Data base Management

System
[CoEg3193]

Chapter Seven:
Integrity and Security
 Outline
Constraints and Triggers
Security and Authorization
Encryption and Authentication

2
 Integrity and Security
The two fundamental concepts that need to be
considered while designing database systems
are:
Maintaining the consistency of the database to all
the changes, and
Protecting the database from unauthorized users.
The concepts lead us to the study of Integrity
and Security.

3
Constraints and Triggers
 Constraints
Integrity constraints ensure that the changes made
to the database by authorized users do not result in a
loss of data consistency. It is a predicate to the
database that needs to be asserted at all time.
Types of Constraints
Key Constraints (Entity Integrity)
Foreign Key Constraints (Referential Integrity)
Domain Constraints (Domain Integrity)
General Constraints (User Defined Integrity)
Key Constraints and Foreign Key Constraints are
discussed in chapter 5. 5
 Domain Constraints
A domain constraint is a predicate on an
attribute A of each tuple of a relation to be
atomic value from a domain set domain(A).
Example: Salary of an employee is a two
decimal point numeric field in a range 150 to
6000

6
 Contd
Domain constraint is created using the
CREATE command as follows.
CREATE DOMAIN <domain_name> <data_type>
CONSTRAINT <constraint_name> CHECK
<constraint>
The CHECK statement can also be directly
applied to a column without defining a
domain.

7
 Contd
Example:
CREATE DOMAIN BasicSalary NUMERIC(9, 2)
CONSTRAINT SalaryRange CHECK
(VALUE>=150.00 AND VALUE<=6000.00)
Then after the BasicSalary can be used for
column definition data type.
Or the CHECK constraint can be used in a
column definition as follows:
Salary NUMERIC(9, 2) CHECK (Salary>=150.00
AND Salary<=6000.00) 8
 Contd
The CHECK constraint can also be used in a
table definition as a tuple based constraint as
CHECK (<logical_expression>)
Example:
CREATE TABLE Employees (
:
CONSTRAINT EmpDate_Constraint CHECK (EmpDate
<= GETDATE())
)

9
 General Constraints
A general constraint or a user defined
constraint is an assertion defined by the user
requirement.
Domain and Referential integrity constraints
are special types of general constraint set by
the requirement.

10
 Contd
The syntax for general assertion is:
CREATE ASSERTION <assertion_name>
CHECK <predicate>
The <predicate> is a valid conditional
expression similar to the <condition> in the
WHERE clause of the SELECT-FROM-
WHERE statement.

11
 Contd
Example: Constraint on the number of
employees in a team:
CREATE ASSERTION NumberOfTeamMembers
CHECK
(8 >= ALL (SELECT EmpId FROM EmpTeams
GROUP BY TeamId)
When an assertion is created the system tests
it for validity of the predicate and if the
assertion is valid then can only any future
modification to the database is allowed.
12
 Triggers
Triggers are statements that the database
management system executes automatically in
response to a modification to the database.
Triggers need to specify:
The event that will cause or initiate the trigger
execution,
Condition to be specified for the trigger execution
to proceed, and
The action to be taken in response.
13
 Contd
The trigger action may be used to inform
respective administrators to take actions
through email, or it may execute some
operation in response.
The trigger events are:
INSERT, DELETE, UPDATE and SELECT.
The actions for the triggers may be taken:
After successful completion of the operation (event):
AFTER
Before the execution of the operation (event): BEFORE
14
(INSTEAD OF)
 Contd
The syntax for the trigger statement is:
CREATE TRIGGER <trigger_name>
ON {<table>|<view>}
{FOR | AFTER | INSTEAD OF} {[INSERT] |
[UPDATE] | [DELETE] | [SELECT]}
AS
<SQL_Statement>

15
Security and Authorization
 Security
Database security refers to protection of the
database from malicious access such as:
Unauthorized reading of data,
Unauthorized modification of data, and
Unauthorized destruction of data.

17
 Contd
Some of the threats to the database because
of malicious access are:
Loss of integrity,
Loss of availability,
Loss of confidentiality
Security measure levels
Database System,
Operating System,
Network,
Physical,
Human 18
 Database System Security
Database system security can be implemented
with the use of:
Account and Role Creation,
Privilege granting,
Privilege revocation, and
Security level assignment.

19
 Authorization
Authorization levels in a database system can
be set at broad categories as:
Data Level Authorization
Read
Insert
Update
Delete
Schema Level Authorization
Index
Resource
Alter
Drop 20
 Privilege Granting
The syntax for privilege granting is as
follows:
GRANT <privilege_list> {SELECT | INSERT |
UPDATE | DELETE | ALL} ON
{<table>|<view>}
TO <account_list> [WITH GRANT OPTION]
<privilege_list> is possible data level
authorization for the table or view stated as:
{SELECT | INSERT | UPDATE | DELETE |
ALL}
21
 Contd
To grant access to a specific column in a table:
GRANT REFERENCES (<column>) ON
{<table>|<view>}
TO <account_list> [WITH GRANT OPTION]

22
 Privilege Revoking
The syntax for privilege revoking is as
follows:
REVOKE <privilege_list> ON {<table>|<view>}
FROM <account_list> [RESTRICT | CASCADE]
To revoke grant option from an account:
REVOKE GRANT OPTION FOR <privilege_list>
ON {<table>|<view>}
FROM <account_list>

23
 Privilege Denying
The syntax to deny a privilege from an
account list is:
DENY <privilege_list> ON {<table>|<view>}
TO <account_list> [CASCADE]

24
Encryption and Authentication
 Encryption
Encryption is a transformation of intelligent
(plain text) to unintelligent massage (cipher
text).

Decryption is the reveres process of

encryption in which the cipher text is
translated into a plain text.

26
 Contd
Cryptography is the art or science concerning the
principles, means, and methods for rendering plain
information unintelligible, and for restoring the
encrypted information to intelligible form.
Modern Cryptography systems can be broadly
classified into symmetric-key systems that use a
single key that both the sender and recipient have,
and Asymmetric-key systems also known as public-
key systems that use two keys, a public key known to
everyone and a private key that only the recipient of
messages uses.
27
 Contd
Symmetric Key Algorithms
DES (Data Encryption Standard)
IDEA (International Data Encryption Algorithm)
Asymmetric Key Algorithms
RSA (Rivest, Shamir and Adleman)
DSA (Digital Signature Algorithm )

28
 Authentication
Authentication is a process of verifying the
identity of a user who is claimed to be.
There are two ways of authenticating a user:
Use of Password
Challenge response.
With the use of a password a user is
requested for user name and password upon
login to a system.

29
 Contd
In a challenge response, the system sends a
challenge string to the user upon login
request; then the user encrypts the message
and sends the encrypted message to the
system. The system verifies the user by
comparing the originally send challenge
string and decrypted message received from
the user.

30
 Contd
For the encryption process a symmetric-key
or a public-key algorithm may be used. In the
symmetric-key algorithm the shared key is
saved in the system where as in a public-key
algorithm the public key is the only key know
by the system and the private key remains
secret with the user.

31
 THE END

Thank You!