S 2.130 Ensuring the integrity of a database

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator, Persons responsible for individual applications

Ensuring and monitoring the integrity of a database are intended to guarantee the correctness of the corresponding data and a correct database state. The following techniques are used to prevent incorrect data and/or database states of a database:

• Data access control
  Data access control refers to the protection of the corresponding database against unauthorised access by assigning data access rights as described in S 2.129 Controlling access to database information. This prevents manipulations to the data and/or database objects (such as tables, for example).
  The database administrator is responsible for implementing data access control.
  There is no detailed description in this safeguard and further information can be found in safeguard S 2.129 Controlling access to database information
• Synchronisation control
  Synchronisation control serves to prevent the inconsistencies that may arise through parallel access to the same database. Various techniques are used for synchronisation control, for example locking the database objects or assigning time stamps.
  The persons responsible for the IT-applications are responsible for implementing synchronisation control if an additional mechanism must be provided with greater synchronisation control capabilities than the mechanisms provided by the database management system (DBMS).
  There is no detailed description, since each DBMS performs synchronisation control in general. It is strongly recommended not to use a DBMS that does not offer synchronisation control.
• Integrity control
  Integrity control includes the prevention of semantic errors and/or semantically inconsistent states of the database by maintaining and monitoring the required database integrity constraints. These constraints may refer to individual relations or combine several relations in a single relationship (referential integrity). Examples include the specification of a primary key for a relation, the definition of value ranges for the individual attributes, or the formulation of special constraints using assertion clauses.
  The integrity can be checked automatically by the DBMS using a monitor that can be implemented using triggers or stored procedures, for example. As a matter of principle, it would still possible to execute any transaction, but transactions that would lead to an inconsistent database would then be rejected by the DBMS.
  The responsibility for implementing integrity control is incumbent upon the persons responsible for the IT applications and/or the technical administrator if the integrity constraints are implemented in the form of relations, primary keys, or general database objects.
  The following must be created when designing an IT application
  • a data model that maps the database objects, as well as the relationships between them and
  • a technical concept that describes, amongst other things, the conditions under which it is allowed to manipulate data.
• The following aspects must be taken into consideration when implementing an IT application:
  • the specific implementation of the data model defined in the design phase must be sThe following must bepecified. This includes the definition and creation of tables, indexes, value ranges, etc.
  • triggers or stored procedures are defined in the framework of implementing the technical concept. Triggers and stored procedures can be used in the applications (in the programs), as well as in the database (for tables). Triggers used at the database level work independently from the superior applications and must be administrated centrally for this reason.
    
    Example: "Update" trigger for a table:
    Whenever a record in the table is changed, the statements defined for the trigger are executed. One of these statements can be a call to a stored procedure.

Within the framework of applications, it is possible to secure the integrity using suitable commit and/or rollback statements to execute and/or reject transactions.

Review questions:

• Are synchronisation control techniques used to avoid inconsistencies?
• Are integrity control techniques used to avoid semantic errors and/or semantically inconsistent states of the database?
• Is the protection of the integrity also taken into consideration in applications using the database?