0 security patch Windows 2000 Professional, Server and Advanced Server security patch Microsoft: Security Bulletin MS01-033 Early Cases: Executable Viruses Early viruses were pieces of code attached to a common program like a popular game or a popular word processor. A person might download an infected game from a bulletin board and run it. A virus like this is a small piece of code embedded in a larger, legitimate program. Any virus is designed to run first when the legitimate program gets executed. The virus loads itself into memory and looks around to see if it can find any other programs on the disk. If it can find one, it modifies it to add the virus's code to the unsuspecting program. Then the virus launches the "real program." The user really has no way to know that the virus ever ran. Unfortunately, the virus has now reproduced itself, so two programs are infected. The next time either of those programs gets executed, they infect other programs, and the cycle continues.

٦ If one of the infected programs is given to another person on a floppy disk, or if it is uploaded to a bulletin board, then other programs get infected. This is how the virus spreads. The spreading part is the infection phase of the virus. Viruses wouldn't be so violently despised if all they did was replicate themselves. Unfortunately, most viruses also have some sort of destructive attack phase where they do some damage. Some sort of trigger will activate the attack phase, and the virus will then "do something" -- anything from printing a silly message on the screen to erasing all of your data. The trigger might be a specific date, or the number of times the virus has been replicated, or something similar. Boot Sector Viruses As virus creators got more sophisticated, they learned new tricks. One important trick was the ability to load viruses into memory so they could keep running in the background as long as the computer remained on. This gave viruses a much more effective way to replicate themselves. Another trick was the ability to infect the boot sector on floppy disks and hard disks. The boot sector is a small program that is the first part of the operating system that the computer loads. The boot sector contains a tiny program that tells the computer how to load the rest of the operating system. By putting its code in the boot sector, a virus can guarantee it gets executed. It can load itself into memory immediately, and it is able to run whenever the computer is on. Boot sector viruses can infect the boot sector of any floppy disk inserted in the machine, and on college campuses where lots of people share machines they spread like wildfire. In general, both executable and boot sector viruses are not very threatening any more. The first reason for the decline has been the huge size of today's programs. Nearly every program you buy today comes on a compact disc. Compact discs cannot be modified, and that makes viral infection of a CD

٧ impossible. The programs are so big that the only easy way to move them around is to buy the CD. People certainly can't carry applications around on a floppy disk like they did in the 1980s, when floppies full of programs were traded like baseball cards. Boot sector viruses have also declined because operating systems now protect the boot sector. Both boot sector viruses and executable viruses are still possible, but they are a lot harder now and they don't spread nearly as quickly as they once could. Call it "shrinking habitat," if you want to use a biological analogy. The environment of floppy disks, small programs and weak operating systems made these viruses possible in the 1980s, but that environmental niche has been largely eliminated by huge executables, unchangeable CDs and better operating system safeguards. E-mail Viruses The latest thing in the world of computer viruses is the e-mail virus, and the Melissa virus in March 1999 was spectacular. Melissa spread in Microsoft Word documents sent via e-mail, and it worked like this: Someone created the virus as a Word document uploaded to an Internet newsgroup. Anyone who downloaded the document and opened it would trigger the virus. The virus would then send the document (and therefore itself) in an e- mail message to the first 50 people in the person's address book. The e-mail message contained a friendly note that included the person's name, so the recipient would open the document thinking it was harmless. The virus would then create 50 new messages from the recipient's machine. As a result, the Melissa virus was the fastest-spreading virus ever seen! As mentioned earlier, it forced a number of large companies to shut down their e-mail systems. The ILOVEYOU virus, which appeared on May 4, 2000, was even simpler. It contained a piece of code as an attachment. People who double clicked on

٨ the attachment allowed the code to execute. The code sent copies of itself to everyone in the victim's address book and then started corrupting files on the victim's machine. This is as simple as a virus can get. It is really more of a Trojan horse distributed by e-mail than it is a virus. The Melissa virus took advantage of the programming language built into Microsoft Word called VBA, or Visual Basic for Applications. It is a complete programming language and it can be programmed to do things like modify files and send e-mail messages. It also has a useful but dangerous auto-execute feature. A programmer can insert a program into a document that runs instantly whenever the document is opened. This is how the Melissa virus was programmed. Anyone who opened a document infected with Melissa would immediately activate the virus. It would send the 50 e-mails, and then infect a central file called NORMAL.DOT so that any file saved later would also contain the virus! It created a huge mess. Microsoft applications have a feature called Macro Virus Protection built into them to prevent this sort of thing. With Macro Virus Protection turned on (the default option is ON), the auto-execute feature is disabled. So when a document tries to auto-execute viral code, a dialog pops up warning the user. Unfortunately, many people don't know what macros or macro viruses are, and when they see the dialog they ignore it, so the virus runs anyway. Many other people turn off the protection mechanism.so the Melissa virus spread despite the safeguards in place to prevent it. In the case of the ILOVEYOU virus, the whole thing was human-powered. If a person double-clicked on the program that came as an attachment, then the program ran and did its thing. What fueled this virus was the human willingness to double-click on the executable. An Ounce of Prevention

٩ You can protect yourself against viruses with a few simple steps: If you are truly worried about traditional (as opposed to e-mail) viruses, you should be running a more secure operating system like UNIX. You never hear about viruses on these operating systems because the security features keep viruses (and unwanted human visitors) away from your hard disk. If you are using an unsecured operating system, then buying virus protection software is a nice safeguard. If you simply avoid programs from unknown sources (like the Internet), and instead stick with commercial software purchased on CDs, you eliminate almost all of the risk from traditional viruses. In addition, you should disable floppy disk booting -- most computers now allow you to do this, and that will eliminate the risk of a boot sector virus coming in from a floppy disk accidentally left in the drive. You should make sure that Macro Virus Protection is enabled in all Microsoft applications, and you should NEVER run macros in a document unless you know what they do. There is seldom a good reason to add macros to a document, so avoiding all macros is a great policy.

١٠ Open the Options dialog from the Tools menu in Microsoft Word and make sure that Macro Virus Protection is enabled, as shown. You should never double-click on an attachment that contains an executable that arrives as an e-mail attachment. Attachments that come in as Word files (.DOC), spreadsheets (.XLS), images (.GIF and.jpg), etc., are data files and they can do no damage (noting the macro virus problem in Word and Excel documents mentioned above). A file with an extension like EXE, COM or VBS is an executable, and an executable can do any sort of damage it wants. Once you run it, you have given it permission to do anything on your machine. The only defense is to never run executables that arrive via e-mail. History

١١ Traditional computer viruses were first widely seen in the late 1980s, and they came about because of several factors. The first factor was the spread of personal computers (PCs). Prior to the 1980s, home computers were nearly non-existent or they were toys. Real computers were rare, and they were locked away for use by "experts." During the 1980s, real computers started to spread to businesses and homes because of the popularity of the IBM PC (released in 1982) and the Apple Macintosh (released in 1984). By the late 1980s, PCs were widespread in businesses, homes and college campuses. The second factor was the use of computer bulletin boards. People could dial up a bulletin board with a modem and download programs of all types. Games were extremely popular, and so were simple word processors, spreadsheets, etc. Bulletin boards led to the precursor of the virus known as the Trojan horse. A Trojan horse is a program that sounds really cool when you read about it. So you download it. When you run the program, however, it does something uncool like erasing your disk. So you think you are getting a neat game but it wipes out your system. Trojan horses only hit a small number of people because they are discovered quickly. Either the bulletin board owner would erase the file from the system or people would send out messages to warn one another. The third factor that led to the creation of viruses was the floppy disk. In the 1980s, programs were small, and you could fit the operating system, a word processor (plus several other programs) and some documents onto a floppy disk or two. Many computers did not have hard disks, so you would turn on your machine and it would load the operating system and everything else off of the floppy disk. Viruses took advantage of these three facts to create the first self-replicating programs.

١٢ Object-Relational Database Systems - The Road Ahead by Ramakanth S. Devarakonda Several major software companies including IBM, Informix, Microsoft, Oracle, and Sybase have all released object-relational versions of their products. These companies are promoting a new, extended version of relational database technology called object-relational database management systems also known as ORDBMSs. This article compares and contrasts this new class of database with the relational databases, RDBMS from which they are evolving and also with efficient objectoriented databases, OODBMSs, also known as object databases, ODBMSs. Recently, many companies have begun using their database systems for non-traditional applications because of demands such as storing images and multimedia objects in the database. Consequently, the objects and related operations are becoming more complex. Some examples of complex data are images, geographical information systems, multimedia objects, and spatial, 3-D, and temporal data. But what are the requirements for database systems to support complex applications? Does a database supporting complex applications have to be objectoriented? A certain group thinks that future applications can only be implemented with pure object-oriented systems. Initially these systems looked promising. However, they have been unable to live up to the expectations. A new technology has evolved in which relational and object-oriented concepts have been combined or merged. These systems are called object-relational database systems. The main advantages of ORDBMSs are massive scalability and support for object-oriented

١٣ features. Relational DBMS (RDBMS) The relational model was formally introduced by Dr. E. F. Codd in 1970 [2] and has evolved since then, through a series of writings and later through implementations by IBM and others. The defining standard for relational databases is published by ANSI American National Standard Institute) as SQL (ANSI 1986) or SQL1, called SQL-86. A revised standard is called SQL2, also referred to as SQL-92. A relational database is composed of many relations in the form of twodimensional tables of rows and columns containing related tuples. Organizing data into tables, the form in which data is presented to the user and the programmer, is known as the logical view of the database. The stored data on a computer disk system is called the internal view. The rows (tuples) are called records and the columns (fields in the record) are called attributes. Each column has a data type (i.e., int, float, date). There are various restrictions on the data that can be stored in a relational database. These are called constraints. The constraints are domain constraints, key constraints, entity integrity constraints, and referential integrity constraints. These constraints ensure that there are no ambiguous tuples in the database. RDBMSs use Structured Query Language (SQL, currently SQL2) as the data definition language (DDL) and the data manipulation language (DML). SQL includes statements for data definition, modification, querying and constraint specification. The types of queries vary from simple singletable queries to complicated multi-table queries involving joins, nesting, set union/differences, and others. All processing is based on values in fields of records. Examples of RDBMSs include Oracle, developed by

١٤ Oracle Corporation, and Microsoft Access developed by Microsoft. The main disadvantages of Relational Databases include their inability to handle application areas like spatial databases (e.g. CAD), applications involving images, special types databases (e.g. complex numbers, arrays, etc.) and other applications that involve complex interrelationships of data. The SQL standard enables users to easily migrate their database applications between database systems. In addition, users can access data stored in two or more RDBMSs without changing the database sublanguage (SQL). The other merits include rapid data access and large storage capacity [3]. Object-Oriented DBMS (OODBMS) The desire to represent complex objects has led to the development of object-oriented (OO) systems. The concept of abstract data types (ADTs) in which the internal data structure is hidden and the external operations can be applied on the object that is specified led to the concept of encapsulation. The programming language SMALLTALK, developed by Xerox, was explicitly designed to be object-oriented. Other object-oriented programming languages include C++, Java, etc. The main features of OO programming languages are encapsulation, inheritance and polymorphism. Encapsulation can be thought of as a protective layer that prevents the code and the data from being accessed by other code defined outside the layer. The process in which one object inherits the properties of a previously defined object is called inheritance. Inheritance aids in the reuse of existing definitions for creating new objects. Polymorphism allows the same operator or symbol to have different implementations, depending on the type of objects to which the operator is applied. Object-oriented databases employ a data model that supports object-

١٥ oriented features discussed above and abstract data types. OO databases provide unique object identifiers (OIDs) so that the objects can be easily identified. This is similar to a primary key in the relational model. Objectoriented databases utilize the power of object-oriented programming languages to provide excellent database programming capability. The data in object-oriented database management systems (OODBMSs) is managed through two sets of relations, one describing the interrelations of data items and another describing the abstract relationships (inheritance). These systems employ both relation types to couple data items with procedural methods (encapsulation). As a result, a direct relationship is established between the application data model and the database data model. The strong connection between application and database results in less code, more natural data structures, and better maintainability and reusability of code. OO languages, such as C++ or Java, are able to reduce code size by not having to translate code into a database sublanguage such as SQL and ODBC or JDBC [5, 6]. Until recently, the lack of a defining standard was a drawback for OODBMSs. The Object Data Management Group (ODMG) has proposed a standard known as ODMG-93 or ODMG 1.0 standard, now revised into ODMG 2.0 [1]. The standard consists of the object model, the object defining language (ODL), the object query language (OQL), and the bindings to OO programming languages. The ODL and OQL are based on the ODMG data model. The data model consists of data types, type constructors, etc., and is similar to the SQL report that describes the standard model for relational databases. The ODL is designed so as to support semantic constructs of ODMG 2.0 object model. It is independent of any programming language. The ODL is used to create object specifications. The OQL is designed to work closely with the programming languages for which an ODMG binding is defined such as C++, Java and SMALLTALK. The syntax of the OQL queries is similar to the syntax of

١٦ SQL (a query language for relational databases) with some additional features such as object identity, complex objects, inheritance, polymorphism and relationships. An object-oriented language is the language for both the application and the database. OODBMSs have been integrated with C++, C, Java and LISP. The primary interface in an OODBMS for creating and modifying objects is directly via the object language (C++, Java, etc.) using the native language syntax. A key difference between relational databases and OO databases is the way in which relationships are handled. In OO databases, the relationships are represented explicitly with OIDs, which improves the data access performance. In relational databases, relationships among tuples are specified by attributes having the same domain. The main drawback of OODBMSs has been poor performance. Unlike RDBMSs, query optimization for OODBMs is highly complex. OODBMSs also suffer from problems of scalability, and are unable to support largescale systems. Some examples of OODBMSs are O2 (now called Ardent) developed by Ardent Software, and the ObjectStore system produced by Object Design Inc. [3, 6] Object-Relational DBMS (ORDBMS) The main objective of ORDBMS design was to achieve the benefits of both the relational and the object models such as scalability and support for rich data types. ORDBMSs employ a data model that attempts to incorporate OO features into RDBMSs. All database information is stored in tables, but some of the tabular entries may have richer data structure, termed abstract data types (ADTs). An ORDBMS supports an extended form of SQL called SQL3 that is still in the development stages. The extensions are needed because ORDBMSs have to support ADT's. The ORDBMS has the relational model in it because the data is stored in the

١٧ form of tables having rows and columns and SQL is used as the query language and the result of a query is also table or tuples (rows). But the relational model has to be drastically modified in order to support the classic features of objectoriented programming. Hence the characteristics of an ORDBMSs are: Base datatype extension, Support complex objects, Inheritance, and Rule Systems [9]. ORDBMSs allow users to define datatypes, functions and operators. As a result, the functionality of the ORDBMSs increases along with their performance. An example schema of a student relation which ORDBMS supports is : STUDENT(fname,lname,ID,sex,major,address,dname,location,picture) Notice the extra attributes "location" and "picture" which are not present in the traditional EMPLOYEE relation of RDBMS. The datatype of "location" is "geographic point" and that of "picture" is "image". The differences between the three approaches Table 1: A Comparison of Database Management Systems Criteria RDBMS ODBMS ORDBMS Defining standard SQL2 ODMG-2.0 SQL3 (in process) Support for Does not Supports Limited object-oriented support; It is extensively support;

١٨ features difficult to mostly to map new data program types object to the database Usage Easy to use OK for programmers; some SQL access for end users Easy to use except for some extensions Supports a Support for complex relationships Does not support abstract datatypes wide variety of datatypes and data with complex inter- Supports Abstract datatypes and complex relationships relationships Performance Very good performance Relatively less performance Expected to perform very well Product maturity Relatively old and so very mature This concept is few years old and so relatively mature Still in development stage so immature. The use of SQL Extensive supports SQL OQL is similar to SQL, but with additional SQL3 is being developed with OO

١٩ features like features Complex incorporated objects and in it objectoriented features. Advantages Its dependence on SQL, relatively simple query optimization hence good performance It can handle all types of complex applications, reusability of code, less coding Ability to query complex applications and ability to handle large and complex applications Low performance due to Inability to complex Low Disadvantages handle complex query optimization, performance in web applications inability to applications support largescale systems It is Presently All major Support from considered lacking RDBMS vendors to be highly vendor vendors are successful support due after this so

٢٠ so the market size is very large but many vendors are moving towards ORDBMS to vast size of RDBMS market has very good future Source: International Data Corporation, 1997 [4] In a paper, "Object-Relational DBMS: The Next Wave," [8] Dr. Michael Stonebraker, Chief Technology Officer of Informix Software, has classified the DBMS applications into four types: simple data without query, simple data with query, complex data without query, and complex data with query. These four types describe file systems, Relational DBMSs, Object- Oriented DBMSs, and object-relational DBMS, respectively. Universal Server, developed by Informix, belongs to the fourth category. The other current ORDBMSs include Oracle8, from Oracle Corporation, and Universal DB (UDB) from IBM. Also, Stonebraker predicts that applications from Relational DBMSs (simple data with query) will slowly move towards the Object-Relational DBMSs (complex data with query). To explain this, he gives the example of an insurance company having a customer database and a claims database and following traditional data processing applications in Relational DBMSs. If to this application, the company wants to add the diagram of each accident site, a scanned image of the police report, the picture of dented car, the latitude and longitude of the accident site, and the latitude and longitude of each customer's house in order to estimate the validity of accident and to avoid fraudulent claim of money, then in this case the application should move from Relational DBMSs to

٢١ ORDBMSs. This is why he terms ORDBMSs as "the next wave" [8]. Table 2: Categories of DBMSs File Systems RDBMSs OODBMSs ORDBMSs Simple data without queries Simple data with queries Complex data without queries Complex data with queries The five architectural options given by Dr. Stonebraker, listed in ascending order of practicality, performance, and general desirability are: Supply plug-in code to make function calls to other applications. Add separate API's and server subsystems to support object functionality. Simulate specialized object-relational functionality in a middleware layer. Completely redesign the database engine. Add a new object-oriented layer to support rich datatypes atop a proven relational database engine [7]. The main advantage of ORDBMSs is their massive scalability. Oracle8, released by Oracle Corporation, is designed to manage large amounts of information. Oracle8 is expected to help NASDAQ manage its Very Large Data Bases, VLDBs, which contain hundreds of gigabytes of time series applications are required by traders and analysts to examine trends on stock data. In spite of many advantages, ORDBMSs also have a drawback. The architecture of objectrelational model is not appropriate for high-speed web applications. However, with advantages like large storage capacity, access speed, and manipulation power of object databases, ORDBMSs are set to conquer

٢٢ the database market. The support from major DBMS vendors and its features will make ORDBMSs the market leader. The International Data Corporation (IDC) also expresses the opinion that the ORDBMS market will surpass the size of the ODBMS market in next three years. References 1 Cattell, R.G. The Object Database Standard: ODMG-93 (Release 1.2). Morgan Kauffman Publishers. San Francisco, 1995. 2 Codd, E.F. A Relational Model of Data for Large Shared Data Banks. CACM 13(6): 377-387. 1970. 3 Elmasri, R. & Navathe, S.B. Fundamentals of Database Systems 3e. Addison Wesley, 2000. 4 McClure, S. IDC Bulletin #14821E. August, 1997. 5 Nahouraii, E. & Petry, F. Object-Oriented Databases. IEEE, 1991. 6 Rao, B.R. Object-Oriented Databases: Technology, Applications, and Products McGraw-Hill. New York, 1994. 7 Stonebraker, M. Architectural Options for Object-Relational DBMSs. Informix Software, CA. Feb, 1997. 8 Stonebraker, M. Object-Relational DBMS: The Next Wave. Informix Software 9 Stonebraker, M., Brown, P., and Moore, D. Object-Relational DBMSs:

٢٣ Tracking the Next Great Wave 2e. Morgan-Kauffman Publishers. San Francisco, 1999. Biography Ramakanth Subrahmanya Devarakonda (ramakanthds@usa.net) is a Master's student of Computer Science at the Old Dominion University, Norfolk, VA. He is a graduate in Computer Science and Engineering from Andhra University, A.P., India. Object-Relational Database Systems - The Road Ahead ACM Crossroads Discussion Board: Object-Relational Database Systems - The Road Ahead Copyright 2000-2002 by ACM, Inc.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback