Intro to CyberSecurity homework

 

1. (a)  In an environment in which several users share access to a single  database, can one user ever block another’s access for an unlimited  period of time? (This situation is called indefinite postponement.) (b)  Describe a scenario in which two users could cause the indefinite  postponement of each other. (c) Describe a scenario in which a single  user could cause the indefinite postponement of all users.

2. Using  the two-step commit presented in the beginning of this chapter,  describe how to avoid assigning one seat to two people, as in the  airline example. That is, list precisely which steps the database  manager should follow in assigning passengers to seats.

3. Suppose  a database manager were to allow nesting of one transaction inside  another. That is, after having updated part of one record, the DBMS  would allow you to select another record, update it, and then perform  further updates on the first record. What effect would nesting have on  the integrity of a database? Suggest a mechanism by which nesting could  be allowed.

4. Can a database contain two identical records without a negative effect on the integrity of the database? Why or why not?

5. Some  operating systems perform buffered I/O. In this scheme, an output  request is accepted from a user and the user is informed of the normal  I/O completion. However, the actual physical write operation is  performed later, at a time convenient to the operating system. Discuss  the effect of buffered I/O on integrity in a DBMS.

6. A  database transaction implements the command “set STATUS to ‘CURRENT’ in  all records where BALANCE-OWED = 0.” (a) Describe how that transaction  would be performed with the two-step commit described in this chapter.  (b) Suppose the relations from which that command was formed are (CUSTOMER-ID,STATUS)  and (CUSTOMER-ID,BALANCE-OWED). How would the transaction be performed?  (c) Suppose the relations from which that command was formed are  (CUSTOMER-ID,STATUS), (CREDIT-ID,CUSTOMER-ID), (CREDIT-ID,  BALANCE-OWED). How would the transaction be performed?

7. Show  that if longitudinal parity is used as an error detection code, values  in a database can still be modified without detection. (Longitudinal  parity is computed for the nth  bit of each byte; that is, one parity bit is computed and retained for  all bits in the 0th position, another parity bit for all bits in the 1st  position, etc.)

8. Suppose query Q1 obtains the median ml of a set S1 of values, and query Q2 obtains the median m2 of a subset S2 of S1. If m1 < m2, what can be inferred about S1, S2, and the elements of S1 not in S2?

9. One  approach suggested to ensure privacy is the small result rejection, in  which the system rejects (returns no result from) any query, the result  of which is derived from a small number, for example, five, of records. Show how to obtain sensitive data by using only queries derived from six records.

10. Cite a situation in which the sensitivity of an aggregate is greater than that of its constituent values. Cite a situation in which the sensitivity of an aggregate is less than that of its constituent values.