Topic 5

Databases, Control
& Security
ITS570
Object-Oriented Design &
Implementation

Chapter 12 – Databases, Control and Security

 DB & DBMS

Designing RDBMS

Designing Integrity Control

Content
Designing Security Control

DA Classes

Distributed DB Architecture
 Transform
Domain Model Class Diagram
into
Detailed Database Model
and implement
the model
using
Database Management System

3
DATABASES &
DATABASE
MANAGEMENT
SYSTEM
 Database
Database (DB) management
system (DBMS)

an integrated collection a system software

of stored data that is component that
centrally managed and manages and controls
controlled one or more databases
 contains descriptive
stores the raw bits information about the data
and bytes of data stored in the physical data
store
 Database Schema

Organization of individual stored

data items into higher level groups, Associations among tables or classes
such as tables

Access and content controls,

Details of physical data store
including allowable values for specific
organization, including types,
data items, value dependencies among
lengths, locations, and indexing of
multiple data items, and lists of users
data items
allowed to read or update data items
 1 2 3 4 key
components

contains descriptive
stores the raw bits information about the data
and bytes of data stored in the physical data
store
 Relational Database
Management System (RDBMS)
is a DBMS that
organizes stored data
into structures called
tables or relations
DESIGNING RDBMS

12
 Steps

1 2 3 4 5 6 7 8 9

Create a table Choose a Add foreign Create new Represent Define Evaluate Choose Incorporate
for each class primary key for keys to tables to classification referential schema quality appropriate integrity and
each table represent one- represent hierarchies integrity and make data types security
(invent one, if to-many many-to-many constraints necessary controls
necessary) associations associations improvements
1 Create A Table For Each Class

There are 17 classes.

However, treat each group

of specialized classes as a
single class.

Thus, we have 12 classes or

12 tables
1 Create A Table For Each Class (cont.)
2 Choose A Primary Key For Each Table
 3 Add Foreign Keys To Represent One-to-many
Associations

Add the primary key attribute(s)

of the “one” class to the table that
represents the “many” class

CartItem
InventoryItem
OnLineCart
ProductComment
Sale
SaleItem
SaleTransaction
3 Add Foreign Keys To Represent One-to-many
Associations (cont.)

CartItem
InventoryItem
OnLineCart
ProductComment
Sale
SaleItem
SaleTransaction
 4 Create New Tables To Represent Many-to-many
Associations

If no association class exists,

create a new table to represent
association. -
AccessoryPackageContents

Add the primary key attribute(s)

of the associated class to the table
that represents the association

PromoOffering
AccessoryPackageContents
4 Create New Tables To Represent Many-to-many
Associations (cont.)

PromoOffering
AccessoryPackageContents
 4 Create New Tables To Represent Many-to-many
Associations (cont.)

ProductComment, SaleItem
and CartItem is similar to
PromoOffering.
4 Create New Tables To Represent Many-to-many
Associations (cont.)

Combination of foreign key

values in SaleItem and
CartItem is always unique,
therefore the invented key
(SaleItemId and CartItemId
can be discarded)

However, ProductCommentId
cannot be discarded.
Combination of foreign keys
are not unique as there is a
possibility of a single customer
making multiple comments
regarding the same product.
5 Represent Classification Hierarchies

Two ways of representing inheritance:

1. Combine all tables into a single table containing the superset of all
classes
2. Use separate tables to represent the child classes ad using the primary
key of the parent class table as the primary key of the child class table.
5 Represent Classification Hierarchies (cont.)
Method 1: Combine all tables into a single table containing the
superset of all classes
5 Represent Classification Hierarchies (cont.)
Method 1: Combine all tables into a single table containing the
superset of all classes
5 Represent Classification Hierarchies (cont.)
Method 2: Use separate tables to represent the child classes
and using the primary key of the parent class table as the
primary key of the child class table
5 Represent Classification Hierarchies (cont.)
Method 2: Use separate tables to represent the child classes
and using the primary key of the parent class table as the
primary key of the child class table
5 Represent Classification Hierarchies (cont.)

Method 2:
6 Define Referential Integrity Constraints

Referential integrity is a consistent state among

foreign key and primary key values

Referential integrity constraint is a constraint,

stored in the schema, that the DBMS uses to
automatically enforce referential integrity
 7 Evaluate Schema Quality

A high-quality relational database schema has these features:

• Flexibility or ease of implementing future data model changes
o Minimal disruption to existing data content and structure due to changes to database
schema
o Eg. Adding new class, new one-to-many association
• Lack of redundant data
o Excessive redundancy reduces schema flexibility and reduces system performance

Normalization – technique for evaluating schema quality

7 Evaluate Schema Quality – (cont.)

Normalization is a formal technique for

evaluating and improving the quality of a
relational database schema

Key Concepts:
1NF, Functional Dependency, 2NF, 3NF
7 Evaluate Schema Quality – (cont.)

First normal form (1NF) is a restriction that

all rows of a table must contain the same
number of columns
7 Evaluate Schema Quality – (cont.)

Functional dependency is a one-to-one association

between the values of two attributes

Attribute A is functionally dependent on Attribute

B if the value of Attribute A depends on Attribute B

Description is functionally dependent on

ProductItemID if the value of Description depends
on ProductItemID
7 Evaluate Schema Quality – (cont.)

Second normal form (2NF) is a restriction that a table is in

1NF and that each non-key attribute is functionally dependent
on the entire primary key

Is ProductItem table in 2NF?

Yes, because the primary key is a single column

& the values of gender, description, supplier, manufacturer
and picture depend on ProductItemID
7 Evaluate Schema Quality – (cont.)

Second normal form (2NF) (cont.)

Is PromoOffering table in 2NF?

Check
7 Evaluate Schema Quality – (cont.)r

Second normal form (2NF) (cont.)

Does the value of PromoPrice depend on

PromotionID ?

Does the value of PromoPrice depend on

ProductItemID ?

PromoPrice is functionally dependent on both PromotionID

and ProductItemID
7 Evaluate Schema Quality – (cont.)

Second normal form (2NF) (cont.)

Does the value of RegularPrice depend on

PromotionID ?

Does the value of RegularPrice depend on

ProductItemID ?

RegularPrice is not functionally dependent on both

PromotionID and ProductItemID
7 Evaluate Schema Quality – (cont.)

Second normal form (2NF) (cont.)

Therefore, RegularPrice must be removed from

PromoOffering table and added to ProductItem table.

Now PromoOffering table is in 2NF

7 Evaluate Schema Quality – (cont.)

Third normal form (3NF) is a restriction that a table is

in 2NF and that no non-key attribute is functionally
dependent on any other non-key attribute

Common example of 3NF violation are attributes that can

be computed by formula or algorithm that uses other
stored value as inputs such as subtotals, totals and taxes
7 Evaluate Schema Quality – (cont.)

Third normal form (3NF) (cont.)

TotalAmount attribute in Sale table cab computed as:
TotalAmount = (Σ Quantity x SoldPrice) + Shipping + Tax
Thus TotalAmount is dependent of Quantity, SoldPrice, Shipping & Tax. (all
are non-key attributes)

Violation of
3NF

Solution Remove computed attribute from table and database.

 8 Choose appropriate data types

• defines the storage format and allowable content of a program variable, class
Data type
attribute, or relational database attribute or column

• are supported directly by computer hardware and programming languages

Primitive data type
(integers, single characters, real-numbers)

• are combinations of or extensions to primitive data types that are supported

by programming languages, operating systems, and DBMS (arrays and
Complex data types
tables, strings, dates, times, currency, audio, stream, still images, motion
video streams, and uniform resource locators.
8 Choose appropriate data types (cont.)

Microsoft SQL Server RDBMS

9 Incorporate Integrity And Security Controls

Controls are mechanisms and procedures that are built into a

system to safeguard the system and the information within it

Security
Integrity control
controls

a control that rejects invalid data

a control that protects the assets
inputs, prevents unauthorized
of an organization from all
data outputs, and protects data
threats with a primary focus on
and programs against accidental
external threats
or malicious tampering
 Objectives

Integrity Control Security Control

Ensure that only appropriate and Maintain a stable, functioning

correct business transactions occur operating environment for users and
application systems (usually 24 hours
a day, 7 days a week)

Ensure that the transactions are

recorded and processed correctly

Protect information and transactions

Protect and safeguard the assets of the during transmission across the Internet
organization (hardware, software, and other insecure environments
information)
9 Incorporate Integrity And Security Controls (cont.)
DESIGNING
INTEGRITY
CONTROLS

46
 • Input Control
Types of •
•
Access Control
Transactional Logging

Integrity •
•
Complex Update Control
Redundancy, Backup & Recovery

Controls •
•
Output Controls
Integrity Controls to Prevent Fraud
 • Prevents invalid or erroneous data from

Input entering the system

• Can be applied to data entered by people or
data transmitted from other systems
Control • Can be implemented within application
programs, database schema or both
 • Commonly used input control:
o Value limit control
• Checks numeric data input to ensure that the

Input value is reasonable

o Completeness control
• Ensures that all required data values

Control describing an object or transaction are

present
o Data validation control

(cont.)
• Ensures that numeric fields that contain
codes or identifiers are correct
o Field combination control
• Reviews combinations of data inputs to
ensure that the correct data are entered
 • Control that ensures that output arrives at the proper
destination and is accurate, current, and complete
• Common types of output control:
o Physical access controls to printers
o Discarded output control

Output o Access control to programs that display or print

o Formatting and labeling of printed outputs
• Control data – date , time, page # of #,

Control control total, end of report trailer

o Labeling of electronic outputs
• Internal labels or tags to identify source,
content and relevant dates
• Control totals or checksums – to check for
losses or alteration
 • Designed to protect data from hardware
failure and catastrophes
• Redundancy – continuous access to data
through redundant databases, servers, and
Redundancy, •
sites
Backup – procedures make partial or full

Backup & copies of a database to removable storage

media, such as magnetic tape, or to data
storage devices or servers at another site
Control • Recovery – procedures read the off-site
copies and replicate their contents to a
database server that can then provide
access to programs and users.
 Prevent Fraud
Fraud triangle -- model of fraud that states that opportunity,
motivation, and rationalization must all exist for a fraud to occur

ability of a person to desire or need

take actions that for the results of
perpetrate a fraud. the fraud
Eg. unrestricted access Eg. Money,
power, status

an excuse for committing the fraud or an intention to “undo” the fraud

in the future
Eg. Falsify financial reports to stave off bankruptcy
System designers have
little or no impact on
motive and
rationalization, but can
minimize or eliminate
opportunity by
designing and
implementing effective
controls
 • Access control -- a control that restricts
which persons or programs can add,
modify, or view information resources
• Transaction logging -- a technique by
which any update to the database is
logged with such audit information as
Other user ID, date, time, input data, and type
of update

Controls • Complex update control -- a control that

prevents errors that can occur when
multiple programs try to update the same
data at the same time or when recording a
single transaction requires multiple
related database updates
DESIGNING
SECURITY
CONTROLS
 Security Control

• Access Control
• Data Encryption
• Digital Signatures and Certificates
• Secure Transactions
 Access Control

Limits the ability of specific users OS, networking software and Access control systems rely on
to access specific resources such as DBMS all provide access control several principles which are
servers, files, Web pages, systems and can be configured to authentication, access control list,
application programs, and database share a common access control authorization
tables. system
 Access Control Principles

1 2 3
Authentication – the process Access control list – a list Authorization – the process
of identifying users who attached or link to a specific of allowing or restricting a
request access to sensitive resource that describes users specific authenticated user’s
resources or user groups and the nature access to a specific resource
• Multifactor authentication – using of permitted access based on an access control list
multiple authentication methods for
increased reliability
Unauthorized user – a person
who isn’t allowed access to
any part or functions of the
system

Registered user – a person

who is authorized to access

Privileged user – a person

who has access to the source
code, executable program,
and database structure of the
system
 Common types of data requiring additional
protection
o Financial information
o Credit card numbers, bank account

Data numbers, payroll information, healthcare

information, and other personal data
o Strategies and plans for products and other
Encryption mission-critical data
o Government and sensitive military
information
o Data stored on such portable devices as
laptop computers and cell phones
Data Encryption
• Encryption -- the process of altering data so
unauthorized users can’t view them
• Decryption -- the process of converting encrypted data
back to their original state
• Encryption algorithm -- a complex mathematical
transformation that encrypts or decrypts binary data
• Encryption key -- a binary input to the encryption
algorithm—typically a long string of bits
• Symmetric key encryption -- encryption method that
uses the same key to encrypt and decrypt the data
Symmetric key encryption -- encryption method
that uses the same key to encrypt and decrypt the
data
Asymmetric key encryption -- encryption method that uses different
keys to encrypt and decrypt the data

•Public key encryption

-- a form of asymmetric
key encryption that uses
a public key for
encryption and a private
key for decryption
 • Is a technique in which a document
is encrypted by using a private key
to verify who wrote the document
Digital • Recipients of the document use the
public key to decode the document

Signatures • The encoding of message using

private key is called digital signing.
• To ensure that the public key is
valid, use digital certificate
Digital Certificate
• An institution’s name and public key
(plus other information, such as
address, Web site URL, and validity
date of the certificate) encrypted and
certified by a third party
• Certifying authority -- a widely
accepted issuer of digital certificates
Using a Digital Certificate
 Secure Transactions
• Secure Sockets Layer (SSL) -- a standard set of methods and protocols that
address authentication, authorization, privacy, and integrity
• Transport Layer Security (TLS) -- an Internet standard equivalent to SSL
• IP Security (IPSec) -- an Internet standard for secure transmission of low-level
network packets
• Secure Hypertext Transport Protocol (HTTPS) -- an Internet standard for
securely transmitting Web pages
DATA ACCESS
CLASSES
 DISTRIBUTED
DATABASE
ARCHITECTURE
 Architectural Approaches
• Single database server architecture
• Replicated database server architecture
• Partitioned database server
• Cloud-based database server architecture
 Single Database
Server Architecture
One or more databases are
hosted by a single DBMS Advantage: Disadvantage:
running on a single server

Vulnerability to server
failure, possible
Simple
overload of network or
server

Not suitable for

applications that must
be available 24/7
 Replicated Database
Server Architecture
Complete database copies are
hosted by cooperating DBMSs Advantage: Disadvantage:
running on multiple servers

Possibility of user accessing an

More fault tolerant
outdated database

Database needs to be synchronized

often
• Frequent database synchronization can
consume a large amount of database server
and network capacity
• Can be minimized by partitioning database
content among multiple database servers
Partitioned Database
Server Architecture
Multiple distributed
database servers are used
Advantage:
and the database schema
is partitioned

Reduces the need for

database synchronization

However, seldom possible

to partition a database
schema into mutually
exclusive subsets
Partitioned Database Server Architecture (cont.)
 Cloud-Based Database
Server Architecture
• Use of a cloud computing service provider
to provide some or all database services
• Advantage:
o Providers have the expertise in
managing complex database
architectures.
o Cheaper
• Disadvantage:
o Proprietary database interaction
methods vary among vendors
o Need to maintain high-capacity
Internet connections
 Summary
DB & DBMS

Designing RDBMS

Designing Integrity
Control
Database, Control &
Security
Designing Security
Control

Data Access Classes

Distributed DB
Architecture
End of Topic 5