9.2 Databases


Database systems (DBS) are commonly accepted computer-aided techniques of organising, generating, manipulating and managing large amounts of data. A database system consists of the database management system (DBMS) and a certain number of databases. A database is a collection of data representing facts on a specific application in the real world. The DBMS acts as an interface between users and the database, allowing efficient and centrally monitored access to data, and ensuring the pemanent availability of this data.

Database management systems now form an indispensable part of IT applications. Without a DBMS, it would not be possible to manage the vast amounts of data which need to be collected, processed and evaluated. The concept of a DBMS is based on a particular database model. The most important database models are described in the following:

Hierarchical database model

This is the oldest existing variant, also regarded as the database model of the first generation. This database model is structured like a tree. The nodes and leaves in this structure represent the files. A node or leaf has exactly one predecessor, and data is always accessed sequentially. The access routes are determined by the tree structure (and file structure respectively).

Relational database model

The relational database model involves strict separation between the data and the methods of accessing it. The data is stored in the form of tables, where each row represents a data record (also termed tupel) and each column represents an attribute of the data record. Tupels can be related to other tupels in different tables, which is marked by a corresponding relationship. As opposed to the hierarchical model, the relational database model does not impose any restrictions on access to data. SQL (Standard Query Language), standardised by the ISO, is the database language provided with all relational database systems.

Object-oriented database model

Object-oriented database models are an extension of classical database models and involve an object-oriented (OO) technique. In this case, objects with similar attributes are grouped into classes which, in turn, can be assigned class hierarchies. Only defined methods can be used to modify the objects, the inheritance of methods and attributes playing a key role in object-oriented design. Standard data types such as "Integer" and "Character" can be supplemented with type constructors allowing the definition of complex values.

This chapter only provides a treatment of databases based on the relational database model, as it is currently the most prevalent.

A database system generally provides simultaneous access for different users. It therefore has to process several user requests (transactions) in parallel and guarantee a distinct level of fault tolerance. Of central importance are four requirements which are called the ACID-principle:

These requirements are fulfilled by almost all commercially available DBMS systems.

Database systems are based on standard commercial software offered by a variety of manufacturers. The first step in acquiring a database for processing data is to select a suitable standard software package. The related threats and safeguards stated in Chapter 9.1 Standard Software must also be considered here.

Databases cannot be treated separately from the environment in which they are used. A stand-alone PC is just as feasible as a mainframe or a network of Unix systems. For this reason, the threats and safeguards described in Chapter 5 Non-networked systems, Chapter 6 Local Area Networks and Chapter 7 Data Transfer Systems should be taken into consideration in accordance with the type of environment involved. To prevent redundancies, this chapter does not repeat descriptions of threats and safeguards unless they are of particular importance.

Threat Scenario

The following threats are assumed to be applicable to the IT baseline protection of databases:

Force Majeure:

Organisational Shortcomings:

Human Failure:

Technical Failure:

Deliberate Acts:

Recommended Countermeasures (S)

For the purpose of IT baseline protection, we recommend the complete implementation of the safeguard packages (modules) summarised in Chapters 2.1 and 2.4.

It is advisable to install the database server in a separate server room. The appropriate measures are described in Chapter 4.3.2. If an office is used simultaneously as a server room, the safeguards described in Chapter 4.3.1 must also be implemented.

If the database server is installed in a protective cabinet, also refer to Chapter 4.4 Protective Cabinets.

The following essential steps must also be taken for databases:

  1. Determining the requirements to be fulfilled by the database software.
    First prepare a requirements catalogue to allow the selection of a suitable standard database software (S 2.80 and S 2.124).
  2. Training administrators
    Before the database software is used in a productive environment, the responsible administrators must be trained (S 3.11). If possible, this should be done before procuring the software package.
  3. Design a database concept
    Before using the database software, design a database concept which describes the installation and configuration of the database software, the suitable concept for database users and their access rights, as well as the application-specific database. Depending on the capacity and environment of the database as well as the selected standard database software, such a concept can be very extensive (S 2.125, S 2.128, S 2.129 and S 2.126).
  4. Operating the database
    Commissioning and operation of the database include the implementation of the database concept, as well as continuous monitoring of the DBMS in order to ensure the availability, data integrity and protection of confidential data. The most important safeguards here concern documentation (S 2.25, S 2.31, S 2.34), administration (S 2.130, S 2.133) and utilisation of the database.
  5. Contingency planning
    In addition to the general safeguards relating to this topic, it is important to consider database-specific circumstances in order to keep data losses and recovery times within reasonable limits in the event of a system crash or database crash. (S 6.32, S 6.49, S 6.50).

The safeguard package for databases is listed in the following:





Contingency Planning:

© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update on 6 April 2000