下载文档原格式
Database Management System (DBMS)a security system (authorized users) 安全性an integrity system (consistency of stored data) 完整性a concurrency control system (shared access) 并发控制a recovery control system (when H/S failure) 恢复a user-accessible catalog (descriptions of data ) 数据字典数据模型三要素Data structure 数据结构Data manipulation 数据操纵Constraints of data integrity 数据的完整性约束Entity Integrity 实体完整性(Candidate) keys must be unique. 码值唯一In a relation, no attribute of a primary key can be null. 基本表主码的诸属性均不能为空Referential Integrity 参照完整性外码取参照码值或取空值PRIMARY KEY (Book_Id),FOREIGN KEY (BorrowerMemNo) REFERENCES MEMBER(MemNo),INSERT INTO MEMBER (MemNo, Memname, PhoneNum) V ALUES (101, 'Susan Jones', '412-376-8888');Divisionselects the attributes specified on an attribute_l ist from a table r, while discarding the rest.Six basic operators书名不会有两个List the member numbers of all library member who likes all books written by ‘Thomas’.Title(CallNumber, ISBN, Name, Author)Like(MemNo, CallNumber)(Like)÷πCallNumberσAuthor=‘Thomas’(Title))SELECT MemNoFROM Member MWHERE NOT EXISTS ((SELECT CallNumberFROM TitleWHERE Author='Thomas')EXCEPT(SELECT CallNumberFROM Likes LWHERE M.MemNo=L.MemNo));Character StringsFixed length nCHAR(n) or CHARACTER(n) 定长串不足充空spaceVarying length of maximum nV ARCHAR(n) or CHAR V ARYING (n) 变长串不足截断V ARCHAR2(n) ORACLE用to_date('2013/03/08' , ‘yyyy/mm/dd' )PRIMARY KEY (LIBSSN, Name),The unique key word specifies each row must have unique values -- specify that a set of columns may serve as an alternate key. 备选码唯一码CREATE TABLE Title(CallNumber V ARCHAR(40),Name V ARCHAR(200),ISBN V ARCHAR(40),Year INT,Publisher V ARCHAR(80),PRIMARY KEY (CallNumber),UNIQUE (ISBN) //备选码备选码);DROP TABLE MEMBER CASCADE;DROP TABLE MEMBER RESTRICT;ALTER TABLE table-name ALTER修改字段数据类型ALTER TABLE LIBRARIANALTER Salary NUMERIC(6,2);ALTER TABLE LIBRARIANALTER COLUMN Salary TYPE NUMERIC(6,2); --postgreSQLALTER TABLE table-name ALTER修改字段数据类型ALTER TABLE LIBRARIANALTER Salary NUMBER(6,2);ALTER TABLE LIBRARIANALTER COLUMN Salary TYPE NUMBER(6,2); --postgreSQL改变字段的缺省值ALTER TABLE DEPENDENTALTER COLUMN kinship DROP DEFAULT;ALTER TABLE BOOK ALTER COLUMN BorrowerMemNoSET DEFAULT NULL;增加一个不能写成表约束的非空约束ALTER TABLE products ALTER COLUMN product_no SET NOT NULL;ALTER TABLE table-name ADD增加字段ALTER TABLE products ADD COLUMN description text ;增加约束ALTER TABLE products ADD CHECK (name <> '');ALTER TABLE productsADD CONSTRAINT some_name UNIQUE (product_no);ALTER TABLE products ADD FOREIGN KEY (product_group_id) REFERENCES product_groups;解决两表相互引用问题!ALTER TABLE table-name DROP删除字段ALTER TABLE products DROP COLUMN description RESTRICT; --默认受限删除ALTER TABLE products DROP COLUMN description CASCADE; --CASCADE 授权删除任何依赖该字段的东西删除约束ALTER TABLE products DROP CONSTRAINT constraint_name;ALTER TABLE products ALTER COLUMN product_no DROP NOT NULL;SELECT staffNo,fName,lName,salary/12 AS monthlySalaryFROM Staff;%任意个字符_ 一个字符SELECT SSN, NameFROM LIBRARIANWHERE Name LIKE 'Nick%';||连接串SELECT Fname || MI || Lname AS Name, PhoneNumber FROM MEMBERWHERE PhoneNumber LIKE '412-6_3%';Example: Display the name and call number of all the book titles that contain '10%' as part of the title name.SELECT Name, CallNumberFROM TITLEWHERE Name LIKE '%10&%%' ESCAPE '&';DELETE FROM librarianWHERE section =(SELECT sectno FROM sectionWHERE name = 'checkout');UPDATE librarianSET salary = salary*1.05WHERE section =(SELECT sectnoFROM sctionWHERE name = 'Art');An entity is an object in the real world that is uniquely identifiable and has independent existence. 实体能被惟一标识本身能独立存在entity typeEntities having the same properties are grouped together to form an entity type. 实体型:具有相同属性的实体Relationship 联系A relationship is a meaningful association between two or more entities. 实体型间有意义的关联cardinality ratio and participation. 基数约束参与性约束one-to-one (1:1):左实体集中的每一个实体,在右实体集中最多有一个实体与之相连,反之亦然。
数据库原理及安全教材
数据库原理及安全教材有很多,下面列举一些常见的教材:
1. 《数据库系统概念》(第6版)(美)Abraham Silberschatz、Henry 、著,杨冬青、马秀莉等译,机械工业出版社,2012年
2. 《数据库系统概念》(第7版)(美)Abraham Silberschatz、Henry 、著,杨冬青、马秀莉等译,机械工业出版社,2017年
3. 《数据库系统导论》(第9版)(美)著,王珊、张俊等译,机械工业出版社,2011年
4. 《数据库系统概念》(第5版)(美)Barbara H. Liskov、Stephen Zilles著,杨冬青、李红燕等译,机械工业出版社,2010年
5. 《数据库系统原理》(第3版)(美)Elliot 、Peter 著,杨冬青、唐世
渭译,机械工业出版社,2009年
6. 《数据库系统原理及安全》(第二版)(英)Peggy Babcock著,施伯乐、王千祥等译,机械工业出版社,2009年
此外,《数据库原理与应用》、《数据库系统设计与应用》、《数据库系统安全与管理》等教材也比较常见。
以上教材只是其中一部分,建议根据个人需求选择合适的教材。
第1章数据库的概念[习题1]名词解释:数据库、数据库管理系统、数据库系统答案:数据库是长期储存在计算机内的、有组织的、可共享的数据的集合.DBMS - DataBase Management System。
是处理数据库访问的软件.。
提供数据库的用户接口。
数据库系统(DataBase System,DBS),DBS是指在计算机系统中引入数据库后的系统.带有数据库的整个计算机系统,包括硬件、软件、数据、人员。
数据库系统(Database System,简称DBS)指数据库应用系统,系统构成包括数据库、数据库管理系统(及其开发工具)、应用系统、数据库管理员和用户[习题2] 数据库系统阶段有和特点?答案:特点:§有了数据库管理系统.§面向全组织,面向现实世界。
§独立性较强。
§由DBMS统一存取,维护数据语义及结构[习题3]结构数据模型三要素是什么,各什么含义?答案:数据模型通常由数据结构、数据操作和完整性约束组成。
§数据结构—-——反映数据的静态特性§数据操作——--反映数据的动态特性§数据的完整性约束 --—反映数据的约束条件[习题4]试述数据库的三级模式结构与两级映象答案:外模式是数据库用户(包括应用程序员和最终用户)能够看见和使用的局部数据的逻辑结构和特征的描述,是数据库用户的数据视图,是与某一应用有关的数据的逻辑表示。
模式是数据库中全体数据的逻辑结构和特征的描述,是所有用户的公共数据视图。
它既不涉及数据的物理存储细节和硬件环境,也与具体的应用程序,与所使用的应用开发工具及高级程序设计语言(如C、Cobol、Fortran)无关。
内模式也称存储模式(Storage Schema),一个数据库只有一个内模式。
它是数据物理结构和存储方式的描述,是数据在数据库内部的表示方式。
例如,记录的存储方式是顺序存储、按照B树结构存储、还是按Hash方法存储;索引按照什么方式组织;数据是否压缩存储,是否加密;数据的存储记录结构有何规定等。
Chapter 1Computing system 计算系统Principle of easiest penetration 最易渗透原则Hardware 硬件Software 软件Data 数据Vulnerability 脆弱性Threat 攻击Attack 威胁Control 控制Interruption 中断Interception 截取Modification 篡改Fabrication 伪造Method 方法Opportunity 机会Motive 动机Security secure 安全措施Confidentiality 保密性/机密性Integrity 完整性Availability 可用性Secrecy 保密性Privacy 私密性Configuration management 配置管理Logic bomb 逻辑炸弹Trojan horse 特洛伊木马Virus 病毒Trapdoor 陷门Information leak 信息泄露Principle of adequate protection 适度保护原则Salami attack 香肠攻击Replay 重放Cracker 破译者Prevention 预防方法Deterrence 障碍Deflection 偏差Detection 检测Recovery 恢复Encryption 加密Protocol 协议Policy 策略Procedure 规程Physical control 物理控制Principle of effectiveness 有效性原则Overlapping control 重叠控制Layered defense 分层防御Principle of weakest link 最弱环节原则Administrative control 管理控制Chapter 2Sender 发送者Recipient 接受者Transmission medium 传输中介Interceptor 截取者Intruder 入侵者Encryption 加密Decryption 解密Encode 编码Decode 解码Encipher 编密码Decipher 译密码Cryptosystem 密码体制Plaintext 明文Ciphertext 密文Algorithm 算法Key 密钥Symmetric 对称的Asymmetric 非对称的Keyless cipher 无密钥密码Cryptography 密码编码学Cryptanalyst 密码分析学Cryptology 密码学Break an encryption 破译加密Substitution 替换Transposition 置换Substitution 替换密码monoalphabetic substitution 单字符替换法Simple substitution 简单替换法Caesar cipher 恺撒密码Permutation 排列One-time pad 一次性密码本Vigenere tableau 维吉尼亚表Vernam cipher 弗纳母密码Book cipher 密码本Columnar Transposition 列置换Digram 双字母组Trigram 三字母组Product cipher 成绩密码Secure cryptographic system 安全密码体制Amount of secrecy 保密量Error propagation 差错传播Authentication 鉴别Key distribution 密钥分配Key management 密钥管理Stream cipher 流密码Block cipher 块密码Confusion 混乱性Diffusion 扩散性Ciphertext-only attack 唯密文攻击Known plaintext attack 已知明文攻击Probable plaintext attack 可能明文攻击Chosen plaintext attack 选择明文攻击Chosen ciphertext attack 选择密文攻击Data Encryption Standard(DES) 数据加密标准Data Encryption Algorithm-1 数据加密算法-1 Double DES 双重DESTriple DES 三重DESDifferential cryptanalysis 微分密码分析学Advanced Encryption Standard(AES) AES高级加密标准Rijndael 一种对称加密算法Cycle or round 循环Public key encryption 公钥加密Asymmetric encryption system 非对称密码体制Private key 私钥Secret key 密钥Rivest-Shamir-Adelman (RSA) algorithm 一种非对称加密算法Cryptographic hash function 密码哈希函数Message digest 消息摘要Hash 哈希Checksum 检验和One-way function 单向函数MD4,MD5 两种消息摘要算法名称SHA/SHS 安全哈希算法/安全哈希标准Chaining 链接Key exchange 密钥交换Digital signature 数字签名Certificate 证书Certificate authority(CA) 证书管理中心Chapter 3Program 程序Secure program 安全程序Fault 故障Program security flaw 程序安全漏洞Bug bugError 错误Failure 失败Penetrate and patch 渗透和打补丁Cyber attack 计算机攻击Buffer overflow 缓冲区溢出Incomplete mediation 不完全验证Time-of-check to time-of-use 检查时刻到使用时刻Malicious code 恶意代码Rogue program 欺诈程序Virus 病毒Agent 代理Transient virus 瞬时病毒Resident virus 寄生病毒Trojan horse 特洛伊木马Logic bomb 逻辑炸弹Time bomb 时间炸弹Backdoor 后门Trapdoor 陷门Worm 蠕虫Rabbit 野兔Appended virus 挂接性病毒Document virus 文档病毒Bootstrap load引导装在Boot sector virus 引导区病毒Virus signature 病毒特征Polymorphic virus 多态性病毒Encrypting virus 加密病毒Brain virus Brain病毒The Internet worm 互联网蠕虫Code Red红色代码病毒Web bug 网页bugUnit test 单元测试Integration test 集成测试Error checking 错误检查Rootkit rootkitRootkit revealer Rootkit检测器Privilege escalation 权限提升Interface illusion 接口错误Keystroke logger 键盘记录器Man-in-middle attack 中间人攻击Covert channel 隐蔽通道File-lock channel 文件锁通道Storage channel 储存通道Timing channel 时间通道Software engineering 软件工程Encapsulation 封装Information hiding 信息隐藏Modularity 模块化Maintainability 可维护性Understandability 易理解性Reusability 可重用性Correctability 正确性Testability 可测试性Coupling 耦合Cohesion 内聚Mutual suspicion 相互猜疑Confined program 限制程序Peer review 对等复查Program design 程序设计Inspection 检查Walk-through 走查法Review 复查Egoless programming 无我编程Hazard analysis 危险性分析Hazard/interoperability studies 危险/互操作性研究Failure modes and effects analysis 失效模式和后果分析Fault tree analysis 故障树分析Performance test 性能检测Regression test 衰减检测Black-box test 黑盒检测Clear-box test 白盒测试Independents test team 独立测试小组Penetration test 渗透测试Passive fault detection 被动故障检测Active fault detection 主动故障检测Redundancy 冗余Fault tolerance 错误容差Configuration management 配置管理Configuration identification 配置识别Conditional compilation 条件编译Configuration audit 配置审查Proof of program correctness 程序正确性证明Program verification 程序验证Process standard 过程标准Configuration management standards配置管理标准Security audit 安全审计Chapter 4Executive 执行器Monitor 监控器Multiprogrammed system 多道程序系统Protected object 被保护对象Sharable I/O device 可共享的I/O设备Serially reusable I/o device 可连续重用的I/O设备Physical separation 物理分离Temporal separation 时间分离Logical separation 逻辑分离Cryptographic separation 密码分离Isolation 隔离Memory protection 内存保护Fence register 界地址寄存器Relocation 重定位Base/bounds registers 基址/范围寄存器Tagged memory architecture 标记内存结构Segmentation 分段式Segment address table 段地址表Segment address translation 段地址转换Paging 分页Page frame 页帧Page address translation 页地址转换Paged segmentation 段页式Directory 目录Revocation of access 撤销访问Access control list 访问控制列表User-group-world protection 用户/组/全局保护Access control matrix 访问控制矩阵Wildcard designation 通配符指定Capability 访问权能Domain 域Local name space 本地名字空间Kerberos KerberosAuthentication sever 鉴别服务器Ticket-granter sever票据授权服务器Key distribution center 密钥发布中心Procedure-oriented access control 面向程序的访问控制Role-based access control 基于角色的访问控制File protection 文件保护Shared file 共享文件Persistent permission 持久许可Temporary access permission 临时访问许可Set userid permission 设置用户ID许可Per-object protection 每个对象保护Per-subject protection 每个主题保护User authentication by something you know 依据用户知道的事情鉴别User authentication by somthing you have 依据用户拥有的东西鉴别User authentication by somthing you are 根据用户的身体特征鉴别Password 口令Password response 口令响应Multifactor authentication 多因素鉴别Two-factor authentication 两因素鉴别Exhaustive attack on password 对口令的穷举攻击Brute force attack on password 对口令的暴力攻击Probable password 可能的口令Likely password 很可能的口令Social engineer attack 社会工程攻击One-time password 一次性口令Challenge-response system 质询响应系统Single sign-on 单次登陆Login impersonation 假扮演登陆界面Biometric authentication 生物特征鉴别Chapter 5Trust 信任Trusted process 可信进程Trusted product 可信产品Trusted software 可信软件Trusted computing base 可信计算基Trusted system 可信系统Security policy 安全策略Military security policy 军事安全策略Sensitivity level 敏感等级Object 对象Need-to-know rule 须知原则Compartment 分隔项Classification 分类Clearance 许可Dominance 支配Subject 主体Hierarchical security 等级安全Nonhierarchial security 非等级安全Clark-Wilson policy Clark-Wilson策略Well-formed transaction 良构事务Constrained data item 受约束数据项Transformation procedure 转换规程Access triple 访问三元组Separation of duty 职责分离Chinese wall policy 中国墙策略Lattice model 格模型Bell-La Padula model Bell-La Padula模型Simple security property 简单安全特性*-property *-特性Write-down 下写Biba model Biba模型Simple integrity policy 简单完整性策略Integrity *-property 完整性*-特性Graham-Denning model Graham-Denning模型Harrison-Ruzzo-Ullman model Harrison-Ruzzo-Ullman 模型Command 命令Condition 条件Primitive operation 原语操作Protection system 保护系统Take-grant system 获取/授予系统Least privilege 最少特权Economy of mechanism 机制经济型Open design 开放设计Complete mediation 完全检查Permission-based access 基于许可的访问Separation of privilege 特权分离Least common mechanism 最小公共机制Ease of use 易用User authentication 用户鉴别Memory protection 内存保护Object access control 对象访问控制Enforced sharing 强制共享Fair service 公平服务Interprocess communication 进程间通信Synchronization 同步Protected control data 保护控制数据User identification and authentication 用户识别和鉴别Mandatory access control 强制访问控制Discretionary access control 自主访问控制Object reuse 对象重用Magnetic remanence 磁记忆Trusted path 可信路径Audit 审计Accountability 责任认定Audit log reduction 审计日志精简Intrusion detection 入侵检测Kernel 内核Nucleus 核Core 核心Security kernel 安全内核Reference monitor 引用监视器Reference monitor properties:引用监视器特性:Tamperproof 抗干扰Unbypassable 不可绕过Analyzable 可分析Trusted computing base(TCB)可信计算基Process activation 进程激活Execution domain switching 执行域转换Memory protection 内存保护Virtualization 虚拟化Virtual machine 虚拟机Virtual memory 虚拟内存Layering 分层Hierarchically structured operation system 层次结构的操作系统Assurance 保证Flaw exploitation 缺陷利用User interface processing flaw I/O处理缺陷Access ambiguity flaw 访问二义性缺陷Incomplete mediation flaw 不完全检查缺陷Generality flaw 普遍性缺陷Time-of-check to time-of-use flaw 检查时刻到使用时刻缺陷Testing 测试Penetration testing 渗透测试Tiger team analysis 攻击队测试Ethical hacking 黑客攻击Formal verification 形式化验证Proof of correctness 正确性证明Theorem prover定理证明器validation证实Requirements checking 需求检查Design and code review 设计和代码审查Module and system testing 模块和系统测试Open source 开放源代码Evaluation 评估Orange Book(TCSEC)橙皮书(TESEC)D,C1,C2,B1,B2,B3,A1 rating D,C1,C2,B1,B2,B3,A1等级German Green Book德国绿皮书Functionality class 功能类Assurance level保证等级British evaluation criteria 英国评估准则Claims language 生命语言Action phrase 行为短语Target phrase 目标短语CLEF CLEFComparable evaluation 可比较评估Transferable evaluation 可转移评估ITSEC ITSECEffectiveness 有效性Target of evaluation 评估目标Security-enforcing function 安全强制功能Mechanism 机制Strength of mechanism 机制强度Target evaluation level 目标评估等级Suitability of functionality 功能适宜性Binding of functionality 功能绑定Combined Federal Criteria 联合联邦准则Protection profile 保护轮廓Security target 安全目标Common Criteria 通用准则Extensibility 可扩展性Granularity 粒度Speed 速度Thoroughness 全面Objectivity 客观性Portability 可移植性Emphatic assertion 强调申明Chapter 7Single point of failure 单一故障点Resilience 弹回Fault tolerance 容错Server 服务器Client 客户机Node 节点Host 主机Link 链路Workstation 工作站Topology 拓扑结构Network boundary 网络周界Network ownership 网络拥有关系Network control 网络控制Digital 数字Analog 模拟Modem 调制解调器Twisted pair 双绞线Unshielded twisted pair 无屏蔽双绞线Bandwidth 带宽Coaxial cable 同轴电缆Ethernet 以太网Repeater 中继器Amplifier 放大器Optical fiber 光纤Wireless LAN 无线局域网802.11 802.11协议标准Microwave 微波Infrared 红外线Satellite 卫星Geosynchronous orbit 覆盖范围Transponder 地球同步轨道Footprint 异频应答器Protocol 协议Protocol stack 协议栈ISO reference model ISO参考模型OSI model OSI模型Application layer 应用层Presentation layer 表示层Session layer 会话层Transport layer 传输层Network layer 网络层Datalink layer 数据链路层Physical layer 物理层Peer 对等层Router 路由器Packet 包Network interface card 网络接口卡MAC address Mac地址Frame 帧Session header 会话头部Logical connection 逻辑连接Sequencing 排序TCP TCPIP IPUDP UDPPort 端口SMTP SMTPHTTP HTTPFTP FTPSNMP SNMP IP address IP地址Domain 域Top-level domain 顶级域名Local area network 局域网LAN LANWide area network 广域网Internet Society 互联网社会Anonymity 匿名性Motivation for attack 攻击的动机Challenge 挑战Fame 名声Money 金钱Espionage 间谍Organized crime 组织犯罪Ideology 意识形态Hactivism 激进主义Cyberterrorism 网络恐怖主义Reconnaissance 侦察Intelligence 情报收集Port scan 端口扫描Social engineering 社会工程学Fingerprinting 指纹Eavesdrop 偷听War driving 战争驱动Passive wiretap 被动窃听Active wiretap 主动窃听Packet sniffer 包嗅探器Inductance 自感器Impedance 阻抗Multiplexed signals 多重信号Interception 截取Theft of service 骗取服务RFC(request for comments) 请求注解Impersonation 假冒Authentication 鉴别Guessing authentication 猜测鉴别Eavesdropping authentication 偷听鉴别Avoiding authentication 避开鉴别Nonexistent authentication 不存在的鉴别Well-known authentication 众所周知的鉴别Trusted authentication 可信任鉴别Spoof 欺骗Masquerade 伪装Phishing 钓鱼欺诈Session hijacking 会话劫持Man-in-middle attack 中间人攻击Misdelivery 误传Message exposure 消息暴露Interception 侦听Traffic flow analysis 流量分析Message falsification 伪造消息Message replay 重放消息Message fabrication 编造消息Noise 噪声Interference 干涉Protocol flaw 协议缺陷Web site defacement 网站被黑Buffer overflow 缓冲区溢出Dot-dot attack ".."攻击Address resolution 地址解析Application code attack 应用代码攻击Server-side include 服务端包含Denial-of-service attack 拒绝服务攻击Transmission failure 传输失败Connection flooding 连接洪泛Echo 响应Chargen 索取Ping of death 死亡之PingSmurf Smurf攻击Syn flood 同步洪泛Teardrop attack teardrop攻击Distributed denial of service 分布式拒绝服务Active code 活动代码Mobile code 移动代码Cookie 脚本Escape-character attack ESC字符攻击Active server page 活动服务器页Java code Java代码Sandbox 沙漏Java virtual machine Java虚拟机Hostile applet 有敌意的appletScript kiddie 脚本小子Building block attack 积木攻击Network segmentation 网络分段Redundancy 冗余Failover mode 失效修复模式Link encryption链路加密End-to-end encryption 端到端加密Virtual private network 虚拟专有网络Encrypted tunnel 加密隧道Certificate 证书Certificate authority 证书管理中心Transport layer security 传输层安全性Security association 安全关联Security parameter index 安全参数索引Authentication header 鉴别报头Encapsulated security payload 封装的安全负载Signed code 签名代码Content integrity 内容完整Error detection 错误检测Error correction code 错误校正码Parity 校验Even parity 奇校验Odd parity 偶校验Hash code 哈希码Huffman code 霍夫曼编码Cryptographic checksum密码校验和Message digest 消息摘要Strong authentication 强鉴别Password token口令令牌Challenge-response system 质询-响应系统Digital Distributed Authentication 分布式数字鉴别Ticket-granting server 票据授权服务器Ticket 票据Router ACL 路由器ACLService Set Identifier 服务区标识符Wired equivalent privacy 无线等效保密Temporal Key Integrity Program 暂时密钥集成程序Honeypot 蜜罐Traffic flow security 通信流量安全Onion routing 洋葱型路由算法Firewall 防火墙Reference monitor 引用监视器Packet filtering gateway 包过滤网关Screening router 屏蔽路由器Stateful inspection 状态检查Application proxy 应用代理Bastion host 保垒主机Guard 门卫Personal firewall 个人防火墙Layered protection 分层保护Defense in depth 纵深防御Intrusion detection system 入侵检测系统Network-based IDS 基于网络的IDSHost-based IDS 基于主机的IDSSignature-based IDS基于签名的IDSAnomaly detection 异常检测Heuristic intrusion detection 启发式入侵检测Misuse detection 误用检测Stealth mode 秘密模式Scanner 扫描仪IDS alarm IDS警告False positive 漏报False negative 误报Secure e-mail 安全电子邮件Message confidentiality 消息机密性Message integrity check 消息完整性检查Sender authenticity 发送者的真实性Sender nonrepudiation 发送者的不可否认Key management 密钥管理Key ring 钥匙环。
第4章数据库安全性数据库知识点整理第4章数据库安全性了解计算机系统安全性问题数据库安全性问题威胁数据库安全性因素掌握TCSEC和CC标准的主要内容C2级DBMS、B1级DBMS的主要特征DBMS提供的安全措施⽤户⾝份鉴别、⾃主存取控制、强制存取控制技术视图技术和审计技术数据加密存储和加密传输使⽤SQL语⾔中的GRANT语句和REVOKE语句来实现⾃主存取控制知识点什么是数据库的安全性数据库的安全性是指保护数据库以防⽌不合法的使⽤所造成的数据泄露、更改或破坏举例说明对数据库安全性产⽣威胁的因素⾮授权⽤户对数据库的恶意存取和破坏数据库中重要或敏感的数据被泄露安全环境的脆弱性信息安全标准的发展历史,CC评估保证级划分的基本内容TCSEC/TDI 安全级别划分安全级别定义A1 验证设计(verified design)B3 安全域(security domains)B2 结构化保护(structural protection)B1 标记安全保护(labeled security protection)C2 受控的存取保护(controlled access protection)C1 ⾃主安全保护(discretionary security protection)D 最⼩保护(minimal protection)CC评估保证级(EAL)的划分评估保证级定义 TCSEC安全级别(近似相当)EAL1 功能测试(functionally tested)EAL2 结构测试(structurally tested) C1EAL3 系统地测试和检查(methodically tested and checked) C2EAL4 系统地设计、测试和复查(methodically designed,tested and reviewed) B1EAL5 半形式化设计和测试(semiformally designed and tested) B2EAL6 半形式化验证的设计和测试(semiformally verified design and tested) B3EAL7 形式化验证的设计和测试(formally verified design and tested) A1实现数据库安全性控制的常⽤⽅法和技术⽤户⾝份鉴别该⽅法由系统提供⼀定的⽅式让⽤户标识⾃⼰的名字或⾝份。
C H A P T E R21Information RetrievalPractice Exercises21.1Compute the relevance(using appropriate definitions of term fre-quency and inverse document frequency)of each of the Practice Ex-ercises in this chapter to the query“SQL relation”.Answer:We do not consider the questions containing neither of thekeywords as their relevance to the keywords is zero.The number ofwords in a question include stop words.We use the equations givenin Section21.2to compute relevance;the log term in the equation isassumed to be to the base2.21.2Suppose you want tofind documents that contain at least k of a givenset of n keywords.Suppose also you have a keyword index that givesyou a(sorted)list of identifiers of documents that contain a specifiedkeyword.Give an efficient algorithm tofind the desired set of docu-ments.Answer:Let S be a set of n keywords.An algorithm tofind all docu-ments that contain at least k of these keywords is given below:12Chapter21Information RetrievalThis algorithm calculates a reference count for each document identi-fier.A reference count of i for a document identifier d means that atleast i of the keywords in S occur in the document identified by d.The algorithm maintains a list of records,each having twofields–adocument identifier,and the reference count for this identifier.This listis maintained sorted on the document identifierfield.initialize the list L to the empty list;for(each keyword c in S)dobeginD:=the list of documents identifiers corresponding to c;for(each document identifier d in D)doif(a record R with document identifier as d is on list L)thenR.re f erence count:=R.re f erence count+1;else beginmake a new record R;R.document id:=d;R.re f erence count:=1;add R to L;end;end;for(each record R in L)doif(R.re f erence count>=k)thenoutput R;Note that execution of the second for statement causes the list D to“merge”with the list L.Since the lists L and D are sorted,the timetaken for this merge is proportional to the sum of the lengths of the twolists.Thus the algorithm runs in time(at most)proportional to n timesthe sum total of the number of document identifiers corresponding toeach keyword in S.21.3Suggest how to implement the iterative technique for computing Page-Rank given that the T matrix(even in adjacency list representation)does notfit in memory.Answer:No answer21.4Suggest how a document containing a word(such as“leopard”)canbe indexed such that it is efficiently retrieved by queries using a moregeneral concept(such as“carnivore”or“mammal”).You can assumethat the concept hierarchy is not very deep,so each concept has onlya few generalizations(a concept can,however,have a large number ofspecializations).You can also assume that you are provided with a func-tion that returns the concept for each word in a document.Also suggesthow a query using a specialized concept can retrieve documents usinga more general concept.Answer:Add doc to index lists for more general concepts also.Practice Exercises3 21.5Suppose inverted lists are maintained in blocks,with each block not-ing the largest popularity rank and TF-IDF scores of documents in the remaining blocks in the list.Suggest how merging of inverted lists can stop early if the user wants only the top K answers.Answer:For all documents whose scores are not complete use upper bounds to compute best possible score.If K th largest completed score is greater than the largest upper bound among incomplete scores output the K top answers.No answer。
Chapter 11.What are the applications of database systems?•Banking•Airlines•Universities(for example:Add new students, instructors, and courses. Register students for courses, and generate class rosters. Assign grades to students, compute grade point averages (GPA) and generate transcripts. )•Credit card transactions•Telecommunications•Sales•Manufacturing•Human resources2. List four significant difference between file processing system andDBMS.or List any four advantages of database management systems (DBMS) over file-processing systems?•Data redundancy and inconsistency: Various files are likely to have differentformats and the programs may be written in several programming languages. Moreover, the same information may be duplicated in several places (files). The redundancy leads to higher storage and access cost. In addition, it may lead to data inconsistency; that is, the various copies of the same data may no longer agree. For example, a changed customer address may be reflected in savings-account records but not elsewhere in the system.•Difficulty in accessing data: Conventional file-processing environments do not allow needed data to be retrieved in a convenient and efficient manner.•Data isolation: Because data are scattered in various files, and files may be in different formats, writing new application programs to retrieve the appropriate data is difficult.•Integrity problems: The data values stored in a database must satisfy certain types of consistency constraints. For example, the balance of a bank account may never fall belowa prescribed amount (say, $25). However, when new constraints are added, it is difficult tochange the programs to enforce them. The problem is compounded when constraints involve several data items from different files.•Atomicity problems: Failures may leave database in an inconsistent state with partial updates carried out. E.g. transfer of funds from one account to another should either complete or not happen at all. That is, the funds must be atomic-it must happen in its entirety or not at all. It is difficult to ensure atomicity in a conventional file processing system.•Concurrent access anomalies: Concurrent accessed needed for performance.Uncontrolled concurrent accesses can lead to inconsistencies. E.g. two people reading a balance and updating it at the same time.3.explain the terms: instance schema entity relationship attributes DDL DML DBA DBMS and query.Instance: The collection of information stored in the database at a particular moment is called instance of the database.Schema: The overall design of the database is called the database schema. Entity: An object in the mini world about which information is to be stored. Relationship: A relationship is a connection between two or more entity sets Attribute: A property or feature of an entity (or relationship)DDL: We specify a database schema by a set of definitions expressed by a special language called a data-definition languageDML: Data-manipulation language (DML) is a language that enables users to access or manipulate data as organized by the appropriate data modelDBA:A database administrator,a person who has such central control over the system. DBMS: A database- management system (DBMS) is a collection of interrelated data and a set of programs to access those data.Query: A query is a statement requesting the retrieval of information.4.List 7 programming languages that are procedural and 3 that are nonprocedural. Which group is easier to learn? Explain(大家自己随便编上点就行了)Procedural:Nonprocedural:5.In the Fig.1.4, e/r diagram identify the entities entity sets attributes and relationships.矩形内的entity sets是菱形内的是relationships椭圆形内的是attributes6.What’s the result in figure 1.5?答案:500,900Chapter 21.What are the different types of attributes? Explain with examples.Attribute Types: An attribute, as used in the E-R model, can be characterized by the following attribute types.1. Simple(Eg. cust-street) : with no further subsets2. Composite(Eg. name, which includes FN,LN,MN): with further subsets3. Single (Eg. loan-number) : which takes just one value4. Multi-valued (Eg. phone-number): This takes more values. A customer may have many phone numbers5. Derived (Eg. age derived from DOB): the age can be derived from date-of-birth attribute6. Null (Eg. middlename, one may not have middle name): attributes which takes null values or which are “not-applicable”2. Describe the terms (a) Super key, (b) Candidate key, and (a) Primary key with an example.• A superkey is a set of one or more attributes that, taken collectively, allow us to identify uniquely an entity in the entity set. For example, the customer-id attribute of the entity set customer is sufficient to distinguish one customer entity from another.Thus, customer-id is a superkey. Similarly, the combinationof customer-name and customer-id is a superkey for the entityset customer. The customer-name attribute of customer is not a superkey, because several people might have the same name.• The concept of a superkey is not sufficient for our purposes, since, as we saw, a superkey may contain extraneous attributes. If K is a superkey, then so is any superset of K. We are often interested in superkeys for which no proper subset is a superkey. Such minimal superkeys are called candidate keys.• It is possible that several distinct sets of attributes could serve as a candidate key. Suppose that a combination of customer-name and customer-street is sufficient to distinguish among members of the customer entity set. Then, both {customer-id} and {customer-name, customer-street} are candidate keys. Although theattributes customer-id and customer-name together can distinguish customer entities, their combination does not form a candidate key, since the attribute customer-id alone is a candidate key.• We shall use the term primary key to denote a candidate key that is chosen by the database designer as the principal means of identifying entities within an entity set. In theUnited States, the social-security number attribute of a person would be a candidate key.3.What are the major Components of E-R Diagram ?Rectangles, which represent entity setsEllipses, which represent attributesDiamonds, which represent relationship setsLines, which link attributes to entity sets and entity sets to relationship setsDouble ellipses, which represent multivalued attributesDashed ellipses, which denote derived attributesDouble lines, which indicate total participation of an entity in a relationship setDouble rectangles, which represent weak entity sets4.作业题,大家参照课本例题看看。
