Entity Relationship Diagram
Example
E-R Diagram of Hospital Management System
Name
Address
Address
Department
Age
Name
P_id
D_id
1
Doctor
M
Treats
Ph.No
Patient
1
1
Gender
Ph.No
Gender
M
Issued
1
Assign
BILL NO.
Room_id
Doc_Charges
Bill
Room Charges
Type
Room
R.NO
What is an Enhanced ERD?
An enhanced entity-relationship model, also known as an extended entity-relationship
model, is a type of database diagram that's similar to regular ERDs. Enhanced ERDs are
high-level conceptual models that accurately represent the requirements of complex
databases.
Enhanced ERDs include the same concepts that ordinary ER diagrams encompass. In
addition, EERDs include:
Subtypes and supertypes (sometimes known as subclasses and superclasses)
Specialization or generalization
Attribute and relationship inheritance
SUPERTYPES & SUBTYPES
Supertype - an entity type that has a relationship with one or more subtypes.
Subtype - a subgroup of entities with unique attributes.
Every patient is cared for by a RESPONSIBLE_PHYSICIAN who develops a
treatment plan for the patient
Example: Patients
Each subtype also has unique attributes. Outpatients have a Checkback_Date, whilst
residents have a Date_Discharged and a unique relationship that assigns each patient to
a bed (this is a mandatory relationship, and each bed may or may not be assigned to a
patient)
GENERALIZATION & SPECIALIZATION
Generalization - the process of defining a general entity type from a collection
of specialized entity types.
Specialization - the inverse of generalization, since it defines subtypes of the
supertype and forms relationships between supertype and subtupe.
CONSTRAINTS
Disjoint Rule: An instance of the supertype can be only ONE of the subtypes
Overlap Rule: An instance of the supertype can simultaneously be a member of more
than one of the subtypes
Person_
Employee?
Address
Name
SSN
Sex
Date_of_
Birth
PERSON
Person_Type:
Salary
Employee
_Type
Employee?=“Y”
O
Student?=“Y”
Alumnus?=“Y”
EMPLOYEE
ALUMNUS
M
STUDENT
Date_Hired
Degrees
Student
Data RecoveryEmployee_Type=
& ProtectionYear
Date
Degree
d
“Faculty”
d
“Staff”
“Grad”
“Unde
FACULTY
STAFF
GRADUATE
STUDENT
•
What is databaseRank
security?Position
•
Potential threats to computer system
•
Authorization and Authentication
•
Encryption
•
DBMSs and Web Security
Test_Score
Database security – The mechanisms that protect
the database against intentional or accidental
threats.
Major areas of loss:
a. theft and fraud
b. loss of confidentiality
c. loss of privacy
d. loss of integrity
e.
loss of availability
Threats
Treat – Any situation or event, whether intentional or accidental, that may
adversely affect a system and consequently the organization.
i.
Using another person’s means of access
Illegal entry by hacker
ii.
iii.
iv.
v.
Creating “trapdoor” into system
Theft of data, programs, and equipment
Staff shortages or strikes
Inadequate staff training
Viewing and disclosing unauthorized data
Data corruption owning to power loss or surge
UNDER
STUD
C
Sta
vi.
Physical damage to equipment
Countermeasures – Computer-Based Controls
Authorization and Authentication, Views Backup and Recovery, Integrity,
Encryption, RAID technology
Authorization and Authentication
Authorization – The granting of a right or privilege that enables a
subject to have legitimate access to a system or a system’s objects.
Authentication – A mechanism that determines whether a user is who
he/she claims to be.
This usually involves a username and a password, but can include any
other method of demonstrating identity, such as a smart card, retina scan,
voice recognition, or fingerprints.
Security
It is common knowledge that the databases should be held secure, against
damages, unauthorized accesses and updatings. A DBMS typically includes a
“database security and authorization subsystem” that is responsible for the security
of the database against unauthorized accesses and attacks. Traditionally, two types
of security mechanisms are in use.
1. Discretionary security mechanisms: Here each user (or a group of users) is
granted privileges and authorities to access certain records, pages or files
and denied access to others. The discretion normally lies with the database
administer (DBA)
2. Mandatory security mechanisms: These are standard security mechanisms
that are used to enforce multilevel security by classifying the data into
different levels and allowing the users (or a group of users) access to certain
levels only based on the security policies of the organization.
Another type of security enforced in the “statistical database security” often
large databases are used to provide statistical informations about various
aspects like, say income levels, qualifications, health conditions etc. These are
derived by collecting a large number of individual data. A person who is doing
the statistical analysis may be allowed access to the “statistical data” which is
an aggregated data, but he should not be allowed access to individual data
Another concept is the creation of “views”. While the database record may
have large number of fields, a particular user may be authorized to have
information only about certain fields. In such cases, whenever he requests for
the data item, a “view” is created for him of the data item, which includes only
those fields which he is authorized to have access to. He may not even know
that there are many other fields in the records.
Backup and Recovery
Backup - The process of periodically taking a copy of the database and log file
on to offline storage media. Algorithm and
Journaling - The process of keeping and maintaining a log file (or journal) of all
changes made to the database to enable recovery to be undertaken effectively in
the event of a failure.
Encryption
Encryption - The encoding of the data by a special algorithm that renders the
data unreadable by any program without the decryption key.
Algorithm and
Plain-data
Plain-data
Encrypted data
Symmetric encryption - DES, IDEA, RC4, BlowFish, AES. Asymmetric
encryption - RSA, Diffie-Helman.
DBMSs and Web Security
Proxy servers, Firewalls, Message Digest Algorithms and Digital Signature,
Digital Certificates, SSL and S-HTTP
Proxy servers
Proxy servers is a computer that sits between a Web browser and a Web servers.
It intercepts all requests for web pages and saves them locally for some time.
Proxy server provides improvement in performance and filters requests.
Digital Certificates
Digital Certificate is an attachment to an electronic message used for security
purposes, most commonly to verify that a user sending a message is who he/she
claims to be, and provide the receiver with the means to encrypt a reply.
Secure Sockets Layer and Secure HTTP
SSL creates a secure connection between a client and a server, over which any
amount of data can be sent securely. S-HTTP is designed to transmit individual
messages securely. Both use asymmetric encryption
Recovery Methods
1. Mirroring keep two copies of the database and maintain them
simultaneously
2. Backup periodically dump the complete state of the database to some form
of tertiary storage
Recovery
System Logging – the log keeps track of all transaction operations affecting the
values of database items. The log is kept on disk so that it is not affected by
failures except for disk and catastrophic failures
Recovery from Transaction Failures
Catastrophic failure
• Restore a previous copy of the database from archival backup
• Apply transaction log to copy to reconstruct more current state by redoing
committed transaction operations up to failure point
• Incremental dump + log each transaction
Non-catastrophic failure
• Reverse the changes that caused the inconsistency by undoing the operations
and possibly redoing legitimate changes which were lost
• The entries kept in the system log are consulted during recovery.
• No need to use the complete archival copy of the database