Transcript 5-Semanticx - Extra Materials
Outline
• • • • • • • • • • • • • • Introduction Background Distributed Database Design Database Integration Semantic Data Control ➡ View Management ➡ Data Security ➡ Semantic Integrity Control Distributed Query Processing Multidatabase Query Processing Distributed Transaction Management Data Replication Parallel Database Systems Distributed Object DBMS Peer-to-Peer Data Management Web Data Management Current Issues Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/1
Semantic Data Control
• Involves: ➡ View management ➡ Security control ➡ Integrity control • Objective : ➡ Insure that authorized users perform correct operations on the database, contributing to the maintenance of the database integrity.
Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/2
View Management
View – virtual relation ➡ generated from base relation(s) by a query ➡ not stored as base relations Example :
CREATE VIEW
SYSAN(ENO,ENAME)
AS SELECT FROM WHERE
ENO,ENAME EMP TITLE= "Syst. Anal." EMP ENO ENAME TITLE E1 E2 E3 E4 E5 E6 E7 E8 SYSAN ENO E2 E5 E8 J. Doe Elect. Eng M. Smith Syst. Anal.
A. Lee Mech. Eng.
J. Miller Programmer B. Casey Syst. Anal.
L. Chu Elect. Eng.
R. Davis Mech. Eng.
J. Jones Syst. Anal.
ENAME M.Smith
B.Casey
J.Jones
Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/3
View Management
Views can be manipulated as base relations Example :
SELECT FROM WHERE
ENAME, PNO, RESP SYSAN, ASG SYSAN.ENO = ASG.ENO
Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/4
Query Modification
Queries expressed on views Queries expressed on base relations Example :
SELECT
ENAME, PNO, RESP
FROM WHERE
SYSAN, ASG SYSAN.ENO = ASG.ENO
SELECT
ENAME,PNO,RESP
FROM WHERE
EMP, ASG EMP.ENO = ASG.ENO
AND
TITLE = "Syst. Anal." Distributed DBMS © M. T. Özsu & P. Valduriez ENAME M.Smith
M.Smith
B.Casey
J.Jones
PNO RESP P1 P2 P3 P4 Analyst Analyst Manager Manager Ch.5/5
View Management
• To restrict access
CREATE VIEW AS SELECT FROM WHERE AND
• Query
SELECT FROM
* ESAME ESAME * EMP E1, EMP E2 E1.TITLE = E2.TITLE
E1.ENO =
USER
ENO E1 E2 ENAME J. Doe L. Chu TITLE Elect. Eng Elect. Eng Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/6
View Updates
• Updatable
CREATE VIEW AS SELECT FROM WHERE
• Non-updatable
CREATE VIEW AS SELECT FROM WHERE
SYSAN(ENO,ENAME) ENO,ENAME EMP TITLE="Syst. Anal." EG(ENAME,RESP) ENAME,RESP EMP, ASG EMP.ENO=ASG.ENO
Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/7
View Management in DDBMS
• • • • Views might be derived from fragments.
View definition storage should be treated as database storage Query modification results in a distributed query View evaluations might be costly if base relations are distributed ➡ Use materialized views Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/8
Materialized View
• • • Origin: snapshot in the 1980’s ➡ Static copy of the view, avoid view derivation for each query ➡ But periodic recomputing of the view may be expensive Actual version of a view ➡ Stored as a database relation, possibly with indices Used much in practice ➡ DDBMS: No need to access remote, base relations ➡ Data warehouse: to speed up OLAP ✦ Use aggregate (SUM, COUNT, etc.) and GROUP BY Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/9
Materialized View Maintenance
• • Process of updating (refreshing) the view to reflect changes to base data ➡ Resembles data replication but there are differences ✦ View expressions typically more complex ✦ Replication configurations more general View maintenance policy to specify: ➡ When to refresh ➡ How to refresh Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/10
When to Refresh a View
• • Immediate mode ➡ As part of the updating transaction, e.g. through 2PC ➡ View always consistent with base data and fast queries ➡ But increased transaction time to update base data Deferred mode (preferred in practice) ➡ Through separate refresh transactions ✦ ➡ Triggered at different times with different trade-offs ✦ No penalty on the updating transactions Lazily: just before evaluating a query on the view ✦ ✦ Periodically: every hour, every day, etc.
Forcedly: after a number of predefined updates Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/11
How to Refresh a View
• • Full computing from base data ➡ Efficient if there has been many changes Incremental computing by applying only the changes to the view ➡ Better if a small subset has been changed ➡ Uses differential relations which reflect updated data only Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/12
Differential Relations
Given relation R and update u
R
+ contains tuples inserted by u
R
Type of u contains tuples deleted by u insert delete modify
R R R -
+ + empty empty (R – R ) Refreshing a view V is then done by computing
V
+ (V – V
-
) computing V + and V may require accessing base data Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/13
Example
EG =
SELECT FROM WHERE
DISTINCT ENAME, RESP EMP, ASG EMP.ENO=ASG.ENO
EG + = (
SELECT FROM WHERE
(
SELECT
EMP.ENO=ASG + .ENO) UNION DISTINCT ENAME, RESP
FROM
EMP, ASG + EMP + , ASG
WHERE
DISTINCT ENAME, RESP EMP + .ENO=ASG.ENO) UNION (
SELECT
DISTINCT ENAME, RESP
FROM WHERE
EMP + , ASG + EMP + .ENO=ASG + .ENO) © M. T. Özsu & P. Valduriez Distributed DBMS Ch.5/14
Techniques for Incremental View Maintenance
• • Different techniques depending on: ➡ View expressiveness ✦ ✦ Non recursive views: SPJ wit duplicate elimination, union and aggregation Views with outerjoin ✦ Recursive views Most frequent case is non recursive views ➡ Problem: an individual tuple in the view may be derived from several base tuples ✦ Example: tuple M. Smith, Analyst in EG corresponding to ✓ ✓ E2, M. Smith, … in EMP E2,P1,Analyst,24 and E2,P2,Analyst,6 in ASG ➡ ✦ Makes deletion difficult Solution: Counting Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/15
Counting Algorithm
• • • Basic idea ➡ ➡ ➡ Maintain a count of the number of derivations for each tuple in the view Increment (resp. decrement) tuple counts based on insertions (resp. deletions) A tuple in the view whose count is zero can be deleted Algorithm 1.
Compute V + and V using V, base relations and diff. relations 2.
3.
Compute positive in V + and negative counts in V Compute V + (V – V ), deleting each tuple in V with count=0 Optimal: computes exactly the view tuples that are inserted or deleted Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/16
View Self-maintainability
• • A view is self-maintainable if the base relations need not be accessed ➡ Not the case for the Counting algorithm Self-maintainability depends on views’ expressiveness ➡ Most SPJ views are often self-maintainable wrt. deletion and modification, but not wrt. Insertion ➡ Example: a view V is self-maintainable wrt to deletion in R if the key of R is included in V Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/17
Data Security
• • Data protection ➡ Prevents the physical content of data to be understood by unauthorized users ➡ Uses encryption/decryption techniques (Public key) Access control ➡ Only authorized users perform operations they are allowed to on database objects ➡ Discretionary access control (DAC) ✦ Long been provided by DBMS with authorization rules ➡ Multilevel access control (MAC) ✦ Increases security with security levels Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/18
Discretionary Access Control
• • Main actors ➡ Subjects (users, groups of users) who execute operations ➡ Operations (in queries or application programs) ➡ Objects, on which operations are performed Checking whether a subject may perform an op. on an object ➡ Authorization= (subject, op. type, object def.) ➡ Defined using GRANT OR REVOKE ➡ Centralized: one single user class (admin.) may grant or revoke ➡ Decentralized, with op. type GRANT ✦ More flexible but recursive revoking process which needs the hierarchy of grants Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/19
Problem with DAC
• • • A malicious user can access unauthorized data through an authorized user Example ➡ User A has authorized access to R and S ➡ User B has authorized access to S only ➡ B somehow manages to modify an application program used by A so it writes R data in S ➡ Then B can read unauthorized data (in S) without violating authorization rules Solution: multilevel security based on the famous Bell and Lapuda model for OS security Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/20
Multilevel Access Control
• • Different security levels (clearances) ➡
Top Secret > Secret > Confidential > Unclassified
Access controlled by 2 rules: ➡ No read up ✦ ✦ subject S is allowed to read an object of level L only if level(S) ≥ L Protect data from unauthorized disclosure, e.g. a subject with secret clearance cannot read top secret data ➡ No write down: ✦ subject S is allowed to write an object of level L only if level(S) ≤ L ✦ Protect data from unauthorized change, e.g. a subject with top secret clearance can only write top secret data but not secret data (which could then contain top secret data) Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/21
MAC in Relational DB
• • A relation can be classified at different levels: ➡ Relation: all tuples have the same clearance ➡ Tuple: every tuple has a clearance ➡ Attribute: every attribute has a clearance A classified relation is thus multilevel ➡ Appears differently (with different data) to subjects with different clearances Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/22
Example PROJ*: classified at attribute level
PNO P1 P2 P3 SL1 C C S PNAME Instrumentation DB Develop.
CAD/CAM SL2 C C S BUDGET 150000 135000 250000 SL3 LOC C S S Montreal New York New York SL4 C S S
PROJ* as seen by a subject with confidential clearance
PNO SL1 P1 P2 C C PNAME Instrumentation DB Develop.
SL2 C C BUDGET 150000 Null SL3 LOC C C Montreal Null SL4 C C Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/23
Distributed Access Control
• Additional problems in a distributed environment ➡ Remote user authentication ✦ Typically using a directory service ✓ Should be replicated at some sites for availability ➡ Management of DAC rules ✦ Problem if users’ group can span multiple sites ✓ ✓ Rules stored at some directory based on user groups location Accessing rules may incur remote queries ➡ Covert channels in MAC Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/24
Covert Channels
• • • Indirect means to access unauthorized data Example ➡ Consider a simple DDB with 2 sites: C (confidential) and S (secret) ➡ Following the “no write down” rule, an update from a subject with secret clearance can only be sent to S ➡ Following the “no read up” rule, a read query from the same subject can be sent to both C and S ➡ But the query may contain secret information (e.g. in a select predicate), so is a potential covert channel Solution: replicate part of the DB ➡ So that a site at security level L contains all data that a subject at level L can access (e.g. S above would replicate the confidential data so it can entirely process secret queries) Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/25
Semantic Integrity Control
• Maintain database consistency the database.
Structural constraints by enforcing a set of constraints defined on ➡ basic semantic properties inherent to a data model e.g., unique key constraint in relational model • Behavioral constraints • ➡ regulate application behavior, e.g., dependencies in the relational model Two components ➡ Integrity constraint specification ➡ Integrity constraint enforcement Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/26
Semantic Integrity Control
• • Procedural control embedded in each application program Declarative assertions in predicate calculus ➡ easy to define constraints ➡ definition of database consistency clear ➡ inefficient to check assertions for each update ✦ limit the search space ✦ ✦ ✦ decrease the number of data accesses/assertion preventive strategies checking at compile time Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/27
Constraint Specification Language
Predefined constraints specify the more common constraints of the relational model ➡ Not-null attribute ENO NOT NULL IN EMP ➡ Unique key (ENO, PNO) UNIQUE IN ASG ➡ Foreign key A key in a relation R is a foreign key if it is a primary key of another relation S and the existence of any of its values in R is dependent upon the existence of the same value in S PNO IN ASG REFERENCES PNO IN PROJ ➡ Functional dependency ENO IN EMP DETERMINES ENAME Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/28
Constraint Specification Language
Precompiled constraints Express preconditions that must be satisfied by all tuples in a relation for a given update type (INSERT, DELETE, MODIFY) NEW - ranges over new tuples to be inserted OLD - ranges over old tuples to be deleted General Form CHECK ON
Constraint Specification Language
Precompiled constraints ➡ Domain constraint CHECK ON PROJ (BUDGET≥500000 AND BUDGET≤1000000) ➡ Domain constraint on deletion CHECK ON PROJ WHEN DELETE (BUDGET = 0) ➡ Transition constraint CHECK ON PROJ (NEW.BUDGET > OLD.BUDGET AND NEW.PNO = OLD.PNO) Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/30
Constraint Specification Language
General constraints Constraints that must always be true. Formulae of tuple relational calculus where all variables are quantified. General Form CHECK ON
Integrity Enforcement
• • Two methods Detection Execute update u: D
D u
If D
u
is inconsistent then if possible: compensate D
u
D u ’
else undo D
u
D
Preventive Execute u: D
D u
only if D
u
will be consistent ➡ Determine valid programs ➡ Determine valid states Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/32
Query Modification
• • • Preventive Add the assertion qualification to the update query Only applicable to tuple calculus formulae with universally quantified variables
UPDATE
PROJ
SET WHERE
BUDGET = BUDGET*1.1
PNAME = "CAD/CAM"
UPDATE SET WHERE AND AND
Distributed DBMS PROJ BUDGET = BUDGET*1.1
PNAME = "CAD/CAM"
NEW
.BUDGET ≥ 500000
NEW
.BUDGET ≤ 1000000 © M. T. Özsu & P. Valduriez Ch.5/33
Compiled Assertions
Triple (R,T,C) where
R
relation
T C
update type (insert, delete, modify) assertion on differential relations Example: Foreign key assertion g ASG, j PROJ : g.PNO = j.PNO
Compiled assertions: (ASG, INSERT, C1), (PROJ, DELETE, C2), (PROJ, MODIFY, C3) where C1:
NEW
ASG+ j PROJ: NEW.PNO = j.PNO
C2: g ASG,
OLD
PROJ : g.PNO ≠ OLD.PNO
C3: g ASG,
OLD
PROJ
NEW
PROJ + : g.PNO ≠OLD.PNO OR OLD.PNO = NEW.PNO
Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/34
Differential Relations
Given relation R and update u
R
+ contains tuples inserted by u
R
contains tuples deleted by u Type of u insert delete modify
R
empty
R
+ empty
R
+ (R – R ) Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/35
Differential Relations
Algorithm: Input: Step 1: Relation R, update u, compiled assertion C
i
Generate differential relations R + and R – Step 2: Step 3: Retrieve the tuples of R + and R – which do not satisfy C
i
If retrieval is not successful, then the assertion is valid.
Example : u is delete on J. Enforcing (EMP, DELETE, C2) : retrieve all tuples of EMP into RESULT where not(C2) If RESULT = {} , the assertion is verified Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/36
Distributed Integrity Control
• Problems: ➡ Definition of constraints ✦ consideration for fragments ➡ Where to store ✦ replication ✦ non-replicated : fragments ➡ Enforcement ✦ minimize costs Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/37
Types of Distributed Assertions
• Individual assertions ➡ single relation, single variable ➡ domain constraint • Set oriented assertions ➡ single relation, multi-variable ✦ functional dependency ➡ multi-relation, multi-variable ✦ foreign key • Assertions involving aggregates Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/38
Distributed Integrity Control
• • Assertion Definition ➡ similar to the centralized techniques ➡ transform the assertions to compiled assertions Assertion Storage ➡ Individual assertions ✦ one relation, only fragments ✦ ✦ ✦ at each fragment site, check for compatibility if compatible, store; otherwise reject if all the sites reject, globally reject ➡ Set-oriented assertions ✦ ✦ ✦ involves joins (between fragments or relations) maybe necessary to perform joins to check for compatibility store if compatible Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/39
Distributed Integrity Control
• Assertion Enforcement ➡ ➡ ➡ Where to enforce each assertion depends on ✦ type of assertion ✦ type of update and where update is issued Individual Assertions ✦ ✦ update = insert ✓ enforce at the site where the update is issued update = qualified ✓ ✓ ✓ send the assertions to all the sites involved execute the qualification to obtain R + and R each site enforce its own assertion Set-oriented Assertions ✦ ✦ single relation ✓ similar to individual assertions with qualified updates multi-relation ✓ move data between sites to perform joins; then send the result to the query master site Distributed DBMS © M. T. Özsu & P. Valduriez Ch.5/40