Midterm

Question 1

Define Database Security:

Answer 1

Protecting the database from unauthorized access, modification, or destruction.

Question 2

what is a database designers responsibility with data security?

Answer 2

To protect the privacy of individuals about whom data is kept.

Question 3

What is privacy?

Answer 3

Privacy is the right of individuals to have some control over information about themselves.

Question 4

What is the CIA model of security and what is stands for?

Answer 4

Confidentiality, which requires that only select authorized users have access to information. Integrity, which requires that only select authorized users be allowed to modify data(maintaining consistency and trustworthiness). Availability, which requires that information be available to select authorized users when needed.

Question 5

Name 2 of the 6 important laws and standards requiring control on access, disclosure and modifications.

Answer 5

• The Federal Information Security Manage Act(FISMA)
• The European General Data Protection Regulation(DGPR)
• The US Health Insurance Portability and Accountability Act(HIPAA)
• The US Sarbanes-Oxley(SOX) Act
• The US Gramm-Leach-Bliley Act(GLBA)
• The Worldwide Payment Card Industry Data Security Standard(PCIDSS)

Question 6

What are the two types of security threats?

Answer 6

Accidental and deliberate.

Question 7

List some example accidental security threats.

Answer 7

An unauthorized user may unintentionally request and be granted an object for which they are not authorized.
etc.

Question 8

List some example deliberate security threats.

Answer 8

Writing application programs with code that preforms unauthorized operations.
etc.

Question 9

How should access control methods be defined?

Answer 9

To restrict access to company resources as well as employee and client data.

Question 10

What is authorization?

Answer 10

Authorization requires defining who has access to the system and the specific data they are allowed to access.

Question 11

What is user authorization?

Answer 11

A method by which users are assigned rights to use database objects.

Question 12

What is another phrase for data control language and/or what does it do?

Answer 12

Authorization language, they specify users rights by means of authorization rules. these dictate what information and operations they have access to.

Question 13

What does the development of an information system access control entail?

Answer 13

Authorization, identification, authentication and accountability

Question 14

What is a common way users are identified?

Answer 14

A user ID

Question 15

What is authentication and how is it often done?

Answer 15

The process of verifying the identity of a user through the use of a password or question verification.

Question 16

What is accountability?

Answer 16

The need to capture and maintain user log files that can be used to retrace a users operations.

Question 17

What is a security log?

Answer 17

A journal or record of all attempted security violations.

Question 18

What is an audit trail?

Answer 18

A record of all access to the database included users, operations, locations used and objects interacted with.

Question 19

What is often used to set up an audit trail?

Answer 19

Triggers

CREATE OR REPLACE TRIGGER EnrollAuditTrail
	BEFORE UPDATE OF grade ON Enroll
	FOR EACH ROW
	BEGIN
		INSERT INTO EnrollAudit
		VALUES(SYSDATE, USER, :OLD.stuId, :OLD.ClassNumber, : OLD,grade,  
\:NEW.grade);
END;

Question 20

What is a privilege?

Answer 20

An action that a user is permitted to preform on a database object such as create or read.

Question 21

What is the SQL statement to grant a privilege to a user?

Answer 21

GRANT {ALL PRIVILEGES | privilege list}
ON {object-name}
TO {PUBLIC | user-list | role-list} [WITH GRANT OPTION};

Question 22

How would someone grant multiple privileges to multiple users with the grant option?

Answer 22

GRANT SELECT, INSERT, UPDATE ON Student TO U101, U102 WITH GRANT OPTION;

Question 23

In a grant diagram or authorization graph, what does a node represent? Double arrowhead? Solid outline?

Answer 23

Each node represents a new combination of privilege and user. A solid outline means a user has received a grant option for that privilege. A double arrowhead means with grant, one means without.

Question 24

What is a role?

Answer 24

A role can be thought of as a set of operations that should be preformed by an individual or a group of individuals as part of a job.

Question 25

What is the SQL statement to create a role? How could a privilege be granted to a role?

Answer 25

CREATE ROLE AdvisoryRole;

GRANT SELECT ON Student TO AdvisorRole;

Question 26

What is the SQL statement to revoke a privilege?

Answer 26

REVOKE INSERT ON Student FROM U101;

Question 27

How can a privilege revoke cascade?

Answer 27

If a user has a privilege or grant option revoke on a privilege they granted, those subsequent privileges are also revoked.

Question 28

What is database recovery?

Answer 28

The process of restoring the database to a correct state in the event of a failure.

Question 29

What is concurrency control?

Answer 29

The ability to manage simultaneous processes involving a database concurrently.

Question 30

What is a transaction?

Answer 30

An indivisible(atomic) unit of work that contains one or more SQL statements. It is the entire series of steps necessary to accomplish work in order to bring the database to a new consistent state.

Question 31

What are the two ways a transaction can end/terminate?

Answer 31

The transaction can be committed if successful or aborted and then rolled back if unsuccessful. A committed transaction cannot be rolled back.

Question 32

How is committed transaction undone?

Answer 32

A compensating transaction(the opposite transaction) is committed.

Question 33

What is the process of a transaction?

Answer 33

It begins with a begin transaction statement until it reaches an end transaction statement. The dbms then confirms that no concurrency protocol or constraints are violated during the partially committed stage. Then the transaction is committed. An entry log is made of the transaction.

Question 34

What is the purpose of ACID properties?

Answer 34

They are used to ensure that the database maintains a correct state, despite transaction concurrency or system failure.

Question 35

What is Atomicity, in ACID?

Answer 35

The restriction that a transaction be a single unity of work that can be rolled back in the event of failure, using a log of all transactions.

Question 36

What is Consistency, in ACID?

Answer 36

The restriction that a transaction leave the database in a consistent state.

Question 37

What is Isolation, in ACID?

Answer 37

The restriction that a transaction be isolated from other transactions until the operations have been committed. This is governed by the concurrency control system.

Question 38

What is Durability, in ACID?

Answer 38

If a transaction satisfies concurrency protocol and constraints, its effect are recorded in the database even if the system crashes before all the writes are made to the database.(All committed transactions are recoverable)

Question 39

If transactions are committed serially, are they are committed sequentially?(T/F)

Answer 39

True, they begin, end and are committed one after another.

Question 40

What is the objective of a concurrency control system?

Answer 40

To allow as much simultaneous processing as possible to be done, while maintaining isolation of each transaction.

Question 41

What is multiprogramming, in concurrency?

Answer 41

When two or more transactions are processing at the same time. This is not necessary with reading from a database, but is used for two transactions writing to the same database.

Question 42

What are some problems cause by concurrency?

Answer 42

• The lost update
• Uncommitted update
• Inconsistent analysis
• Non-repeatable problem
• The phantom data problem

Question 43

What is a schedule?

Answer 43

A log of actions that a set of transactions preforms, that are time stamped. This allows for interleaving steps.

Question 44

What is the lost update problem?

Answer 44

When a WRITE to statement is applied to an object before it can be updated by a previous WRITE to statement and only one of the statements takes effect.

Question 45

What is the uncommitted update problem?

Answer 45

When a transaction preforms on operation based on a modification to an object that is rolled back only after it has been read by the transaction. This is also called a dirty read. The data is called dirty data before it is rolled back.

Question 46

What is the uncommitted update problem?

Answer 46

When a transaction preforms on operation based on a modification to an object that is rolled back only after it has been read by the transaction. This is also called a dirty read. The data is called dirty data before it is rolled back.

Question 47

What is the problem of inconsistent analysis?

Answer 47

When a transaction retains a read from an object during the process of execution that is inconsistent during the course of it’s execution.

Question 48

What is the phantom data problem?

Answer 48

when data is inserted into a database after an audit of that data, and the new data then conflicts with that audit.

Question 49

What is the non repeatable read problem?

Answer 49

When a transaction writes a new value to an object in between two read operations on that item creating two different reads.

Question 50

What is serial execution?

Answer 50

when transactions are preformed sequentially.

Question 51

Does the order matter in a serial execution of transactions?

Answer 51

No, the order does not matter because the final result will produce a consistent state of the database.

Question 52

What is throughput?

Answer 52

The amount of work(in units of transactions) preformed in a period of time while still maintaining database consistency.

Question 53

How do we determine if a schedule is serializable?

Answer 53

If transactions contain operations that conflict, they are not serializable.
Conflicting operations: belong to different transactions AND access the same data object AND at least one of them writes to the data object.

Question 54

What is conflict serializability?

Answer 54

Executing conflicting transactions in serial order so that concurrent execution of other transactions can occur.

Question 55

What is the purpose of a precedence graph?

Answer 55

To determine whether a schedule is serializable. I schedule is serializable if the graph has no cycles.

Question 56

What does it mean for a transaction to ‘lock’ a data object?

Answer 56

The transaction prevents another transaction from accessing or modifying the object. A locked object can be a single data item or an entire database. The size of the locked object determines the granularity of the lock.

Question 57

What are the types of locks?

Answer 57

A shared lock where a transaction can read the data object but not update it. Many transactions can read a data object with a shared lock.
An exclusive lock on a data object allows for a transaction to update an item but only that transaction can operate on the data object to prevent inconsistencies.

Question 58

What does a lock compatibility matrix do?

Answer 58

It shows which types of lock requests can be granted simultaneously on a data object.

Question 59

What is a deadlock?

Answer 59

When two transactions are waiting for locks held by the other to be released.

Question 60

How are deadlocks handled?

Answer 60

Deadlock prevention is when a a system preemptively anticipates when a deadlock will occur and prevents it.
Deadlock detection and recovery allows deadlocks and then actively breaks them after the fact.

Question 61

What is a wait-for graph/ resource request graph and how is it used to detect deadlocks?

Answer 61

A graph that shows which transactions are waiting for the data objects locked by other transactions using nodes to represent transactions and edges to represent a lock dependency. A cycle in this graph indicates a deadlock.

Question 62

How is a deadlock broken?

Answer 62

A victim transaction is selected and forcefully undone/rolled back so that the other transaction can occur. This transaction is not chosen again after the lock is broken so that it may complete(and not starve).

Question 63

What occurs during two-phase locking protocol?

Answer 63

A transaction goes through a growing phase where it locks all data objects that it needs to execute and a shrinking phase in which it releases its locks.

Question 64

What are the rules for the standard two-phase locking protocol?

Answer 64

A transaction must acquire a lock on a data object before operating on the time. Once a transaction releases a single lock, it cannot acquire new locks.

Question 65

What is cascading rollback?

Answer 65

When a transaction reads data that was updated by another transaction that is in the process of being rolled back, that transaction must also be rolled back, and so on.

Question 66

What is the distinguishing rule for the strict two-phase locking protocol?

Answer 66

A transaction must hold all exclusive locks until the transaction commits, to prevent cascading rollbacks.

Question 67

What is the distinguishing rule for the rigorous two-phase locking protocol?

Answer 67

A transaction must hold all locks until the transaction commits, to prevent cascading rollbacks.

Question 68

What is lock upgrading?

Answer 68

A transaction may request that a lock be upgraded from shared to exclusive during the growing phase or may request a lock to be downgraded from exclusive to shared during the shrinking phase.

Question 69

Does Oracle support row-level locking?

Answer 69

Yes, row-level locking is supported.

Question 70

How can a system keep track of locking?

Answer 70

Locking is tracked through a tree graph that locks all children of a locked node, in which the node represents the granularity of the lock.

Question 71

What is timestamping and does it permit deadlocking?

Answer 71

Timestamping is the assigning of a time value to transaction and data objects. This assigns a serial order to transactions. It does not allow for deadlocks.

Question 72

What are the two timestamps on data objects?

Answer 72

Read-Timestamp gives the timestamp of the last transaction to read the object. Write-Timestamp gives the timestamp of the last transaction to write/update the item.

Question 73

What are some problems that can arise with timestamping?

Answer 73

A late read or late write can occur when an item is read/updated after already being read/updated y a younger transaction.

Question 74

What is the basic unit of recovery for a database?

Answer 74

Transactions that are atomic and durable. (All transactions)

Question 75

What are backups and how are they stored?

Answer 75

Copies of the database as it appears at certain points in time are made in stable storage(non-volatile and safe). Typically these storage devices are RAIDs(disks)

Question 76

What is a recovery log?

Answer 76

A file that contains information about all updates to the database. Writes are done to the recovery log before committing so that the transaction can survive a system failure.

Question 77

What is the procedure in the event of a system failure?

Answer 77

All logged transactions are redone by the redo procedure. This protocol is called redo/no undo because no aborted transactions are attempted and no transaction has to be undone.

Question 78

What are checkpoints?

Answer 78

Predetermined intervals of time at which modified pages of data, log files are force written to stable-storage and the log file is updated.

Question 79

Does serial execution support checkpoints?

Answer 79

Any earlier transaction would have been committed at checkpoint and all active transactions are recorded at each checkpoint.

Question 80

What is a database buffer?

Answer 80

A temporary storage area in the main memory that allows storing data when moving from one place to another.

Question 81

How does shadow paging work?

Answer 81

A page table contains pointers to all current database pages. When a modification to a table if made a copy shadow table is left unchanged.

Question 82

What is write-ahead logging?

Answer 82

When a log record is written before the update to the database.

Question 83

What is an LSN?

Answer 83

A log sequence number is a number assigned to a log to record it chronologically.