Unit – I : Relational Data Model, Security and Integrity

What is data?
Data can be defined as a representation of facts, concepts or instructions in a
formalized manner which should be suitable for communication,
interpretation, or processing by human or electronic machine.

Data is represented with the help of characters like alphabets (A-Z,a-z),

digits (0-9) or special characters(+,-,/,*,<,>,= etc.).

What is Information?
Information is organised or classified data which has some meaningful
values for the receiver.

Information is the processed data on which decisions and actions are based.

For the decision to be meaningful, the processed data must qualify for the
following characteristics:

 Timely - Information should be available when required.

 Accuracy - Information should be accurate.

 Completeness - Information should be complete.

Data Processing Cycle
Data processing is the re-structuring or re-ordering of data by people or machine to increase

their usefulness and add values for particular purpose. Data processing consists of basic steps

input, processing and output. These three steps constitute the data processing cycle.

 Input - In this step the input data is prepared in some convenient form
for processing. The form will depend on the processing machine. For
example, when electronic computers are used, the input data could be
recorded on any one of several types of input medium, such as
magnetic disks, tapes and so on.

 Processing - In this step input data is changed to produce data in a

more useful form. For example, pay-checks may be calculated from
 the time cards, or a summary of sales for the month may be calculated
from the sales orders.

 Output - Here the result of the proceeding processing step are

collected. The particular form of the output data depends on the use of
the data. For example, output data may be pay-checks for employees.

Database
A database is a data structure that stores organized information. Most

databases contain multiple tables, which may each include several different

fields. For example, a company database may include tables for products,

employees, and financial records. Each of these tables would have different

fields that are relevant to the information stored in the table.

Nearly all e-commerce sites uses databases to store product inventory and

customer information. These sites use a database management system

(orDBMS), such as Microsoft Access, FileMaker Pro, or MySQL as the

"back end" to the website. By storing website data in a database, the data can

be easily searched, sorted, and updated. This flexibility is important for e-

commerce sites and other types of dynamic websites.

Early databases were relatively "flat," which means they were limited to

simple rows and columns, like a spreadsheet. (See also "flat file database").

However, today's relational databases allow users to access, update, and

search information based on the relationship of data stored in different tables.

Relational databases can also run queries that involve multiple databases.

While early databases could only store text or numeric data, modern

databases also let users store other data types such as sound clips, pictures,

and videos.

What is DBMS?

DBMS is the abbreviated form of Database Management System.

Database management system is a computer software component introduced

during 1960’s. It is used for controlling various databases in the desktop
computer or server. It was also termed as Navigational Database
Management System. During 1970’s RDBMS or Relational database
management system came into existence. We’ll see about RDBMS later in
this article.

Database management system is the means of controlling databases either in

the hard disk in a desktop system or on a network. Database management
system is used for creating database, maintained database and provides the
means of using the database. DBMS doesn’t consider relationship between
the tables. Instead it will take the approach of manual navigation. This has led
to severe performance problems when dealing with complex and high amount
of data.

DBMS has several components. Some of the major components are external
interface, database language engine, query optimizer, database
engine,storage engine, DBMS management component, etc..

What is RDBMS?

RDBMS is the abbreviated form

of Relational DataBase Management System.

Relational database management system was introduced in 1970’s. RDBMS

avoided the navigation model as in old DBMS and introduced Relational
model. The relational model has relationship between tables using primary
keys, foreign keys and indexes. Thus the fetching and storing of data become
faster than the old Navigational model. So RDBMS is widely used by
the enterprises and developers for storing complex and large amount of data.
 RDBMS table relationship diagram

Database Management System vs. Relational Database Management System:

The below table lists downs some of the major differences between DBMS
and RDBMS.

Sl.# DBMS RDBMS

1 Introduced in 1960s. Introduced in 1970s.

Sl.# DBMS RDBMS

During introduction it followed the This model uses relationship between

2 navigational modes (Navigational tables using primary keys, foreign
DBMS) for data storage and fetching. keys and indexes.

Data fetching is slower for complex Comparatively faster because of its

3
and large amount of data. relational model.

Used for applications using small Used for complex and large amount of
4
amount of data. data.

Data Redundancy is common in this Keys and indexes are used in the
5
model tables to avoid redundancy.

Example systems are SQL

Example systems are dBase, Microsoft
6 Server, Oracle , MySQL, MariaDB,
Acces, LibreOffice Base, FoxPro.
SQLite.

Relational data model

Relational data model is the primary data model, which is used widely
around the world for data storage and processing. This model is simple and it
has all the properties and capabilities required to process data with storage
efficiency.

Concepts
Tables − In relational data model, relations are saved in the format of
Tables. This format stores the relation among entities. A table has rows and
columns, where rows represents records and columns represent the
attributes.

Tuple − A single row of a table, which contains a single record for that
relation is called a tuple.

Relation instance − A finite set of tuples in the relational database system

represents relation instance. Relation instances do not have duplicate tuples.

Relation schema − A relation schema describes the relation name (table

name), attributes, and their names.

Relation key − Each row has one or more attributes, known as relation key,
which can identify the row in the relation (table) uniquely.

Attribute domain − Every attribute has some pre-defined value scope,

known as attribute domain.

Constraints
Every relation has some conditions that must hold for it to be a valid
relation. These conditions are called Relational Integrity Constraints.
There are three main integrity constraints −
  Key constraints
 Domain constraints
 Referential integrity constraints
Key Constraints
There must be at least one minimal subset of attributes in the relation, which
can identify a tuple uniquely. This minimal subset of attributes is
called key for that relation. If there are more than one such minimal subsets,
these are called candidate keys.

Key constraints force that −

 in a relation with a key attribute, no two tuples can have identical

values for key attributes.
 a key attribute can not have NULL values.

Key constraints are also referred to as Entity Constraints.

Domain Constraints
Attributes have specific values in real-world scenario. For example, age can
only be a positive integer. The same constraints have been tried to employ
on the attributes of a relation. Every attribute is bound to have a specific
range of values. For example, age cannot be less than zero and telephone
numbers cannot contain a digit outside 0-9.

Referential integrity Constraints

Referential integrity constraints work on the concept of Foreign Keys. A
foreign key is a key attribute of a relation that can be referred in other
relation.

Referential integrity constraint states that if a relation refers to a key attribute

of a different or same relation, then that key element must exist.
Definition - What does Database Security mean?
Database security refers to the collective measures used to protect and secure
a database or database management software from illegitimate use and
malicious threats and attacks.
It is a broad term that includes a multitude of processes, tools and
methodologies that ensure security within a database environment.

Database Security
Database security covers and enforces security on all aspects and components
of databases. This includes:

 Data stored in database

  Database server
 Database management system (DBMS)
 Other database workflow applications

Database security is generally planned, implemented and maintained by a

database administrator and or other information security professional.
Some of the ways database security is analyzed and implemented include:

 Restricting unauthorized access and use by implementing strong and

multifactor access and data management controls
 Load/stress testing and capacity testing of a database to ensure it does
not crash in a distributed denial of service (DDoS) attack or user
overload

 Physical security of the database server and backup equipment from

theft and natural disasters

 Reviewing existing system for any known or unknown vulnerabilities

and defining and implementing a road map/plan to mitigate them

Types of threats to database security

1. Privilege abuse: When database users are provided with privileges that
exceeds their day-to-day job requirement, these privileges may be abused
intentionally or unintentionally.

Take, for instance, a database administrator in a financial institution. What

will happen if he turns off audit trails or create bogus accounts? He will be
able to transfer money from one account to another thereby abusing the
excessive privilege intentionally.

Having seen how privilege can be abused intentionally, let us see how
privilege can be abused unintentionally. A company is providing a “work
from home” option to its employees and the employee takes a backup of
sensitive data to work on from his home. This not only violates the security
policies of the organization, but also may result in data security breach if the
system at home is compromised.

2. Operating System vulnerabilities: Vulnerabilities in underlying

operating systems like Windows, UNIX, Linux, etc., and the services that are
related to the databases could lead to unauthorized access. This may lead to a
Denial of Service (DoS) attack. This could be prevented by updating the
operating system related security patches as and when they become available.

3. Database rootkits: A database rootkit is a program or a procedure that is

hidden inside the database and that provides administrator-level privileges to
gain access to the data in the database. These rootkits may even turn off alerts
triggered by Intrusion Prevention Systems (IPS). It is possible to install a
rootkit only after compromising the underlying operating system. This can be
avoided by periodical audit trails, else the presence of the database rootkit
may go undetected.

4. Weak authentication: Weak authentication models allow attackers to

employ strategies such as social engineering and brute force to obtain
database login credentials and assume the identity of legitimate database
users.