Deck 7: Security, Administration and Transaction Management

Describe a general plan of action for initiating a security policy, elaborating on each stage that might be undertaken.

First of all, the need for one must be appreciated, and there must be commitment on the part of senior managers. Depending on course coverage, an IT security team may be formed to oversee the development of the policy. They may decide on an information classification exercise for the area under consideration, then carry out a risk analysis. Following on from this, the policy will be prepared, specific responsibilities identified, and then standards and procedures formulated for implementation. The whole process is iterative, the policy should be continually refined. Certain aspects of the plan should be elaborated, such as, how information might be classified, how risk analysis might be carried out, what the policy should cover.

Detail the types of problems associated with microcomputer security and the types of countermeasures that could be installed against loss.

The data a PC holds may be considerably more valuable than the machine itself. We are concerned here with both data security and physical security. Some obvious precautions that concern the data. For example, careful storage of the media, regular backups taken that are labeled and classified if appropriate. Working procedures should be appropriately defined. Obvious physical security such as fixing the machine to a surface, using locks and/or alarming it. Other measures include using security programs, careful disposal of old media and equipment, staff training.

Discuss the problems associated with microcomputer security, and contrast the measures required to provide a secure environment with those of a mainframe computing environment.

The problems concern data security and physical security. Problems and precautions in dealing with these are generally as for part two of the previous question. It is important that a contrast is made with a mainframe environment. For example, in dealing with microcomputers, you are dealing with individual machines and staff, possibly over a wide location. Much of the responsibility rests with members of staff, consequently, all staff training is important. In the mainframe environment it is possible to set up centralized controls (physical and logical). Consequently, it should be an easier environment to control, with the responsibility residing in the IT manager.

Discuss the types of threat that might occur within the general database environment, and indicate the measures that could be taken to safeguard against them.

Explain the integrity features that a database management system may provide making reference to the system used, and indicate the disadvantages that arise where they are not available.

The increasing accessibility of databases on the Internet and intranets requires a reanalysis and extension of the normal approaches to security. Discuss some of the issues associated with the database system security in these environments.

(a) Locking-based algorithms for concurrency control can be employed to synchronize the execution of transactions. Explain what is meant by a serializable schedule and show that the following locking-based schedule is not serializable:
S = [wl₁(y), wl₂(y), R₁(y), W₁(y), R₂(y), W₂(y), rl₁(y), rl₂(y), wl₂(z), R₂(z), W₂(z), rl₂(z), C₂,
wl₁(z), R₁(z), W₁(z), rl₁(z), C₁]
where R_i(x)/W_i(x) indicates a read/write by transaction i on data item x
rl_i(x)/wl_i(x) indicates a release/write lock by transaction i on item x
C_i indicates a commit operation by transaction i.
(b) Identify the problem with the above schedule, and produce a correct locking-based serializable schedule.

'One of the potential advantages of Distributed Database Management Systems is improved reliability and availability.'
(a) The consistency and reliability aspects of transactions are due to the 'ACIDity' properties of transactions. Discuss each of these properties and how they relate to the concurrency control and recovery mechanisms. Give examples to illustrate your answer.

(a) Produce a wait-for-graph for the transactions with locking information shown in Table 1. What can you conclude for this graph?

(b) Compare and contrast the approaches to deadlock management in database systems.

The locking information for several transactions is shown in Table 2. Produce a wait-for-graph (WFG) for the transactions and determine whether deadlock exists.

Locking-based algorithms for concurrency control can be employed to synchronize the execution of transactions. Explain the rules for two-phase locking in a centralized Database Management System and why each of these is necessary to avoid the database becoming inconsistent.

A taxonomy of concurrency control algorithms can classify algorithms as pessimistic or optimistic. Compare and contrast these algorithms.