Download Initial design of a relational database system for

Calhoun: The NPS Institutional Archive
Theses and Dissertations
Thesis and Dissertation Collection
1985-03
Initial design of a relational database system for
NPS computer asset identification and valuation for
Risk Assessment.
Thompson, Fred W.
http://hdl.handle.net/10945/21383
DUDLEY KNOX LIBRARY
NAVAL POSTGRADUATE SCHOOL
MONTEREY. CALIFORNIA 93943
NAVAL POSTGRADUATE SCHOOL
Monterey, California
THESIS
INITIAL DESIGN OF A RELATIONAL DATABASE
SYSTEM FOR NPS COMPUTER ASSET IDENTIFICATION
AND VALUATION FOR RISK ASSESSMENT
by
Fred W. Thompson
March 1985
Thesis Advisor
Norman
R.
Approved for public release; distribution
Lvons
is
unlimited
T22402
SECURITY CLASSIFICATION OF THIS PAGE (Whti Data Enfrad)
READ INSTRUCTIONS
BEFORE COMPLETING FORM
REPORT DOCUMENTATION PAGE
1.
4.
REPORT NUMBER
J\TLE (and
2.
GOVT ACCESSION
NO.
Subtitle)
Initial Design of a Relational
Database System for NPS Computer Asset
dent if icat ion and Valuation for Risk
_
A ssessment
7.
AUTHORr*;
^Fred W.
9.
3.
RECIPIENT'S CATALOG NUMBER
5.
TYPE OF REPORT
&
PERIOD COVERED
Master's Thesis
March 1985
6.
PERFORMING ORG. REPORT NUMBER
e.
CONTRACT OR GRANT NUMBERC*;
Thompson
PERFORMING ORGANIZATION NAME AND ADDRESS
10.
PROGRAM ELEMENT. PROJECT, TASK
AREA WORK UNIT NUMBERS
ft
Naval Postgraduate School
Monterey, CA 93943
11.
CONTROLLING OFFICE NAME AND ADDRESS
12.
Naval Postgraduate School
Monterey, CA 93493
REPORT DATE
March 1985
13.
NUMBER OF PAGES
15.
SECURITY CLASS,
123
14.
MONITORING AGENCY NAME
»
ADDRESSC// dUfarant from Controlling
Ollica)
(ot thia raport)
UNCLASSIFIED
ISa.
DECLASSIFICATION/ DOWNGRADING
SCHEDULE
16.
DISTRIBUTION ST ATEMEN T
fof (h/»
R»porO
Approved for public release; distribution
17.
DISTRIBUTION STATEMENT
18.
SUPPLEMENTARY NOTES
19.
KEY WORDS
(ol the abatract entered In
(Continue on reverse aide
Block
is
unlimited
30, II dlllerenl Irom Report)
neceeaary and Identity by block number)
It
relational database design, computer risk assessment
20.
ABSTRACT
(Continue on reverae aide
It
neceaaary and Identity by block number)
Relational database technology is examined as a means to
cupport computer Risk Assessment at the Naval Postgraduate
School.
The current methodology for conducting computer
Risk Assessment within the Department of the Navy is
used to construct an initial design for a relational
database system.
The initial design focuses on computer
(Cont inued)
DO
1
JAN
73
1473
EDITION OF
S
1
NOV
65
IS
N 0102- LF- 014- 6601
OBSOLETE
1
SECURITY CLASSIFICATION OF THIS PACE
fl»h»n
Data Bntarad)
SECURITY CLASSIFICATION OF THIS PACE (miMi Data Bnff4)
ABSTRACT (Continued)
asset identification and valuation as the first step of the
computer Risk Assessment process.
S
N 0102- LF- 014- 6601
SECuniTY CLASSIFICATION OF THIS
PAaE(ir?i*n Dmtm
Bnffd)
Approvpd for public release; d''str"'but"'on unlimited.
Initial Design of Relational Database System for NPS Computer
Asset Identification and Valuation for Risk Assessment
by
Fred W. Thompson Jr.
Lieutenant Commander. United States Navy
B.A.. Vanderbilt University, 1974
Submitted in partial fulfillment of the
requirements for the degree of
MASTER OF SCIENCE IN INFORMATION SYSTEMS
from the
NAVAL POSTGRADUATE SCHOOL
March 1985
ABSTRACT
Relational
database technology is examined as
a
means to
support
computer Risk Assessment at the
School.
The current methodology for conducting computer Risk
Assessment
within
the
Naval
Department of the Navy
construct an initial design for
a
initial
and
valuation
as
Assessment process.
the
first
is
used
to
relational database system.
design focuses on computer asset
The
Postgraduate
step
of
the
identification
computer
Risk
TABLE OF CONTENTS
I.
II.
III.
IV.
INTRODUCTION
9
A.
BACKGROUND
B.
THE
C.
ADP SECURITY DIRECTIVES
13
D.
WHY DATABASE
15
9
NAVY'S NEED TO CONTROL COMPUTERS
12
1.
Advantages
17
2.
Disadvantages
19
RELATIONAL DATABASE DESIGN OVERVIEW
DATABASE DESIGN PROCESS
A.
THE
B.
WHAT IS
C.
THE ENTERPRISE
D.
THE
E.
PHYSICAL DATABASE DESIGN
A
RELATIONAL DATABASE
MODEL
LOGICAL DATABASE DESIGN
USER REQUIREMENTS ANALYSIS
23
25
27
30
31
32
34
A.
USER ENVIRONMENT
34
B.
USER REQUIREMENTS
40
C.
THE SYSTEMS FUNCTION HIERARCHY CHART
43
D.
THE
ENTERPRISE MODEL
48
1.
Defining Data Elements
48
2.
BACHMAN Diagram
53
LOGICAL DATABASE DESIGN
54
A.
PROCEDURE
54
B.
SEMANTIC MODELING
55
5
C.
VI.
VII.
ENTITY-RELATIONSHIP MODEL
1.
The
Entity-Relationship Diagram
2.
The
Log-ical
Schema
PHYSICAL DATABASE DESIGN
A.
OBJECTIVE
B.
THE
C.
NORMALIZATION
D.
THE
E.
DATA MANIPULATION
56
58
62
PROBLEMS WITH SEMANTIC MODELING
D.
V.
THE
65
69
69
RELATIONAL MODEL
69
71
RELATIONAL SCHEMA
76
80
IMPLEMENTATION CONSIDERATIONS
87
A.
DATABASE MANAGEMENT SYSTEMS
87
B.
RELATIONAL DATABASE
91
C.
DATABASE MANAGEMENT SYSTEM SELECTION
IMPLEMENTATION
EVALUATING THE DATABASE DESIGN
92
98
A.
DESIGN OBJECTIVES
98
B.
INITIAL DESIGN
98
C.
DESIGN ITERATIONS
99
D.
EVALUATING DATABASE DESIGN
99
VIII.
RECOMMENDATIONS
104
IX.
CONCLUSIONS
107
APPENDIX
APPENDIX
LIST OF
A:
B:
EXAMPLES OF FORMS USED
COMPUTATIONS
IN
RISK ASSESSMENT
ACTIVITY ACCREDITATION SCHEDULE
REFERENCES
INITIAL DISTRIBUTION LIST
109
116
120
123
LIST OF TABLES
I.
Advantages of Database Processing
21
II.
Stages of Logical
Database Design
32
III.
Impact Value Ratings
37
IV.
Successful Attack Frequency Rating
41
V.
Threats and Their Impacts
42
VI.
Annual
VII.
Primitives
World
48
VIII.
Table of Object Descriptions
49
IX.
Tabular Description of Enterprise
57
X.
Entity-Relationship Terminology
58
XI.
Entity-Relationship Attribute List
63
XII.
Record Specificat-^ons for Logical
XIII.
Relational
XIV.
Summary of Normal
XV.
Relation Definitions
81
XVI.
Attribute Domains
82
XVII.
Domain Definitions
83
XVIII.
Fundamental
XIX.
Primary Goals of DBMS
XX.
Partial
Loss Expectency Computation
in
the
Model
Real
44
Schema
.
.
.
.
Terminology
70
Forms
74
Capabilities of DBMS
Database Management System Feature List
66
90
91
.
96
LIST OF FIGURES
2.1
Relational
Process
Database System Development
24
2.2
Relation
3.1
Major Steps of Method One Risk Assessment
3.2
Asset Valuation Worksheet
38
3.3
System Function Hierarchy Chart
45
3.4
Bachman Diagram of the Enterprise Model
4.1
Conceptual Entity-Relationship Diagram of Risk
Assessment Database Design
59
Entity-Relationship Diagram of Asset
Identification View of Risk Assessment
61
5.1
Relation ACTIVITY
72
5.2
Data
6.1
Relationship between DBMS and OS
88
6.2
Using the Personal
94
7,1
Design Iterations
4.2
INVENTORY
29
Definition of E:NUM
Database
.
.
.
....
35
53
79
103
I.
BACKGROUND
A.
rapid
Thp
about
a
dramatic
growth
tremendous
federal
the
In
INTRODUCTION
increase
in
technology
has
brought
applications by
computer
Computer proliferation has been so
government.
that it has outstripped the ability to control
it.
government has not even been able to maintain
many cases.
accurate
computer
in
inventories of how much computer equipment has been
bought or who has it.
only
$3
"The General
1976.
In
to bracket
Accounting Office (GAO) was
Federal data processing spending as
billion and $10 billion
of Management
Office
$5.5
billion.
has
estimated
and
and
Budget
the General
the
More
annually.
cost
of
(0MB)
serious
acquisition.
in
is
a
figure
development
software
problem
hand with computer growth
of
is
of
the
and
1]
than the problem of controlling
the
the
Services Administration (GSA)
maintenance alone at $2.2 billion." [Ref.
More
between
recently.
has cited
able
computer
computer
security.
increased dependence
Hand
on
computers for everything from Early Warning Detection Systems
for
national defense to word processing systems for
administration
Data
Processing
Increased dependence on
support.
(ADP)
to
support
mission
routine
Automatic
accomplishment
increases the need to protect those ADP resources.
spcurity
ADP
disclosures
wrongful
activity.
against
"'"on
against
an
continuing operations.
For example.
failure of supporting utilities.
neighboring
personnel.
of
ADP
ADP security encompasses threats to
property and capital equipment and the physical
ADP
to
protect
to
physical assault
or
general.
In
limited
not
is
programs, or data files
disasters.
nonavailability
fraudulent
for
failures,
tampering with
hazards.
used
hardware
hazards
input,
purposes.
and
interception of acoustical or electromagnetic emanations from
hardware are all
ADP
part of the ADP security problem.
resources are vulnerable to
problem
A
attention
t y
a
physical
identification
"The
requires
effort
of
solution
primary
how much
ADP
with
the
starts
a
physical
risks to ADP security is an essential
of
security program.
of what
is
at risk
analysis involves
Ri'sk
what those risks
and
purpose of risk analysis
magnitude,
controls
entire
implementation, and maintenance of
security problem by identifying security
their
the
utmost
the
program.
Analysis
of
magnitude
security
The
establishment.
i
wide assortment of threats.
concentrated
and
organization.
secur
this
of
a
ADP
are
and
is
[Ref.
understand
risks.
2]
Besides
the
are.
the
determining
or
determining
required, risk analysis determines how
much
protection already exists.
used
to
determine
to
identifying areas where safeguards
needed."
protection
is
part
the
amount
10
Risk analysis can also
of
resources
needed
be
for
]
spcurity and where to allocate those resources.
analysis
risk
balance
is
between
"The
help ADP management strike an
to
impact
the
risks
of
economic
cost
the
and
aim of
of
protective measures." [Ref. 3]
results
The
which
information
it
which course of action
As
result.
a
or damage
regarding
pursue
providing
security.
to
abreast
[Ref.
required
assessments
by
at
of the
or
system.
The federal
not something that
is
of
changes
4]
Naval
mission.
in
done
facilities, and
with ADP equipment
activities
OPNAVINST 5239. lA.
is
performed periodically
"It must be
their
update
to
risk
least every five years besides performing new
assessments for any changes
procedures,
in
best to present the estimates of loss
is
filed away.
equipment."
are
decisions
quantitative terms.
in
one time and
stay
with
can use to make
risk analysis process
The
to
it
management
risk analysis provide
of
in
equipment, software, operating
any change that might affect overall
[Ref.
5
government
problems
security
must approach both these security
economical manner.
The government
and
control
has
issued guidelines on risk analysis including an
approved
management
program.
methodology
The
for
environment
in
an
implementing
by
passing
risk
for computer resource control
than that of computer security.
effort to control
a
the
different
Congress has spearheaded the
ballooning growth
laws to strictly control
11
is
in
computer resources
resource
acquisition.
Brooks Act.
The
passed
1964.
in
has
indirectly
compelled
agencies to maintain accurate inventories of computer
federal
assets
order
in
defend
to
justification
new
for
acquisitions.
organizations.
Most
comes
providing
to
Congress
requires
but,
does
it
contrast.
is
NAVY'S
SECURITY
Navy
resources.
[Ref.
6].
close
to
increasing
TO
made
This
in
CONTROL
a
was
and
and
control
ACQUISITION
investment
approximatly
the
rate
Various
computer
in
budget
for
$1,961,000,000.00
of
growth
has
of
these resources has
been
become
impact future ADPE acquisition
committees and individual
members
a
provide
information to
12
the
in
of
increasing level of
expenditures for data processing and have
to
AND
increase over FY84 of
Congress have expressed concern about the
agencies
defined
well
The ability to effectively and efficiently
manage these resources will
Federal
a
In
recent years.
serious problem.
Navy.
large
COMPUTER
figure represents an
percent
Management
the
how to do it.
supported by
is
established,
be
recommended to solve this problem.
FY85
in
25
control
it
resources.
automatic data processing (ADP)
The
Navy
the
computer
guidance on
provide
NEED
has
are on their own when
control
that effective
assessment
risk
THE
The
means to
not
methodology that
B.
however.
Congress
requested
on
the
purposes for which computers are used.
of expenditures requested
level
the
[Ref.
significant
demanding
ADPE
obstacle
Federal
acquisition
acquisition
ADPE
part
due
to
long
the
required
as
a
Navy
A
Careful
planning is
system
The
times required
lead
necessary
ADPE
the
in
in
The
idea
effective
is
control
of existing
ADPE
computer resources and utilization would also aid the Navy
to
part
if
of
in
resources are optimally utilized.
Effective
control
effective
corrputer
implemented
to
computer
that provides an accurate accounting
making sure that its
is
distribution of limited funds.
strengthen its argument for more
can demonstrate
assets.
procedure.
result of limited resources.
can
is
Justification of the need for ADPE
achieve optimum efficiency
The
automation
requires extensive planning and
procedure
acquisition procedure.
it
activities.
these
future
to
justification documentation.
in
for
7].
A
the
how they are used and
of computer
assets is also
security.
Computer
essential
security
is
through an ADP security program and an essential
of any security program
is
risk
assessment.
Risk
^'s
determined from the evaluation of threats and vulnerabilities
in
One
relationship to the assets of the ADP facility
necessary
[Ref.
steps in conducting risk assessment is
identification and valuation.
13
8].
asset
C.
ADP SECURITY DIRECTIVES
security
ADP
"is
receiving attpnt^on at every
The Office of Management
executive branch.
the
assigned responsibility
was
(0MB)
policy-making
development
software
acquisition by the Brooks Act of
greater
and
time.
inability
was
very great expense -- was limiting
benefits of technology." [Ref.
Congress.
other
through
Federal
National
The
provide
Bureau
Processing
although
comprehensive
study
It
--
its
except
at
ability to realize the
management.
ADP
was
(NBS)
assigned
also
Act.
NBS published
not
the
At
that
directed
developing guidelines and
Publication
Standards
publication.
physical
Brooks
Standards
June 1974.
In
make
9]
the
of
in
In
to
coordination and technical guidance
overall
10]
its
agencies responsiblities for
government's efforts
[Ref.
concerned
protect data in computer systems
to
--
security.
computer
in
Government
Federal
the
systems
1965.
industries
related service
investments
capital
and
industry -- hardware manufacturers,
urged private
houses
Budget
and
computer
to
of
oversight
for the
applicable
functions
and
"0MB
1972.
level
a
Federal
(FIPS
directive.
PUB)
was
to
to
the
standards.
Information
This
31.
first
the
for government agencies concerning
ADP
security and risk management.
was
0MB
C'ircular
A-71
that made
Federal
start to think seriously about computer security.
of Management and
agencies
The Office
Budget, relaeased 0MB Circular A-71
14
in
1978
demonstrating
highest
concern
the
levels
of
minimum
established
computer
for
security
Circular
government.
In
controls
computer
for
that every agency implement them through
security
program.
Department
of
Systems".
directive
protection
of
classified
Department
of
the
forth
Specifically.
systems
responsible
implemented the
A-71
computer
an
policy
(ADP)
for
the
systems.
The
in
April.
requirements
put
5200.28.
activities operating
computer
DOD
ADP Security Officer
would
who
conducting risk assessments on
for
entitled
Processing
ADP
the
Directive
and
directed all
appoint
to
in
and
1978.
Navy issued OPNAVINST 5239.1
Circular
it
established
material
instruction
0MB
in
0MB
Defense issued DOD Directive 5200.28
This
This
A-71.
a
December.
In
Requirements for Automatic Data
"Security
1979.
11]
the
security
required
[Ref.
at
be
periodic
a
basis.
August
In
is
OPNAVINST
1982.
was
released which
the current directive governing ADP security requirements.
instruction
This
Navy's
the
from
provides
program
security
ADP
Navy (DON)
What
follows is
systems and
a
comphrehensive
including
review of the
the Department
approved risk assessment methodology.
instruction
this
a
that the data requirements
computer asset database model
and
5239. lA
a
for
is
the
for this thesis are determined.
discussion of the origins for database
look at database
disadvantages.
It
of
systems technology
advantages
This discussion supports my decision to
15
propose
database
a
analysis and computer control
D.
appli cat-ion
for
des''gn
problems.
WHY DATABASE
database
A
integrated
in
records
the
is
collection of integrated files.
a
those
in
files.
A
usually
a
Management
large complex
System (DBMS).
database also
program
called
can
readily available to many
be
applications.
besides
DBMS.
The
a
is
accessed
the
Database
DBMS fills the role of
The
is
among
contains
The database
manager, which brings together an organ izat
it
It
relationships
stores
sense that it
the
description of its own structure.
by
risk
the
to
-ion's
data
data so that
different
users
storing data.
and
stores
a
description of the format of the data.
There
of database
systems.
acquisition.
application
another.
portfolios
resultant
major factors that led to the development
are two
The
first was motivated by the gradual
organizations.
by
programs that were developed
was
the
demand
growth
for more
in
independent of
one
applications
user sophistication
information.
for
which they were specifically developed.
to
of
Coupled with the growth of corporate
these applications could not be used
fact
portfolios
large
of
However.
and
most
This was due to
other applications outside the scope of the problem
to
of
purposes beyond that
that specific applications were created without
was being designed
the
the
regard
each
Each application was unique and
solve.
16
was
generally not compatible with other programs.
there was great difficulty
words,
integrating application
in
programs
to
work
designed
to
do
programs
was becoming unmanageable due the
APOLLO
project.
factor
was
American
North
needed
coordinate
the
vast collection of research
millions
the
of
ensure,
individual
entire assembly
parts supplied by all
The
(GUAM),
with
result
in
a
technical
and
the other
f-irms
that each
level,
Generalized
1964
whose logical
by
IBM,
[Ref.
Update
and
production
and
fH
of
into
properly with all the
work
the
organize
components would correctly
was the
developed
data
on
a
prime
the
way to
a
of
support
to
Rockwell,
the project,
to
demand
development
the
for
and
the
of
constant
contractor
groups
originally
not
maintenance
package designed by IBM
software
specific
were
the programs.
in
major
second
they
if
Additionally,
so.
for minor changes
The
together
other
In
other
12],
Method
Access
GUAM was designed to deal
structure was hierarchical and
for
second-generation hardware which relied heavily on the use of
magnetic tape.
Database processing provides several advantages
traditional
file
the
is
be
that
data
processing.
stored
independent of one
could
be
in
In
files
another.
file
which
processing
are
17
systems,
considered
Consequently.
produced by processing data
over
to
information
stored
t
n
two
different
files
partitioning
contrast.
in
information
1s
a
of computer
entry
given amount of data
database
of
processing
of data duplication.
a
is
It
the
is
reducing
By
much easier to maintain
data element than
also result
in
it
to maintain
is
a
two
Reducing data
faster processing
advantage
-
of
processing
database
data
and
changed when the data structure
be
access
indirectly
data
sometimes
database record or
implemented.
The
[Ref.
""t
through
because
DBMS.
the
In
specific programs, and
new technique
for
field
a
is
added
processing files
13]
benefits of economies of scale are another advantage
database processing.
benefit
a
changed
is
DBMS need to be changed when
the
that
is
Programs do not have
independence.
data
general, only the database structure.
of
and
.
programs
is
more
Additionally, the problem of
allows for program
a
in
storage space.
can
Another
to
Therefore
data.
instances of the same data element.
duplication
DBMS,
A
structure makes more efficient
single instance of
three
system.
available for decision making.
integrity is reduced.
data
artificial
the
to
the database
data redundancy.
to
produced from
or elimination
reduction
or
the
advantage
Another
use
partition
not
can be
more knowledge
processing
file
a
does
available due
not
is
all
application.
users
and
Improvements made to the
not
only
users
of
a
database
particular
Finally.
pnvironmpnt
DBMS
the
enables
the
user
to
perform more sophisticated information retrievals.
Before going on to the disadvantages of database systems.
detail.
created
problems
that
independence
Data
by
proposes
making
changes
reorganizing
necessitate
files or programs that are used
is
able
in
files
in
alleviate
to
impact
any organized
tailor files to
to
specific application
a
database that
the
others.
kept
Thus.
a
is
different from the
It
not
being
need.
Data
independence allows any user or group of users to have
of
other
all
system.
intended to solve the problems of users
also
files
programs and
or
the
views
a
view
used
by
change made to accommodate one user can be
invisible to others;
change made to the structure of
a
a
file, or to the storage device characteristics, can be hidden
from
users;
all
suited to the users needs.
independence
Data
database.
with
data
each user can be given
its
On
view
of
is
[Ref.
a
the
form
14]
not an automatic benefit of using
a
adopting the database approach,
the contrary.
emphasis on sharing of data, causes the problem that
independence
The
is
benefits
intended to alleviate.
of
database technology
without certain costs; both financial
most
a
that includes only the relevant contents in
database
well
and
visible
associated
with
financial
the
and
19
come
nonfinancial.
The
database approach
cost of the
acquisition of
not
do
a
DBMS.
is
This large and
complex
software
hundreds of thousands of
package can cost
dollars. Additionally, where existing applications protfolios
costs associated with going
conversion
large.
are
database system approach can be expensive.
reduced system reliability, emphasis on
of
usage resulting
information
power
possibility
in
of
optimization
global
users relinquishing their
information decisions on
make
to
Less quantifiable
database approach include the
of the
costs
the
to
strictly
a
local
basis, and the reduction of data processing efficiency.
technology
Database
efficiency.
Database
troubled
is
by
technology
systems
problem
of
involves
the
the
requirement for extensive overhead processing of each file on
each access to the database.
are
be
to
faster
acquired.
additional
maintained.
processors
equipment
additional
and
expertise
Also.
traditional throughput rates
If
memory
form
the
in
of
have to be
will
required to design, manage,
is
support, and maintain the database.
Another
more
vulnerable
approach.
propagate
system.
to
errors.
errors
any
independent
often
and
there
in
advantages
is
In
that
the
were
the
introduced
into
to
With the database
possibility that errors
could
Table
disadvantages associated
20
the
likely
redundant files were not
processing.
are
mult i -file
unanticipated directions.
and
they
traditional
immediate vicinity.
beyond the
further and
the
problem with database systems is that
I
w'th
spread
summarizes
database
Thesp
advantagps and disadvantagps characterize database
systems in general.
exhibit
not
many
Microcomputer
systems.
of the disadvantages
TABLE
noted
however.
above
do
while
I
Advantages of Database Processing
Information from the Same Amount of Data
1.
More
2.
New Requests and One-of-a-Kind Requests More Easily
Impl emented
3.
Elimination of Data Duplication
4.
Program/Data Independence
5.
Better Data Management
6.
Affordable Sophisticated Programming
7.
Representation of Record Relationships
Disadvantages of Data Processing
1.
Expensive to develope
2
Compl ex
.
3.
Recovery More Difficult
4.
Increased Vulnerability to Failure
maintaining
argument
explored
most of the advantages.
favor
in
in
a
of
This is
microcomputer DBMSs
later chapter.
21
an
that
important
will
be
1
This first
discussed the importance of
chapter has
for maintaining effective control
requirements
resources.
concept
The
of database
effect control has also been introduced.
will
discussed
be
Specifically.
proposed
control
Schoo
1
database
and risk analysis
to
in
later
chapters.
initial
design
support
is
for
a
program for the Naval Postgraduate
.
present an overview of the relational
will
Two
database design process.
data model
Advantages of using the relational
also be addressed.
will
Five detail
specification.
the
Chapters Three. Four, and
logical database design.
and
physical database design phases respectively, to create
database
to
control
examines
the
process of database
the
means
a
Database technology
necessary
means to provide
a
Chapter
the
detail
relational
a
as
greater
in
computer
of
systems as
and
selection
database
of
a
Seven
evaluates
design process and discusses the concept of
iterations
as
Eight presents
a
optimization.
means toward design
initial
the
design
in
the
Six
involving
implementation.
Chapter
DBMS.
Chapter
resources.
computer
a
context
the
design
Chapter
of
the
overall database project and recommends follow-on thesis work
to
complete the project.
initial
database design.
database
also
the
implementation.
database administration.
are
Conclusions are then drawn
h
i
gh
ighted
iterative design process.
and
design
and
Relational
in
database
the context of risk
.
22
about
assessment,
^^•MiiAIIONAi DATABASE DESIGN OVERVIEW
chapter
This
the
concentrates on the first three phases
system development process;
user requirements
logical design, and physical design.
the
design
logical
design process.
database
development
follows.
In
A
process
and
the
used
to describe
thesis,
the
To
are
development phases,
the
and
The
have
been
many
the
discussion
design.
be
physical
These five phases
products of the different
To differentiate between
products and
rectangles are used to denote phase end-
containing the "Logical
product of the oval
Schema"
For example,
is
the
end-
containing the "Logical Design" phase.
also been many terms used
different
phases of system design.
terms used
in
be
logical
ovals are used to denote phases.
rectangle
There
process
the various phases of
and maintenance.
Figure 2.1.
in
phases are also shown.
products
the
five basic development phases will
implementation,
illustrated
there have
help simplify the
called user requirements analysis.
design,
design
system
science literature,
terms
this
of
short explanation of the system
A
system development process.
in
part
brief definition of user is also provided.
computer
different
analysis,
These later two phases,
physical design are
and
of
to
For our
describe
the
purposes,
the
Figure 2.1 to discuss system development.
used to discuss the design
23
process as well.
will
PHASE
^
User
"^"\
(
Requirements
)
^^v^.^^Analysis^^^^-^
1
Design
Specifications
PHASE
/^
Logical
^N
Vv
Design
)
2
Logical
Schema
PHASE
3
Physical
Design
r
(
V^^
^N
J
Relational
Schema
PHASE
4
PHASE
5
'
(
(
Implementation
Maintenance
)
^
Figure 2.1 Relational Database System Development Process
24
system development and
The terms,
system design,
development.
to different
levels of computer system
design
is
subset of the system development
system
design process involves two phases that fall
a
user requirements analysis phase and
the
refer
System
process.
The
between
implementation
the
system development process.
phase of the overall
The term user.
this problem, refers to the end-user
for
of the computer system.
The computer system is designed
provide
to
direct
support
Direct
user.
the
stipulated because the end-user,
support
is
implies some
this case,
in
to
interaction on the part of the user with the computer system,
THE DATABASE DESIGN PROCESS
A.
There are
down
already
If
is
extended
final
The
best
little
a
this is the case.
feasible.
more
selected
decision between
based
investment
large
generally
time
usually
is
a
programs.
a
Making
bottom-up.
and
philosophies
is
basic approaches to database design:
two
in
whether
on
conventional
these
two
there
is
files
and
then the bottom-up approach
Here,
for conversion
one
and
application
at
database
is
the
One problem with this approach
by stages.
top-
the
is
database could end up being far from optimal.
top-down
used
approach is the preferred approach
when creating
conversion
is
a
new
required.
system.
The goal
preferably
is
to
and
is
where
produce
rational, integrated solution to business information needs.
25
a
The
top-down
sequence of steps.
database
Each
considers different problems of
called
is
There
enterprise
process
and
elements
functions
simplifies
[Ref.
Enterprise
structures
are defined.
seman
t
i
model
c
is
It
is
process.
an
The
for
these
of
concentrates
data refers to the
part of the
and
each
facts
Then,
system.
user
the
in
relationship between
The
described
by
Data
data
in
important that
model
a
databased
or
The
chosen that captures the
be
of the organization's
important design tool
general
The
and
model
data
a
user
.
Relational
Model
data
The
data.
the database development
in
will
advantages of the Relational Model
phases.
and
organization
be
used
to
design
Computer Risk Assessment Asset Identification Database.
In
on
The design begins by defining data
usually
features
essential
model
are
both
it.
class
function is usually expressed graphically.
methodologies
staged
methodologies
One
a
15]
databased methodology,
that are used by,
and
This
design,
hoc
today.
use
in
being looked at.
is
follows
stages and the design tools used at
the
data.
information
ad
several different design
design
methodologies,
to
design methodology.
a
are
top-down
methodology
different levels of detail.
design
the
of design
sequence
st-
contrast
in
formalizes
that
design
design at
approach.
stage
database
terms, the
first
design
will
be discussed
process
concentrates
phase
26
consists
on
the
the
The
later.
of
two
user's
.
requirements
that
is
database
design
phase.
database
design
phase.
database
physical
a
conceptual
of the organization.
model
a
building
and
The
database
This is
second phase
given
the
logical
logical
the
physical
the
is
The designer must
structure
construct
design
the
and
an
implementation model.
WHAT IS
B.
A
RELATIONAL DATABASE
objectives which
There are three
meet.
should
requirements and
can be used to identify
It
user
present them in a way that is easily understood both
by users and by computer professionals.
can
It
2.
t
i
converted
easily
be
impl ementa
techn ical
to
on
It provides rules and criteria for efficient logical
data representation. [Ref. 16]
3.
relational
The
model
meets the first objective
easily
and
unambiguously comprehend.
using
by
tables.
This
because
designers
provides an interface that both users and
it
model
formal
These are:
1.
as
a
can
accomplished
is
The organizational data
specified
is
set of tables or relations.
a
The
model
next
because
through
a
available
structure
it
DBMS.
on
convert
objective
the
the
is
also satisfied with
a
can be directly implemented on
Several
different systems
Another solution
market.
relational
model
.
27
to
a
are
relational
machine
a
currently
would
different
be
to
physical
objective relates to criteria for good logical
The last
design:
1.
Each fact should be stored once
2.
The database
the database.
in
should be consistent following
database
operations.
should be resilient to change.
The database
3.
criteria
These
normalization.
Dent,
prevent update anomalies
to
inconsistencies." [Ref.
Another
of the relational
aspect
particularly
is
relational
factors,
languages
selective
strong
successful
are
provide
i.e.,
and data
17]
model
provide languages to access relations.
language
called
process
a
"Normalization rules", as defined by William
designed
"are
through
realized
are
a
for
That
power.
must
The relational
model
reasons.
two
particularly
natural
that it
is
sensitivfr
interface.
is,
it
can
First,
human
to
Second,
it
has
retreive data
that
satisfy any condition covering any number of relations.
[Ref.
18]
The
database
of
goal
as
a
relational
set of normal
des^ign
is
relations.
The
by
defining data elements or attributes.
all
the data elements.
the other
records.
data
and
The
access
to
into
the
begins
identifying
determine how each element relates to
other half of the picture is
data and to turn it
process
After
then assemble one-to-one related
language
structure
which
-is
used
information.
to
both
elements
the
into
relational
maintain
the
Figure
example of
same
a
form
INVENTORY
it
stores
and
TOTAL.
provides an illustration of
2.2
a
relation.
relation, named INVENTORY, appears
as
a
paper
inventory form it
in
nearly the
represents.
relation contains information about supply
RELATION:
each
PART_NUMBER.
This
The
parts;
QUANTITY. DESCRIPTION. PRICE,
INVENTORY
QUANTITY
PART NUMBER
DESCRIPTION
PRICE
TOTAL
2.00
2.00
mill
FAN BELT
222222
WHEEL
20.00
40.00
333333
CYLINDER
30.00
30.00
444444
TIRE
30.00
90.00
Figure 2.2
Relation INVENTORY
Each relation possesses the following properties:
1.
2.
in
There
is
one
column
attribute of the relation.
given a name that is unique
The entries
in
the
in
the column come
29
relation
for
column
the relation.
Each
such
each
is
from the same domain.
3,
The
or
order
of
the columns
relation has no significance,
4,
The order of the rows
5,
There are no duplicate rows.
C.
the
in
not significant.
is
[Ref.
19]
THE ENTERPRISE MODEL
product
The
performing
decompose
requirements
user
of the
referring to Figure 2.1.
In
attributes
analysis
called the design specification.
is
requirements analysis,
the
the problem
into
phase,
group of
a
it
helpful
to
modules.
A
is
smaller
major part of this analysis process focuses on the enterprise
and
of this anaylsis produces
the result
what is called the
enterprise model.
The enterprise model
of the organization.
and
the
dynamics
in
support of them.
and
should
be
to model
the enterprise
consistent
be
organization.
the
of
enterprise
model
shows the major functions performed
It
serve
to
static abstraction
level.
for the database
is
designed
high
a
flows of information
The goal
is
is
with
it
the
Events that occur
in
the
transactions
"in
the
represented by
.
The
model
elements
should
that
are
represent
part of
the
all
functions
enterprise.
exists so that users can store and retrieve
things
in
store
every
the real
Consequently,
world.
minute
a
certain
Naturally.
detail
amount
30
about
of
it
an
data
The
and
data
database
information about
is
impractical
to
organization.
aggregation
and
general
construct
required
is
"'zat^'on
of the organization
relationships
the
database
designer
Additionally,
model.
working
a
by
data
the
represented
should be
to
in
the enterprise model.
D.
LOGICAL DATABASE DESIGN
logical
The
requirements
is
centered
The
requirements and
system
the
phase
of the database.
characteristics
are
design
expressed
are
as
user
the
phase
inputs to this
project
the
data
around
plan.
flow diagrams,
The
policy
statements, and the data dictionary.
logical
The
database
design
including
the
specifies the logical
records
to
maintained.
be
contents, and relationships among the records.
product of this phase
enterprise
directly
model.
proportional
enterprise model
contents
and
called the logical
the
In
aid
detail
is
the
consequently the relational model.
The
to
level
of
names of fields and their
logical
format,
design phase.
Table II.
general.
to define
required
steps in the logical design development phase
major
in
The
of
of the records,
are listed
20]
schema.
The number of records
are also determined during the
The
[Ref.
their
records are specified from analysis of
database
Logical
the
is
format of the
the
the logical
contents of the data dictionary are used
and
user views.
The
the development of the descriptions of
31
policy statements
logical
database
processing
and
requirements
the
are used
completeness of the logical design.
TABLE
21]
Database Design
1.
Identify data to be stored
2.
Consolidate and clarify data names
3.
Develop the logical
4.
Define processing
5.
Review design
schema
PHYSICAL DATABASE DESIGN
The
on
the
II
Stages of Logical
E.
[Ref.
verify
to
the
second phase of database design is highly
DBMS being used.
transformed
particular
into
specification
of
this phase, the logical
The
the
available
constructs
data
the
DBMS.
In
outputs
physical
from
this
phase
dependent
schema is
with
the
are
the
schema and the definition
of
user views.
relational
The
describing
These
the
provides
model
structure and processing
tasks are accomplished
the model.
the
Data
by the
two
vocabulary
a
of
32
database.
major components of
Definition Language (DDL),
Manipulation Language (DML).
the
for
and
the
Data
The
goal
specification
commercial
The
following
entire
process.
requirements
control
will
data
that
a
using
design
the
of
can
be
analysis
next
implement
produce an enterprise model
step
is
step
database
and
and
a
through
begin
to
Postgraduate
These products will
the logical database design
the
a
22]
of the risk assessment
environment at the Naval
elements.
to
produce
to
is
chapters will
three
The
used
[Ref.
DBMS.
process
and
the
this
user
computer
School.
This
description of the
then be used to perform
followed by the physical database
design.
33
.
III.
USER REQUIREMENTS ANALYSIS
user requirements analysis phase, referring to Figure
The
involves four steps:
2.1,
specification.
problem recognition, evaluation,
review.
and
first
The
recognition, has already been covered
step,
problem evaluation,
in
problem
step.
Chapter
I.
The
next
involves analysis of the flow and
structure of information to build user specifications.
A.
USER ENVIRONMENT
OPNAVINST
provides
5239. lA
assessment methodologies.
Methodology
ADP environments.
most
used
for
risk
on
Two methodologies are recommended.
the more complex method
is
I
detailed guidance
is
It
and
the
standard for
this methodology that will
user requirements analysis and
to
produce an
be
initial
database system design for NPS.
Risk
five
assessment
steps
as
Identification
the
initial
all
NPS ADPE
shown
and
methodology
in
can
be
Figure 3.1.
The
first
Valuation.
First.
step.
a
step
is
into
Asset
There are two basic parts to
complete, up-to-date listing of
assets is required.
impact
value
for each applicable
impact
Second.
each asset must be determined
for
broken down
I
the
area
A
complete
essential
if
and
accurate
the
risk
listing of computer assets
assessment
34
is
to
be
is
valid.
STEP
1
Asset Identification
and Valuation
Threat and Vulnerability
STEP2
Evaluation
STEPS
Computation of the
Annual Loss Expectancy
STEP4
Evaluation and Selection
of Additional
Counter measures
STEP5
Proceed with
Accreditation Process
Figure 3.1 Major Steps of Method One Risk Assessment
35
Additionally.
authorized
inventory
listing
the
If
to
be
maintained
if
is
is
important for
of any asset
the goal
assigning
impact
identified.
The
each
of the
four
The
four
several
more
is
must
This is the goal
be
of
a
This is also
control mechanism.
identification
two of the asset
Part
it
listing
Any
assessment asset identification listing.
risk
accessable by
easy to access, then
be reliable.
to
easily
be
and maintained.
used
it
must
Ease of access is
users.
reasons.
likely
the
value
ratings
once
process
assets
involves
have
been
procedure is to determine dollar amounts for
impact
ways
in
areas
which threats can
are
impact an
modification,
asset.
destruction,
disclosure and denial of service.
Modification refers
the
value of
software or
to
asset values based on the cost to correct the
consequences of the modification and/or the cost of
locating and recovering from the modification itself.
total
The value of the assets should be based on the
cost
to
detect.
and
the
locate.
correct
modification.
[Ref. 23]
1.
data
including
Destruction
refers
the
the
value,
to
well
as
to reconstruct or replace the asset.
service
the
denial
as.
from
of
costs incurred
the
destruction
of
the
asset,
caused by
2.
cost
Disclosure
3.
refers
to
the
impact
of
disclosure
of
classifieddata.
Denial
service
the
value
of
of
refers
to
costs incurred from all denial of service, except for
that caused by destruction. [Ref. 24]
4.
To
impact
simplify
nd
the
frequency.
process.
estimates are
provided
Dollar values and associated
36
for
ratings
scaled by
are
a
values is shown
The
factor of ten.
Table
in
sample range of
impact
III.
TABLE
III
Impact Value Ratings
Rating
Impact Value
$1
$10
$100
.000
$10,000
$100,000
$1,000,000
$10,000,000
$100,000,000
Guidelines for Impact of Disclosure
of Sensitive Data
For Official Use Only
Privacy Act or Confidential
Secret
Top Secret
assets
and
Worksheet.
NPS
is
An
impact information on
example is shown
presently
in
ADPE risk assessment.
in
situ data
that
a
$1 .000 ,000
procedure requires the risk assessment team to list
This
ADP
$1,000
$10,000
$100,000
flows.
relational
the
in
Asset
an
Figure 3.2.
conducting its
process of
There are no established
Because of this.
database
design
be
this required risk assessment procedure.
37
Valuation
first
procedures or
this thesis proposes
used
to
facilitate
Additionally, once
ASSET VALUATION WORKSHEET
1.
ASSET NAME
System
2.
A
Operating System and Support Programs
ASSET DESCRIPTION AND JUSTIFICATION OF SUPPORT PROGRAMS
Operating system and compiler support software for the System A'
timesharing system.
Impact of modification was determined to be negligible, except in those cases where
modification would result in denial of senrice. Those figures were included under
denial of service.
Destruction was based on total destruction of all software and on-site backup tapes.
These figures include denial of service caused by destruction.
Forty hours is required for delivery and check out of replacement 0/S software.
73 users denied service at $12/hour: plus 6 system programmers at (14/hour
for 16 hours; plus 3 data processing technicians at $S/hour for 36 hours. Total
for the operating system - $36,936.
Sixty users denied use of the compiler at $12/hour for 24 hours: plus
programmer at $ 14/hour for 8 hours. Total for the compiler support
software- $1.S32.
1
system
Reconstruction of compiler support data based on 61S hours to re-enter data
at $8/hour. Total for compiler support data - $4,944.
Disclosure
-
N/A.
Denial of service was based on the number of users denied service for an average
service outage.
Operating system: 35 users at $12/hour for
I
hour
-
Compiler support software: 35 users at $I2/hour for
Compiler support data
3.
-
$420.
.5
hours
-
$210.
N/A.
SUCCESSFUL ATTACK FREQUENCY RATING BY IMPACT AREA.
modification
N/A
N/A
5
Figure
32
DENIAL OF SERVICE
DISCLOSURE
DESTRUCTION
3
Asset Valuation Worksheet
38
developed,
relational
the
database
can also
used
be
to
control computer assets at NPS.
number of computer
The
resources
computer
handled
is
has been growing
NPS
accounting
Current
over the past couple of years.
rapidly
for
assets at
different
several
by
departments.
The different curricular departments
data.
form of copies of equipment receipts.
in
assets
the
their custody.
in
maintain
to
[Ref.
25].
maintains
A
of
all
on
most
is
required
hardware
assets
The Computer Council
inventory
an
maintain
third point of control, the supply department,
purchase
account
data
on
most
purchased
ADPE
through the Navy.
Clearly.
source
there
ts
available to
resources.
The
not one reliable and
easily accessible
provide answers to questions about ADPE
following
is
a
list
of
questions
that
department chairmen or the NPS Security Manager would like to
be
able to answer:
1,
How much has NPS spent on computer equipment?
2.
Who has custody of computer assets?
3.
Where are computer assets located?
4.
How much money
has been
spent on hardware?
on
software?
5.
How many AST boards are there?
6.
How were the computer assets paid
7.
How many modems does NPS have?
8.
Is
NPS
computer
providing
equipment?
enough
39
Where are they?
for?
security
for
its
?
What
are
equ pemen t
9.
security
the
risks
computer
our
to
i
10.
priorities
What
are
our top
security vulnerability?
11.
Where
should
concentrate
NPS
strengthen
security?
This
B.
effort
its
discussed.
inventory
up-to-date
objective
of
closely
the
asked
the
user must be able to keep
computer assets.
NPS
of all
proposed database
facilitate risk assessment.
However.
system
related to the risk assessment objective
asset
accountability for the purpose
the
sense
of
user requirements
Therefore.
add res sed
dual
a
requirements for step one.
of the risk
3.1
defined
also
for
in
phase.
together.
Chapter
that
of
control,
of
purpose system
In
Data
will
and
the
IV
and
V
The remaining
I.
all
the
five steps
have
four
in
already
steps should
requirments
user
is
I.
closely
linked
step two. Threat and Vulnerability Evaluation,
each asset is analysed
to
in
of methodology
assessment procedure
during
addressed
be
analys'is
is
utilization.
effective
and
to
.
The
Figure
efficient
is
The
application,
another
computer
been
to
sampling of questions that could be
a
previously
primary
in
asset
to
USER REQUIREMENTS
As
an
just
is
relating
in
terms of every threat
H
is
probability of occurance of each threat.
provide lists
examples of generally
of threat
recognized
40
frequency
subject
Tables
ratings
and
threats and their impacts.
s
involves
procedure
The
the
cause
identifying the threat
that
could
Worksheet
impact indicated on the Asset Valuation
for each asset.
TABLE
IV
Successful Attack Frequency Rating
Rating
Frequency
Once i n 300 year
Once in30 years
Once i n 3 year s
Once every 4 months or 3 times
Once a week or 52 times a year
Once a day or 365 times a year
1
2
3
a
year
4
5
6
Onceevery2hours
OnceeverylSminutes
loss expectancy values
ratings
and
four
figure
annual
impact areas.
for each
activity.
VI
Samples
four,
coun termeas ure
s
,
ratings
frequency
This step provides
shows
of the
ALE
evaluation
and
annual
of the
impact dollar value
loss expectancy value
risk assessment matrix are enclosed
Step
The
computation
for each of
ALE
loss
for
the
expectancy
computation worksheet
in
and
Appendix A.
selection
of
additional
considers the evaluated countermeas ure
41
are
quantitative
a
impact area and also the total
Table
computation.
(ALE).
successful attack
the
used to produce the
the
involves
three, of Figure 3.1.
Step
annual
7
8
s
and
•
«
u
^4
>
u
«
(/)
(m
o
"3
o
z
a
>•
> > >
>•
>•
o
a
Z >
8
>•
8
>•
a
a
a
> > >
8
>•
a
«
>•
^
a
o
3
e
s
>•
49
u
>•
>s
M
>•
>s >o Ze
a
>•
e
3
o e e e e
Z Z Z Z Z Z
e
e
>•
-<
4^
CO
u
a
a
a
a
o
s
2
3
w.
«
«
Q
i«
•3
>
U3
^
m
o
CO
^
73
>>
z > >8 > >8
4)
8
>•
>8
a
>•
e
o
e
e
8
>3 >8
Z Z Z Z Z Z
8
>•
a
o
o
3
U
4J
00
>4
C8
o
Z
>•
>
8
>•
8
>•
a
o
>« >e z
8
>>
a
e
>•
e
e
Z Z
>•
8
>•
^
i.
£
H
u
e
u
c
a
i
«
Ml
e
a
&
tJ
x:
n
«
1
a
e
o
u
e
«
U
O
Im
u
o
e
«
e
o
i i
S
s
S
5
e
o
u
u
o
u
u
o
u
e
«
u
c
a
o
'S
'«
§
•tf
o
e
at
1
at
u
e
u
e
e
O
e
'S
o
u
a
e
o
«
e
o
a
e
a
a
e
o
u
9
a
u
a
c
e
o
e
o
_c
e
42
a
e
a
u
1
"o
a
e
^a
C
3
a
a
o
8
u
e
o
w
C
o
a
c
o
u
">
e
a.
o
u
o
a
'a
•^«
o
a
3
!i
e
u
o
X
o
u
3
'S
a
o
u
•••
e
O
e
e
o
u
3
a
u u < < D 5 5 s
'
8
u
u
3
o
a
e
w
u
o
3
e
u
o
u
«>
3
a
c
7
3
u
3
H u z ^
e
u
O
"S
]^
u u
"a
e
U
o
e
3
u
o
>•
e
u
Cu
a
o
e
tii
coun termeasur es
which
selects
implement
to
determined
based
priority.
Priority
investment.
Coun termeasur es that yield
investment
are
coun termeasur e
is
is
implemented
first.
implemented,
it
will
the
and
what
in
return
on
on
highest return on
each
As
additional
affect the overall
ADP
security posture and ALE.
procedure
This
highest
potential
involves
taking the
identifing
for damage,
threats
with
the
countermeas ure
a
that could significantly reduce the vulnerability which these
exploit,
threats
preparing
then
and
additional
an
coun termeasure evaluation worksheet.
items include return on
Data
original
involves the accreditation
five
implementation
issue
of
countermeasures.
all
authority (DAA)
approving
will
grant the
interim authority to operate,
cease.
cost,
annual
saving, and countermeasures.
ALE
Step
investment,
Appendix
See
B
for
more
process.
the
Pending
designated
accreditation
or order operations
information
about
and
to
the
accreditation process.
A
in
C.
detailed
procedures can be found
OPNAVINST 5239. lA.
THE
SYSTEMS FUNCTION HIERARCHY CHART
The third
specification.
be
discussion of these
used
to
step of the user requirements analysis phase
There are several
methods available that can
specify the structure and flow of information
43
is
in
pntprprise.
the
thesis
covered
be
systems function hierarchy
the
are
mpthods that will
Two
chart
this
in
and
the
BACHMAN diagram.
TABLE VI
Loss Expectancy Computation
Annual
i
=
Impact Value Rating
f
=
Successful
For
Impact
Attack Frequency Rating
I
.
=
For Frequency
LOSS
The
of
the
=
IMPACT
defining
F
(1)
Oi
=
X
lOf/3000
FREQUENCY OF OCCURENCE (f)
systems functions hierarchy chart is
information
organization.
associativity.
and
structure
methods
is
of
representation
elements
the
information structure can have
data
design
a
hierarchy of data
in
for
degree
of
access.
information.
significant impact
requirements and therefore must
a
readable.
risk assessment database.
At
44
the
represent
unambiguous manner.
shows the system functions hierarchy chart
top level
is
of
blueprint
processing alternatives for
Th^'s
3.3
a
relationship among individual
log'ical
This
data.
1
for
a
a
on
the
Figure
computer
single block
0)
<4-l
O
a 03
^
1 o
;;'
00
"C
>-
(f1
u
"Si
ID
o
u
^
rt
<D
O
u
c
a
0)
•-•
Ill
•13
Ih
a
^-^
1
o
ID
T7
B
CO
O
ir
in
1—1
C
a.
0.1
iS*
T7
•^H
13
w
45
1
(XJO
T7
(d
o
CO
o5
o
^
3
DO
••r4
^
M
1)
i-«
1
o
"U
a
*-•
111
ID
v«
a
price
equipment
list
ment
list
equip-
list
>!.«
supplier
c:
.5?o o
•
•^^
C (0 «
o 5 ^
V 3 o
T3
4->
o
O
Z3
equip
owner
link
identify
owner
P
to
a
B
determine
equip
location
ment
list
equip-
<1>
ment
inventory
CO
CO
equip-
list
ment
equip-
list
46
owner
rpprpsents
that
blocks
contain
hierarchy.
the ent"'rp
represent
that
information that may be viewed as
up
tree.
the
individual data entities.
D.
THE ENTERPRISE
provides
procedure
data analysis process.
primitives
will
be
^
•
relationships
design
starting point
a
world.
is
it
These
Table VII.
De f
i
i
Da
n g
t_a^
in
The
in
the
next
world
enterprise
modeling
data
of
enterprise.
database
iteration
Throughout
to
is
identify
terms of developing
in
This
is
design
will
logical
the
in
primitives are
an
with
structures or
a
elements
of
the
representation
of
the
the
iterative process as is much of the
process.
merely provide
the design
begin
world.
real
step
to define
world primitives
identification and understanding of fundamental
primitives
the
design and
the
necessary
real
real
of
I.l£E!£Illl
foundations
The
These
phase.
in
n
shows
enterprise.
the
in
associated with conceptual primitives
database
defined
identification
in
To begin,
the real
in
further
diagram
the
of
26]
results
model
data
data items and the
This
categories
subset of blocks
level.
levels
MODEL
enterprise
The
[Ref.
various
a
lowest
the
At
Succeeding
The
a
results
this
starting point to work from.
process and even after the
47
of
system
is
impl emented
problems
.
likely be identified which
will
will
necessitiate redefining the data elements of the enterprise.
TABLE VII
Primitives
in
the
Primitive
Real
World
Definition
Object
Phenomena that can be represented by
nouns.
Object Class
A group of objects formed by
general ization.
Properties
Characteristics of objects.
Property Value Set
The collection of values that
property may have
a
given
.
Fact
The intersection of a given object
with a given property value set.
Association
A
Table
objects
connection of objects of the same or
different classes.
VIII
and
presents
the
enterprise
object descriptions.
A
list
object
of
classes,
examples
of
computer assets is provided by OPNAVINST 5239. lA.
2.
BACH MAN DJ_a£ram
The
used
to
circles
BACHMAN
diagram
is
one technique that
can
specify the data relationships of an enterprise.
or
bubbles represent objects or
48
entities
and
be
The
the
TABLE VIII
Table of Object Descriptions
OBJECT CLASS
HARDWARE
DESCRIPTION
OBJECT
CPU
processing unit,
including housing and chassis.
Look at other object
descriptions to see what other
object descriptions are
available.
Note: If CPU is not detachable
from other elements of the
computer system, then unit
will be logged under the CPU
object type.
MAIN MEMORY
Only external main memory
Primarily associated
units.
with main frame computers.
I/O
The central
External units primarily
associated with large computer
systems
CHANNEL
.
OPERATORS
CONSOLE
Primarily associated with
large computer systems.
KEYBOARD
Detachable type keyboards.
TERMINAL
Includes local
types
and
remote
.
Detachable from other system
el ements.
MONITOR
49
.
TABLE VIII
MULTIFUNCTION
BOARD
(cont'd)
Spec'fi'cally related to
microcomputers.
Defines the
owe St level of asset
identification for control
of microcomputer hardware.
These boards contain various
numbers of memory chips,
I/O port s
and speaker
1
,
hard war e
DRUM
Secondary storage.
DISK DRIVE
Includes hard disk and
floppy disk drives, internal
and external
.
DISK PACK
Portable; separate from drive
DISKETTE
Floppy disks.
TAPE DRIVE
For micros to main frames,
reel-to-reel and cassette.
MAGNETIC TAPE
Ree
TAPE CASSETTE
Cassettes only.
CARD PUNCH
Card punch machine.
CARD READER
Card
PUNCHED CARD
Punched cards
PAPER TAPE
Punched paper tape
PAPER TAPE
READER
Paper tape reading machine.
NETWORK
FRONTEND
Frontend processors.
DATABASE
MACHINE
Specialized database
1
-
to-r ee
only.
reading mach"'ne.
proce ssors
50
1
.
.
.
.
TABLE VIII
.
(cont'd)
Identify controllers that
from main
processors
INTELLIGENT
CONTROLLER
are detached
.
SOFTWARE
PRINTER
Provide hardcopy printout
OPERATING
SYSTEM
Such as MS DOS.
APPLICATION
PROGRAM
All
SYSTEM
UTILITIES
Generally resident
functional programs that are
used to manipulate data and
programs.
Could be easily
confused with application
UNIX,
CPM.
specialized user
programs
.
progr ams
TEST PROGRAM
Diagnostic program.
COMMUNICATION
Special ized appl i cat ion
program.
Could be confused
with application program.
COMMUNICATIONS COMM LINES
COMM PROCESSOR Specialized, detached
hard ware
.
MULTIPLEXOR
Detached
.
SWITCHING
DEVICES
Detached
.
MODEM
All categories;
ma infr ame
51
micro to
represent the relationship between
arrows
3.4
and
form of data
the general
shows
only
or
shows
a
data
the
structure diagram.
relationships
among
(entities)
the objects
connecting
between the ojbects as one-to-one.
many
whether
depending
on
end.
double
either
Figure
the computer
control
The diagram
risk assessment project.
diagram,
in
objects.
a
called
-is
The BACHMAN
records.
The
BACHMAN
diagram
lines
represent the relationship
one-to-many.
line has single
arrowheads
a
on
one
or many-to-
arrowheads
end.
or
on
double
arrowheads on both ends.
This
and
BACHMAN
diagram models the global risk
computer resource control
52
project.
assessment
Figure 3.4
Bachman Diagram of the Enterprise Model for
Computer Risk Assessment at NPS
53
^V.
LOGICAL DATABASE DESIGN
PROCEDURE
A.
objective
The
relational
to
is
of
phase
in
the
database system development process (Figure 2.1),
spec"'fy
the
logical
format
involves
identifying
contents
of each
records.
The resulting design
The
design
logical
the
logical
the
record.
of
records
and
the
is
the
database.
This
maintained,
the
relationships between
the
to
be
called the logical
design phase generally involves five
schema.
design
tasks.
1.
2.
first
identification of the data to be
task is
stored in the database.
This step is accomplished by
processing
the
data from the
dictionary and
data
screening
information
that
will
not
be
out
incorporated into the database, i.e.. descriptions of
reports, screens, and input documents.
The
Next, it is
necessary to standardize the terms used
name data.
The failure to identify synonyms and
to
aliases
performance
of
can
severly degrade
a
in
it
result
database.
Worst
of
all,
can
misinformation.
Mainta'ining
integrity of the
the
advantage
database is important
it is
one big
and
of database systems over traditional file systems, if
proper! y designed.
3.
third
The
define
step
is
records
and
to
The
relationships.
process of defining records and
is
intuitive
[Ref.
relationships
largely
27].
items
are
defined by identifying the data
Records
during
will contain.
they
Important considerations
and
flexible
designing
process
include;
this
with
the
expandable
records
evolve
that
can
structures,
designing effective record
enterprise,
in
record
and
avoiding
implied
the
data
us^'ng
definition.
54
three are
Relationships
during
step
defined
in
goal is
The
to
terms
of how the users see them.
in
include
all
useful relationships
the
logical
schema. That is. specify all enterprise relationships
that
are
needed by the user in practice.
fourth
step in logical
to
database design is
This requires
define database processing.
analysis
is
manipulated
how
to
produce
the
database
of
This can be accomplished by using
required results.
a method called transform analysis.
4.
The
5.
The
final
The
purpose
of
step is design review.
review is to identify problems with the design.
At
this
point a decision on whether to continue or
not
If the logical design is approved,
has
to be made.
the problems are
proceeds
corrected and the project
physical
design
phase.
to the
Now
it
is
time to begin the logical design
be developed
will
based on
discussion
used during the
Model
Data
Model
B.
logical
that
will
next section begins with
The
Semantic Data Model which
of the
design phase.
be
which
information obtained from the user
requirements analysis phase.
brief
phase
used
is
The
will
a
be
specific Semantic
Entity-Relationship
the
.
SEMANTIC MODELING
There
several
are
analysis and structure of data.
generally
suited
not
design problems.
available
database models
to
However,
for
the
these models
are
handle both logical
The relational model
and
can be used
physical
for
both
phases of the design process, but it is not recommended.
There are several drawbacks to the use of the
model
for
logical database design.
used
in
the
initial
It
is
too detailed
stages of design, and
55
relational
it
lacks
to
be
the
semantic
structure
enterprises
unambiguous choices
to makp
[Ref.
28],
relational
The
This
initial
stages of database design.
Semantic
models
into
is
to
is
used to
and
criteria.
The semantic
then
defining.
is
naming.
associations as listed
C.
applying
relational
mod"'fied
model
by
classifying
and
Table
abstractions
similar
uses
object
sets
and
IX.
semantic models as there are
known example
is
the EntityRelationship Model.
abstractions.
One
ENTITY-RELATIONSHIP MODEL
entity-relationship
The
semantic
for
X
describe
a
must be described
is
based
in
on
three main
these three terms.
description of these three
things
in
the
described by attributes.
in
model
entities, relationships, and attributes.
concepts:
enterprise
another
The
enterprise
represent modeling
Table
adapt
identify the essential
to
THE
The
29].
of ways
varieties
the
development.
are as many different
There
well
in
of
integrate the relational
provide abstractions that naturally
constructs
for
during
users describe enterprises [Ref.
the way that
model
are one way to
systems
the
The goal
semantic
emphasizes
model
process is usually too complicated
data.
to
modpling
dependencies for defining the semantic nature
functional
model
in
enterprise
terms.
which
in
See
Entities
turn
arc
Entities can also interact with one
any number of relationships.
56
[Ref.
30]
TABLE
IX
Tabular Description of Enterprise
OBJECT CLASS
PROPERTIES
HARDWARE
TYPE
NAME
MANUFACTURER
COST
DATE ACQUIRED
OWNER
SOFTWARE
TYPE
NAME
MANUFACTURER
COST
DATE ACQUIRED
OWNER
COMMUNICATIONS
TYPE
NAME
MANUFACTURER
COST
DATE ACQUIRED
OWNER
NAME
OWNER
ADDRESS
PHONE NUMBER
CONFIGURATION
NUMBER
OWNER
LOCATION
SUPPLIER
NAME
ADDRESS
PHONE NUMBER
FUND
TYPE
NUMBER
SPONSER
57
TABLE
X
Termi no ogy
1
distict objects within
1.
Entities
2.
Relationships
3.
Attributes
-
Entities
En
•
relationships
and
attributes.
^
describe the entities and relationships
-
Entities
classes.
t
or
ty-Re
1
a t
Entities
i
organized into sets or
are
relationships
These sets all
i
user enterprise
interactions between objects
meaningful
-
a
onsM ^
and
in
a
have the
set
have unique names.
2i££££ni
Relationships
represented
are
diagramatically with the entity-relationship diagram.
are
sets
are joined
boxes
Entity
represented by rectangular boxes and relationships
represented by diamond-shaped boxes.
are
same
to
relationship
The
the entity boxes that participate
in
the
relationship.
Figure 4.1
complete
shows the entity-relationship diagram for the
conceptual risk assessment
entity-relationship
identification
This
and
stage
diagram
.
the
system.
control
view of the database is shown
view was constructed
data
for
database
in
The
asset
and
Figure
4.2.
using the data element information
relationships developed during the
data
analysis
<]>
Q
<i>
Q
ay
<b
CO
<
(O
pi:
a
en
u
a
o
of
occurence
I
freqiwncy
5
o
59
CO
1
i-t
r*
'*-
«-•
^^
-^
d 'P
5^
O 3
<~i
Q
CO
(O
<l>
(O
<
CO
C«
••-I
Q
a.
to
a
o
I
o
o
73
Quo
60
a
s
Oi
to
<1>
cd
<l>
CO
CO
<b
0)
CO
<
(O
PS
<1>
o
.a
CO
CO
(O
<
a
CO
O
I
33
Ul
61
<D
a
Tablp
shows
XI
relationship
entity
identify
attributes
can
for
used
be
an
Some attributes are also used
to
entity
each
occurence.
identify
to
uniquely
identified
normally
identified by more than one
^
same
One
more
or
occurence.
an
These
Relationships must be
Relationships
way.
are
Tentative
attribute.
indicated by underlining.
Log \ca
•
the
in
and
of
attributes are called key attributes.
keys are
entity
each
Attributes describe some aspect
type.
relationship.
or
uniquely
attributes
the
1_
S£ih e_m
logical
The
schema
composed of the records to be
is
maintained, their contents, and the relationships among those
records
specified.
entities
and
entity-relationship
the
In
relationships
become
records.
The
diagram,
entity-
relationship diagram shows the relationships between records,
however,
the
records
their contents have not yet
and
been
identified.
The
process of logical
entity
each
diagram
a
and
record
relationship
separate record.
in
The
structure involves
the
making
entity-relationship
attributes associated with
each entity and relationship then become fields.
As
the
progresses,
requirements
constraints
are
evaluated
and
data items will
on
be
the
identified.
Constraints are limitations on the values that database
can
have.
There
are
three common types
62
of
design
data
constraints:
TABLE XI
Entity-Relationship Attribute List
equipment
equipment-tyPe
manufacturer
equipment-name
COST
DATE-ACQUIRED
CUSTODY-OF
OWNER^NUMBER
CUSTODY-NUMBER
OWNER
owne renumber
owner-nImF
owner-address
owner-phone
PART-OF
custody^number
configurITiM-number
CONFIGURATION
OWNER-NUMBER
CONFIGURATION-LOCATION
CONFIGURATION-ADDRESS
CONFIGURATION-PHONE
63
TABLE XI
(cont'd)
Enit-ity-Relationship Attribute List
E-S
EQUIPMENT-NUMBER
EQUlPMENT-'PRTrF"
SUPPLIER
SUPPL^ER^N UMBER
SUPPLIER-MTfr
SUPPLIER-ADDRESS
SUPPLIER-PHONE
E-F
EQUJ_PME NT-NUMBER
FUND- NUMBER
FUND
fund- number
fund-Type
SPONSER
64
intpr-record
constraints.
field
given data item can
a
values
limit
given record.
schema
D.
fields
between
[Ref.
different
in
records.
a
31]
specifications of the
for record
Table XII
logical
.
PROBLEMS WITH SEMANTIC MODELING
constructing
When
design
the
entity-relationship
should arguably consider the
constraints
such
naturalness of the model, which
Semantic
necessary
This
role
stage
models
possess
not
do
prevent anomalies and
to
is
imposing
restrict
is
it
the
used.
criteria
the
redundancies.
eliminate
reserved for the relational model
in
next
the
.
Another
problem
is
the treatment of relationships
entity-relationship model.
easily
in
the
The entity-relationship model
can
accomodate one-to-one or many-to-many
Additionally.
a
the reason
is
the
between
Hovever,
semantic process can
the
on
model,
correspondence
semantic model to normal relations.
the
on
constraints
Interrecord
have.
constraints limit values between fields within
Intrarecord
See
and
Field constraints limit the values
intra-record constraints.
that
constraints
the
entity-relationship model can be
single entity-type as well
However, most DBMS's
relationships.
are not as
65
as
on
three or more
flexible.
defined
types.
TABLE XII
Record Specification for Logical
Schema
Description
Field
EQUIPMENT Record
qu pment-number
Equipment-type
Manufacturer
E
Numeric. 6 decimal digits
Alphanumeric. 40 characters
Alphabetic. 30 characters
Alphanumeric. 30 characters
Alphanumeric. 10 characters
Format: YYMMDD
i
Equi pmen t-n ame
Cost
Date-acqu ired
CUSTODY-OF Record
Equ pment-number
wner-n umber
Cu stod y-number
Numeric. 6 decimal digits
Format: 999:99:9999
Numeric. 8 decimal digits
i
OWNER Record
Format: 999:99:9999
Alphabetic. 30 characters
Alphanumeric. 40 characters
Format: (999)999-9999
Owner-number
Own er-name
Owner-address
Own er- phone
PART-OF Record
Numeric.
Numeric.
Custod y-number
Configuration-number
66
10
5
decimal digits
decimal digits
f
TABLE XII
Record Sppc
i
icat i on
(cont'd)
for Logical
Schema
Description
Field
CONFIGURATION Record
Numeric. 5 decimal digits
Format: 999-99-9999
Alphanumeric. 30 characters
Alphanumeric, 30 characters
Format: (999)9 99-9999
Configuration-number
Owner-number
Configuration-location
Configuration-address
Location-phone
E-S
Record
Numeric. 8 decimal digits
Numeric. 6 decimal digits
Alphanumeric. 10 characters
Suppl ier-number
Equi pmen t-number
Price
SUPPLIER Record
Suppl
Suppl
Suppl
Suppl
Numeric. 8 decimal digits
Alphanumeric. 30 characters
Alphanumeric, 30 characters
Format: (999)9 99-9999
ier-number
ier-name
ier-address
ier-phone
E-F Record
Equi pment-number
Fund-n umber
Numeric.
Numeric.
6
4
decimal digits
decimal digits
FUND Record
Fund-number
Fund-type
Sponser
Numeric. 4 decimal digits
Alphabetic, 30 characters
Alphanumeric. 30 characters
67
AddHionally.
and
although
the
process of defining enti'ties
relationships appears to be quite
designer
must
relationships.
decide
It
is
importance
of
modeled.
Consequently.
various
how
up to
to
clear.
assign
objects
the
"in
the
design
designers
Different
models
same enterprise and which
the
totally different results.
[Ref.
68
database
entities
the designer to establish
determ-inistic.
of
the
32]
can
organization
process
produce
in
turn
and
the
being
is
not
different
produce
PHYSICAL DAT^Mli ^i^IGN
V-
A.
OBJECTIVE
Before
starting
necessary
to
implement
the
take
a
database.
that
should
be
it
Therefore,
relational
the
be
it
is
used
to
design
the
of
easily converted to the
is
dependent on
was determined at the
database would be processed by
the
will
The data design model
this case,
In
process
requirement
One
it
implementation model.
DBMS.
design
look at the system that
specification is that
the
physical
the
outset,
relational
a
database model will be
DBMS.
used
to
express the design of the database.
There
are
two
steps
basic
in
the
database
physical
design
process.
logical
schema into the particular data constructs to be used
by
the
produce
particular
statements
[Ref.
first step involves transforming
DBMS selected.
33].
database
that
The
implementation
THE
The
first
to
step
will
second
source
write
define the database structure to
the
DBMS
step is to review the design and to
modify it to achieve optimal
B.
The
the
detailed specifications of the database that will be
during
used
The
performance.
RELATIONAL MODEL
relational database model
uses
a
represent both entities and relationships.
69
single construct to
The construct is
a
two-d 'mens i onal
table called
relation which
a
defined as an unordered set of ordered n-tuples.
is
set of
a
values which is like
n
within
a
carry
identifying
record.
a
formally
is
An
n-tuple
The
values
tuple have to be ordered because the values do
attributes
labels.
each
and
columns
The
row is
terminology can be found
relational model
correspond
occurence.
an
not
to
summary
A
of
Table XIII.
in
TABLE XIII
Relational
1.
Relation
-
a
2.
Attributes
-
3.
Tuples
-
the rows of
4.
Domain
-
the
It
is
preventing
attributes
of
all
the columns of
attributes
contain
cannot
uniquely
that are
attributes
is
called
in
a
reason
the
a
can
tuple.
candidate key,
70
for
rows.
tuple.
range
Each
and
DBMS
preventing
collection
that one
identify
needed,
duplicate
that no relational
The
so
attribute can have
any
however,
duplicate rows is
will
relation
a
relation
constraint.
this
attributes
the
a
table that has several
set of values that an
important to note,
enforces
Terminology
two dimensional
properties
relation
A
Model
The
from
of
number
one
to
collection
of
one of these must
be
process
design
reason
One
designs
avoid
to
definition if
data
relational model
important
so
that relationships are not represented by
is
Basic relational
the data.
with them individually.
but are carried
entire
operations operate on
In
using
relational
a
dealing
DBMS, the user
the
system must decide how to
For this reason, relational
systems appear simple and
specifies
it.
what is wanted,
easy to use.
relational
It
and
also conceptually easier to
is
However,
system.
straight
simple
a
implement
which the relational model
performance
C.
theory
poor
in
.
NORMALIZATION
process
The
arbitrary
certain
design
of
that
can
collection
anomalies and
With
normalization
relational
anomalies.
simple
and
can result
based,
is
a
forward
approach, without an understanding of the mathematical
on
the
in
collections of entities and relationships instead of
do
the
have
that
links as they are in other models.
explicit
during
properties.
undesireable
in
Keys are used
selected as the primary key.
database
design to
purpose
The
be manipulated
of
is
in
operations
converting
invloves
to
a
one
produce
powerful
while
an
avoids
that
database
a
way
with
minimizing
a
data
inconsistencies.
some relations.
undesireable
changing data can have unexpected
consequences.
71
These
are
known
as
mod
1 f""'
are
cat
insertion and deletion anomalies.
result
information
when
entities with
when
Two common modification
anomalies.
"ion
the
attributes
single
insertion.
about
ACTIVITY relation
STUDENT_ID.
in
different
two
one
Figure 5.1.
ACTIVITY,
and
contains information about what r^tivity
ard
FEE.
a
It
The
ACTIVITY
STUDENT_ID
ACTIVITY
200-22-1234
TENNIS
50
111-23-2345
SKIING
100
752-41-4982
GOLF
543-65-3856
Figure 5.1
SWIMMING
Relation ACTIVITY
72
deletion.
has
the
relation
student engages in
how much it costs.
RELATION:
anomalies
Deletion anomalies result
are lost about two entities with
facts
Consider
a
gained
is
Insertion
anomalies
FEE
75
60
The fee
dependent on the activity and
is
engaging
students
all
that activity.
in
200-22-1234
student.
for the
loose
the fact that student 200-22-1234 is
first
in
same
the
Figure 5.1.
we
tennis
a
player.
However, we would also loose the fact that tennis costs
This
is
add
in
we could
costs $55,
activity.
that
These
anomaly.
This
anomalies
two
interdependent.
better
Relations
Usually,
insertion
an
process
a
down
reliability,
ensure
modification
the
can
anomalies
less
independent
be
in
terdependency
form of the relations that resulted
The problem was addressed
There
forms.
hierarchical
anomalies
in
are
by
in
,
or
the
all
errors.
the concept of relational
different
seven
relations, to
normal
Domain
regardless of their type.
forms.
73
Table XIV
normal
forms,
in
Form (INF),
Key/Normal
which relations are free from all
different normal
attention
data
order ranging from the First Normal
includes
(DK/NF),
seven
of
problem of modification anomalies focused
the
which
student enrolls
a
.
The
on
to
Anomalies can be eliminated by changing
design.
database
wanted
racketball.
prevented by
To
efficiency,
and
must be eliminated.
the
example
be
we
$50.
single relation is broken
a
separate relations.
integrity,
data
until
so
an
can
If
example.
for
not do
is
decomposition where
called
into
deletion anomaly.
a
activity to the relation,
an
which
example of
an
for
we deleted
In
tuple
the
is
Form
modification
shows
the
The
second, third and Boyce-Codd normal
first,
address
anomalies
dependencies.
caused
functional
A
between attributes.
dependent
value
by
on
of Y."
the
[Ref.
form.
determinant, and
dependent
is
Y
Determinants
33]
-->
X
dependency is
"Attribute
attribute
may
Y.
X
inappropriate
by
if the
said
is
Y
value of
functional
relationship
a
functionally
to be
X
determines
can
the
Functional dependencies are denoted
where attribute
X
called
is
the
called the dependent variable.
or may not
Functionally
unique.
be
Functional
attributes need not be unique either.
dependencies
forms all
involve groups of attributes,
more attributes can determine several
TABLE XIV
Summary of Normal
and
one
attributes.
[Ref.
35]
Forms
Defining Characteristic
Form
INF
Any relation
2NF
All no-key attributes
of the keys
3NF
There are no transitive dependencies
BCNF
Every determinant is
4NF
Every multivalued dependency is
functional dependency
5NF
Join dependencies are satisfied
DK/NF
All
are dependent on all
a
candidate key
a
constraints on relations are logical
consequences of domains and keys
74
or
key
A
relation comprises one or
a
functionally determine or identify
that
unique.
duplicated,
[Ref.
this
and
allowed
not
is
relation to be
a
attributes
relation
must be
dependent
third
in
is
second normal
in
all
on
in
every determinant is
still
anomalies
relation.
and
all
definition.
by
relation
a
form
result
it
is
nonkey
all
second
Finally,
relation
a
third normal
in
form
candidate key.
a
Boyce-Codd normal
in
form, anomalies
Additionally,
dependency.
joining two
from
forms respectively.
modification anomalies.
A
the relation
on
A
normal
projections
on
These two anomalies are eliminated by the
fifth normal
constraint
if
arise from multivalued
can
form,
form if it is in
normal
Boyce-Codd normal
Even with
can
be
key attributes.
the
form and has no transitive dependencies.
and
must
it
a
36]
For
is
Because
tuple.
a
then the entire tuple would
were not unique,
If it
attributes
more
determines the entire tuple,
functionally
key
be
of
is
relation is
a
logical
fourth
eliminates
DK/NF
The
a
DK/NF if every
in
consequence of
the
definition of keys and domains.
There
an
are three criteria
effective
relational
that should
database
used
design.
elimination of modification anomalies.
and
be
They
to
produce
are
the
relation independence
ease of use.
The
anomalies,
first
will
criteria,
be
elimination
achieved
75
of
if the relation
modification
is
put
into
DK/NF.
Thp
cn'teria
second
is
design
to
relation
independence to support error free operation of the
system.
that
The
criteria
easy to use.
is
relations
users
third
these
other.
each
involves trying to structure the
This
seem
because of the
criteria
design
three
natural
conflict
to
make
and
requirements.
questions of priority.
[Ref.
best possible
the
There are no
with
designer
the responsibility of the
is
It
priorities
assess
to
compromise
rules
the
for
37]
THE RELATIONAL SCHEMA
translate
To
the
relational design
a
.
Often,
D.
create
to
they are familiar and
that
so
is
database
model
has
to
model
a
be
into
an
described
in
itself to implementation.
relational
schema
and
This initial
the language
operational
which
form
a
model
system,
is
lends
called
used to describe
it
the
is
called the schema language.
One
objective
the access to
elements.
will
data
of the
database system
elements.
irrespective of the
To be
f^^^e
and
is
able
to
systematize
to
fetch
record
have to provide descriptions which allow
structure,
position and type of the data elements by attribute
and
value, or by attribute relationship.
This
of
the
is
an
important element of obtaining
database requirements.
76
we
determination
of
[Ref.
data
name
38]
a
description
Defining the data
elements
necessary to generate the
further.
is
that deal
with the database.
definitions
Data
results
of the
processing
programs
relationships are taken from
and
previous design phases.
procedures
Any new
identified at this stage are also included
that are
the
in
the
part of defining data elements is that
the
design.
essential
An
data
elements
language
must
defined
be
specifications.
terms
in
programming
of
process involves assigning
The
a
elements.
name and defining specific characteristics of data
This specification is known as the data type.
There
quantitative
both
are
characteristics
Quantitative
elements.
data
of
qualitative
and
characteristics include name, type, domain and length.
Names
have
been
development
process
relations.
The
controlled
given to
programming language used.
a
variable-length
short.
characters.
the
first
alphabetic.
Names used
global.
a
In
a
database,
in
records
is
depends
and
usually
on
the
These rules generally allow
for
string of alphabetic and
character
in
database
entire
data element
rules and
stra ight- forward
by
the
define attributes
to
name
during
used
being
restricted
numeric
to
be
files and databases are generally
the
name of
a
data
element
is
affected only by structural
scope, defined as the database or
relation
the
that
contains
77
data
element.
[Ref.
39]
example.
For
identifier,
specification
data element name.
to
be associated
it
associated
equipment
with
processing by implying the
the
in
specified
a
category
Most computer languages provide
40]
of
transformation of data and
provides specifications for encoding of the data
[Ref.
each
specification limits the values
with the data-element names to
operations to be used
legal
element,
data
usually
is
The type
simplifies
domain,
the
for
E:NUM.
is
type
A
name
the
number of
small
a
values,
general choices, such as, CHARACTER, DECIMAL, BINARY INTEGER,
BINARY FIXED POINT NUMBER.
and
REFERENCE just to name
a
few.
The data element E:NUM is specified as being NUMERIC.
defines
Domain
element.
of
can be valuable by keeping
the database.
attribute
domain
EQUIP_IDENTIFIERS
nine
character.
when
it
is
Length
Another
is:
is
a
for
data
a
improper elements out
there
is
the
data
element
E:NUM
represents
a
This number represents the
space
for
is
Each
numeric
a
plant account
number
available.
can
be
specified as either fixed
or
variable.
way to specify the length of the data element
E:NUM
a
corresponding domain definition.
which is defined as NUMERIC 999999.
example
this
in
values for
For each data element then,
for which there
domain
The
It
the range of allowed
NUMERIC
(6).
length of the data element.
where the number
6
specifies
E:NUM
the
The completp data element definition for the data element
E:NUM is illustrated
NAME
E:NUM
TYPE
NUMERIC
DOMAIN
EQUIPMENT_IDENTIFIERS
LENGTH
(6)
Figure 5.2
Qualitative
provide
title.
Figure 5.2.
in
Data Definition of E:NUM
characteristics of data elements are used to
information.
semantic
additional
unit specification, essential
These
include
data, undefined values,
transformations, access privilege, and file management.
A
title
is
sometimes
used
description of the data element.
to
to
provide
a
more
Unit specification
detailed
is
used
ensure standardization when units of measure are involved.
Essential data refers to whether the data element is required
or
is
optional
in
a
information
about
undefined.
Programs
record.
whether
that
data
Undefined
can
be
values
missing
provide
or
operate on the database must
able to recognize this fact.
79
left
be
Transformat-ions
privilege
contained
be
there
is
need
a
to
database.
the
defines which users are allowed access
which data elements.
may
if
data between the outside world and
transform
Access
important
are
file management
Finally,
in
the
matters such as control
information
File management
schema.
transposition,
indexing,
to
concerns
control
of
integrity, archiving, and erasure cycles.
The relation definitions of the risk analysis project are
shown
in
are listed
E.
Attribute domains and domain definitions
Table XV.
in
Tables XVI
and XVII.
DATA MANIPULATION
relational
In
collections
databases.
records (tuples), and
of
entire relations.
apply
to
there
are
relations
three
At
operations
viewed
as
relational operations
the most
that
are
need
elementary
to
be
level,
discussed:
projection, selection, and join. [Ref. 41]
The
first relational
operation,
projection,
new relation that contains only the columns
the
original
request.
It
relation that are specified
is
produces
(attributes)
in
the
a
from
projection
important to note that this operation
will
eliminate any duplicate tuples that may naturally occur.
The
(tuples)
selection
operation
from the original
condition or conditions.
will
produce
only
relation that satisfy
The
80
the
a
rows
certain
results of both projection and
TABLE XV
Relation Definitions
1.
EQUIPMENT (Ej_NUM. E:TYPE. E:MFG. E:NAME. E:COST.
E:DTFACQ)
2.
E-0
3.
OWNER (O^NUM.
0:LNAME. OiFNAME. 0:STRET. OrCITY,
OrSTATE, 0: ZIP, OiPHONE)
4.
0-C
5.
0:NUM. CO:LOC, CO:STRET.
CONFIGURATION {COj_NUM,
COrCITY. CO:STATE, CO:ZIP. CO:PHQNE)
6.
E-S
7.
SUPPLIER (S:NUM. S:NAME. S:STRET. S:CITY, S:STATE,
IT7TP. S: PHONE)
8.
E-F
9.
FUND
(E:NUM. Oj_NUM. C:NUM)
(Cj_NUM.
COj_NUM)
(SjJUM. EjJiUM.
(EjJUJM,
PRICE)
Fj_NUM)
(F:NUM. F:TYPE. F:SPONSR)
TABLE XVI
Attribute Domains
Doma
Attribute
i
n
2.
3.
4.
5.
5.
E:NUM
E:TYPE
E:MFG
ErNAME
E:COST
E:DATACQ
EQUIP IDENTIFIERS
EQUIP~TYPES
MFG_NAMES
EQUIP_NAMES
PRICES
DATES
7.
8.
0:NUM
C:NUM
OWNER_IDENTIFIERS
CUSTODY_IDENTIFIERS
9.
10.
11.
12.
13.
14.
15.
0:LNAME
0:FNAME
0:STRET
0:CITY
0:STATE
0:ZIP
0:PH0NE
L_NAMES
NAMES
STREET_ADDRESSES
CITY NAMES
STATr NAMES
16.
CO:NUM
C0NFIG_IDENTIFIERS
17
LOCATION_NAMES
STREET_A0DRESSES
21
22
CO LOC
CO STRET
CO CITY
CO STATE
CO ZIP
CO PHONE
23
24
S:NUM
PRICE
SUPPLIER IDENTIFIERS
PRICES
1.
18
19
20
28
29
30
32
33
ZIP_CIIDES
PHONE_NUMBERS
CITY NAMES
STATr_NAMES
ZIP_CODES
PHONE NUMBERS
SUPPLIER_NAMES
STREET_ADDRESSES
CITY_NAMES
STATE_NAMES
ZIP_CODES
PHONE_NUMBERS
NAME
STRET
CITY
STATE
ZIP
PHONE
25
26
27
31
F
.
F:NUM
FUND_IDENTIFIERS
FrTYPE
F:SPONSR
FUND_TYPES
SPONSER NAMES
82
e
TABLE XVII
Domain Definitions
Format and Meaning
Domain Name
1.
CITY_NAMES
CHAR
2.
CONFIG_IDENTIFIERS
numeric 99999; uniquely
identifies each configuration
3.
CUSTODY_IDENTIFIERS
numeric 9999999999; identify
specific ownership of each piece
equi pment
4.
DATES
numeric YYMMDD
5.
EQUIP__IDENTIFIERS
numeric 999999; uniquely
identifies each piece of
equi pment
6.
EQUIP_NAMES
CHAR (30); standard commercial
nomenc 1 at ur
7.
EQUIP_TYPES
CHAR (40); must fit one of the
object categories listed is
Table VII
8.
F_NAMES
CHAR
9.
FUND_IDENTIFIERS
numeric 9999; uniquely
identifies each fund
10.
FUND_TYPES
CHAR (30); identifies fund as
being research. OPN, G&MN
11.
LOCATION NAMES
CHAR
(30);
12.
L_NAMES
CHAR
(20);
last names of people
13.
MFG NAMES
CHAR
(30);
names of manufacturers
(25)
(10);
first names of people
identifies location
of configuration beyond street
address - building name and
room, home
s
BLE XVII
(cont'd)
Domain Definitions
Domain Name
Fo rma
t
and
Meaning
14.
OWNER_IDENTIFIERS
999:99:9999; social security
numbers are used to uniquely
identify individual owners
15.
PHONE_NUMBERS
(999)999-9999
16.
PRICES
numeric 999999999.99
17.
STATE_NAMES
CHAR (2); two character state
abreviations
18.
STREET_ADDRESSES
CHAR (30)
19.
SUPPLIER_IDENTIFIER
numeric 99999999; uniquely
identifies equipment suppliers
20.
SUPPLIER_NAMES
CHAR (30);
suppl ier
21.
ZIP CODES
numeric 99999;
zip code
84
names of equipment
five digit postal
selection
also relations and therefore can be
are
produce any desired subset of an original
operation
relational
join
The
from two relations into one.
contains
for matching values
manipulation
at
hide the actual
process
To
specified common attribute of each.
a
enable
higher
a
relations
with
expressing
what you want to do.
strategies
for
have
relational
graphic.
Since
relational
clear.
a
relational
algebra,
data
the
examples
just
non-procedural
data
easy-to-use
languages
that use
terms of what is known.
of
which
a
outputs.
be
emphasized.
are
relations
is
of
transform
to
These languages
provide
desired
in
stands for Structured Query Language.
Manipulation
Database
tr an sf orm- or ien ted
85
class
a
42]
relational
-is
and
transform-oriented
for expressing what
[Ref.
for
relational
transform-oriented,
use
is
different
four
manipulation:
languages
structures
(DHL)
data
it
language
There are
this language will
into desired
example
unambiguous
many DBMS products
language,
computer,
a
calculus,
Transform-oriented
Language
than
handle
to
structure of the database from the user.
to
An
users
level
necessary
input
looking
DBMS's generally use English-like syntax and tend
described.
to
in
DBMS's, however,
Most
data
new relation that
a
input relations are combined by
from the two
Tuples
produces
comb'^ne
to
columns from both of its input relations.
the
all
It
to
relation.
used
is
used
is
SQL.
SQL
The basic construct of
.
SQL is
mapping, whose syntax takes the for
a
SELECT <attribute>
FROM
<relation>
WHERE
<condition clausp>
The
simplest condition clause appears as:
<attribute>
<value>
binary operators include =. NEQ.
The
values
a
by
such
>_.
mapping is
a
selecting
each
the condition clause.
each
selected
<_,
set
>.
of
<.
values.
relation
row
The
that
The value of the attribute
row becomes
part
output.
the
of
43]
This
chapter has presented some of the important aspects
physical database design phase.
of the
that
chosen
are
satisfies
[Ref.
from
output
The
of
<binary operator>
relational
all
relational
ease of use.
for
among
The criteria
users.
to
relations.
or
elimination
minimization
of
interrelation
An
initial
asset
some
and
of
some
Some
have
are
relational
for good
reduction
are
anomalies,
created
database designs are not equal.
dependencies
suited
designs
stressed the fact
schemas suffer modification anomalies.
unacceptable
poorly
It
modification
constraints,
and
relational database design has been
identification and
assessment at NPS
86
valuation
for
risk
DATABASE MANAGEMENT SYSTEMS
A.
management system (DBMS)
database
Thp
piece of software that is used to
DBMS
serves
How
the
overall
as
system
is
request
is
a
specialized
a
database.
interfaces
management system
illustrated
in
Figure
the
Users
and
DBMS.
If
responsibility
for
6.1.
programs make requests to the
valid.
DBMS takes
the
able to do this directly and must
not
user.
with
performing the necessary database manipulations.
is
The
interface between the data and the
database
application
their
the
an
implement
is
However, it
invoke
file
the
handling capabilites of the operating system to read or write
data.
This interaction with the system introduces additional
overhead.
DBMSs
[Ref.
appear
to
44]
currently
In
the operating
systems
available
system as just
another
user
program.
There
are two
assists users
in
primary functions of
First.
DBMS.
manipulating the database, and secondly,
protects the database from the users.
Assistance
is
such as data retieval
or modification.
Additional
all.
assistance
without the need for any programs to be written
Examples
include
query
87
processors
it
provided
provided by program modules that perform functions on
database
it
functions
users by program modules that perform standard
to
is
a
and
the
at
report
user/application
program
database
management
system
(DBMS)
operating
system
(OS)
database
Figure 6.1 Relationsliip between
88
DBMS and OS
generators.
The
standard
of
use
enhances database system operations.
of
a
must
independent
be
Finally,
natural
different views of the database.
database
that are
ability
have the
The
and
DBMS
interface
The
structures.
storage
physical
of any
should
DBMS
the
applications.
interface for user data.
provides
amount
reduces the
It
the reliability of
increases
greatly
implement new applications
work that must be done to
also
modules
system
construct
to
portions of
That is,
the
irrelevant to an application can be hidden
from it. and the structure of what remains can be adjusted to
fit
application's specific requirements [Ref. 45].
the
second function of
The
implemented primarily through
DBMS.
it
a
the
DBMS to evaluate each request and decide
proceed.
should
decision
The
can
include
[Ref.
or
is
on
A
both
type of
implemented through defining views
also
exclude
This
whether
made
be
authorization criteria and on integrity criteria.
access control
is
gate-keeping function for the
user requests must be made through the DBMS.
All
allows
database protection,
DBMS,
a
particular portions
database.
the
of
to
46]
The
above fundamental
capabilities of
support the database are summarized
Two
database
special
designed,
central
and
to
functions
in
of DBMS
languages to define databases.
the database
DBMS required
to
Table XVIII,
software are to define
defined
access the
a
database.
After
DBMSs
a
database
a
use
is
structures are defined using the Data
89
De
f
"i
n
-i
t""
classified
three categories that coincide
into
levels of users.
programs
commands
data
as
provide
in
a
professional
The
for other
programming language.
language
programmer, who developes
(DML).
interface
for
the
third
level
of
systems
Most
level
few systems provide
A
access
These commands are known
query languages for the second
user.
is
three
with
employs embedded database
users.
manipulation
non programmer
[Ref.
Software to access databases
Language (DDL).
on
user.
a
user.
of
natural
the
also
the
language
casual
user.
47]
TABLE XVIII
Fundamental
provide
Capabilities of DBMS
interface of user data
natural
1.
Must
2.
The
3.
Different users should be able to access the same
database, using different views of the database
4.
Changes to the database can be made without
affecting programs that make no use of the change
a
interface must be independent of any physical
storage structures
There
their
is
a
difference between data
subtle
implementation.
implementations
abstraction.
are
There
a
Data models are
models
abstractions
and
while
software realization of the data model
art^
variety of DBMSs. and
a
90
each
is
implemented by different software structures.
structures
are
components
of
listed
is
in
called
called
Table XIX.
a
architectures.
DBMS
The
provide for each of the
DBMS must
a
These software
software
functions
The combination of software components
database architecture.
TABLE XIX
Primary Goals of DBMS
structures
1.
define the chosen database logical
2.
define the chosen physical
3.
define user views
4.
access the defined database
5.
define the storage structures to be used to store
the data
B.
structure
RELATIONAL DATABASE IMPLEMENTATION
Most
[Ref.
commercial
The
48],
DBMSs
support
some
are three main
based on SQL.
single
data
model
relational model developed during the data
analysis stage is implemented using
There
a
a
relational
DBMS.
types of relation DBMSs.
others are based on QUEL.
and
There are
a
third
category based on other data languages.
major
One
DBMSs
is
problem with the implementation of relational
the occurence of null
91
values.
A
null
value
means
either the data value
that
inapplicable.
relations
identify
these
when predicates are
joined.
ar e
unknown or that the
It
is
are
evaluated,
therefore
is
problem areas
potential
value
present problems when they
values
Null
values for key columns.
when
is
and
necessary
and
to
impose
to
a
constraint where null values Are prohibited.
C.
DATABASE MANAGEMENT SYSTEM SELECTION
important at this juncture to divide the
is
It
of DBMS
selection into two broad categories.
growth
of
application
software.
created.
special
a
selection
DBMS
for
difficult assessment of cost.
affecting
nearly
information
kind
model
relevant
been
has
involves
systems
large
in
high risk in terms of the DBMS
of
These
use.
organization's
an
and difficulty
microcomputer
the
to
to
growth
class of DBMSs
aspect
every
processing.
data
of
With the recent
microcomputer and the associated
the
problem
in
determining
issues
same
user.
what
are
significant
One
difference between microcomputer systems and large systems
the
of
size of the database
magnitude
difference
use
by
is
only
associated
larger
large
for
few
a
can
be
several
organizations.
Therefore,
people.
all
the
multiple simultaneous access do not
the general
is
orders
Another
computer systems are intended for
that personal
with
Additionally,
be managed
to
not
problems
arise.
area of backup and recovery, which
92
critical
is
business
large
to
given
little
are generally designed
for the
systems
is
attention in microcompter applications.
for microcomputers,
DBMSs
nonprogr ammer
differ
They
user.
from
DBMSs
that
supported by larger computer configurations by the
power
provided
are
database
of
to
the
file
(although
i.e.,
The
sequences of such commands.
provide
to
only
capable
of
queries
as
The emphasis of these systems is
interface
enables
that
users to easily define and populate databases.
49]
computer DBMSs are relatively easy to use.
personal
Most
They
systems
solution is to give users simple
interactive
an
non programmer
[Ref.
now
require them to formulate complex
and
interface
the
each query must address
new systems are
many
multiple file access).
commands
and
selective
Query languages in personal
user.
usually restricted,
one
languages
access
are
are
designed
provide inexperienced users
to
with
elementary subset of database access commands and then,
experience,
dBASE-II
to
is
proceed
an
sophisticated
to more
example of
a
microcomputer
an
with
operations.
DBMS.
contains three major components to allow database access:
1.
a
2.
a
3.
a
See
query processor to support on-line ad hoc queries
simple
queries
procedural
language to store preprogrammed
report generator
Figure 6.2.
[Ref.
50]
93
It
report
generator
^
(^
^^-^
"^^•-..^^
database
query
files
processor
CCL
^.._
^
w reports
^
ad hoc
queries
^
/
procedures
^
w
preprogrammed
queries
Figure 6.2 Using the Personal Database
94
DBMSs for large computer systems.
Unlike
microcomputers are relational.
supports
query processor
The dBASE-II
dBASE-II
SQL-like language.
a
most DBMSs for
provides
also
enable preprogrammed queries
procedural
language
specified.
More experienced
to
a
be
to
users can create files that hold
such procedures and then execute them as required.
Although
contain
provided
DBMSs
narrower
a
set
facilites,
of
usually
systems
for personal
they
still
are
effective for limited applications.
The
common approach to selecting
most
analysis.
list
A
characterize
DBMSs.
can
in
be
seen
evaluated
ranking
system
analyzing
all
partial
A
Table XX.
can
be
the
also
a
expandable,
features
>
s
appropriate
An
The
third
step
features
in
terms
of
involves
what
the
step involves developing
a
rational,
quantitative technique.
meaning that additional
criteria
It
can
added easily by adding one or more levels of weighting and
aggregation
DBMS score.
set
feature.
final
that
advantages of this method are its simplicity and the
appearance of being
be
features
each candidate DBMS
Next,
The
feature
score for each of the candidate systems.
The
is
is
applied.
organization needs are.
final
general
DBMS
listing of example
basis of each
the
on
compiled of
is
a
of
between
the
detailed
features and the overall
Evaluation can be adjusted to find the
we-ights.
Disadvantages
95
of this
method
optimum
are
that
TABLE XX
Partial
A.
Database Managpment System Feature List
VENDOR SUPPORT
1.
2.
3.
4.
5.
B.
EASE OF USE
1.
2.
3.
C.
TRAINING
DOCUMENTATION
TECHNICAL SUPPORT
VENDOR CREDIBILITY
USER EXPERIENCE
irJITIAL IMPLEMENTATION
DATABASE DESIGN CHANGE FACILITIES
CONTINUING USE
SYSTEM REQUIREMENTS
HARDWARE
SOFTWARE
D.
COMPLETENESS
SECURITY FEATURES
UTILITIES
DATA STRUCTURES SUPPORTED
QUERY FACILITIES
REPORT WRITER FACILITIES
BATCH/ONLINE CAPABILITY
COMMUNICATIONS INTERFACE
LANGUAGE INTERFACE
DATA DICTIONARY CAPABILITY
10. USAGE STATISTICS
11. SUPPORT FOR DATA INDEPENDENCE
1.
2.
3.
4.
5.
6.
7.
8.
9.
E.
INTEGRITY
1. CHECKPOINT/RESTART
2. BACKUP/RECOVERY
F.
PERFORMANCE
1. CPU USAGE
2. CHANNEL USAGE
3. TUNING FLEXIBILITY
96
despite
its
subjective.
appearance
of
Both weights and
97
objectivity.
it
is
still
scores are human estimates.
EVALUATING THE DATABASE
VII-
A.
DE S GN
J_
DESIGN OBJECTIVES
design
Database
criteria
These
must
can
sat"'sfy
divided
be
a
certain set of criteria.
into
major
two
classes:
structure and performance criteria.
pr eser vat
"*
preservation
preservation
critical
avoid
to
and
links
storage
Additionally.
between
object
sets
the
is
performance criteria, concern resource
Performance
access.
should
the
high correspondence to
transaction requirements that must be met,
of
the
inconsistencies.
prevent database
database
a
concerns
Specifically.
anomalies.
integrity
of
second class.
The
use
to
properties has
of data
relations
normal
properties.
data
of
on
criteria.
structure
class.
first
The
be
used.
and
the
criteria
a
include
minimum
number
of
amount
transfers
between memory and storage devices must be minimized.
Due
first
to
class
the
of
nature of this database
criteria will
criteria are important
in
be
evaluated.
microcomputer DBMSs.
ability to control them is often limited.
the other
project.
hand, are critical
to
98
only
the
Performance
however.
the
These criteria, on
large database system design.
B.
INITIAL DESIGN
The goal
structure,
all
of
initial design is to produce
not be optimized but will
that will
one
feasible design
satisfy
access requirements.
design structure must ensure that records needed
The
Otherwise the
on-line transactions can be accessed directly.
database
system will
retrieve
requested
become bogged down
data
and
the
by
DML operations to
in
system
will
less
be
efficient.
Design
design
methods
techniques
use
and
variety of logical
a
apply them to realize
depend
that
on
physical
designs
that
These techniques are applied
satisfy the design criteria.
sequences
and
the DBMS
and
on
the
in
relative
importance placed on the two classes of criteria. [Ref. 51]
C.
DESIGN ITERATIONS
Once
the
initial
attempts to improve it.
to
design
is
accepted,
the
designer
Various design trade-offs are
made
reach an optimum design.
After
design
problems are identified.
the designer can
select various design tactics to overcome them.
set of design
beyond
the
Ideally.
tactics are provided for each problem.
scope
of
this paper to
go
into
concerning design iterations and design tactics.
99
more
It
a
is
detail
EVALUATING DATABASE DESIGN
D.
Database
evaluations
development steps.
performance
made
at
a11
Stepwise evlauation.
design.
the optimum final
ensure
are
estimates
to
the
however.
The
sufficient
database
indicate design problems and
data
has been
will
completed,
are
the operation with transfer of valuable
of
a
performance
accomplished
selecting
new system.
[Ref.
finalized and the data
improvement involves finding
looking
by
shortest
the
when
the access
at
executed.
decision
the specific
path.
data
52]
has been
data
important
One
path selection
is
made.
the
most
This
model
is
and
question
The
two
program
is
written or when it
The other major question
is
whether the access
choices are: when the retrieval
path
of
involve assurance of reliability and
efficient route to the data required by each query.
is
the
The remainder
information.
Once the database design
concerns
after
and
adaptation to changing requirements, and eventually
procedures to
loaded.
this
At
collected so that the user of
can receive usable
termination
and
then
implemented on the DBMS.
implementation
and
the database cycle
quality.
then
the
benefits of database systems are obtained only after
design
the
is
not
will
Successive steps use
design tactics are used to correct these problems.
point the design
system
is
made by the DBMS or by either the
programmer.
100
user
or
One
of
ideally.
the query
until
not
should be the optimal
make
to
processed.
is
take
can
but acually it
convenience to users.
as
assertion that the system
an
decisions
than
microcomputer DBMS.
this
most database users fall
method
One
performance
an
values
relevant
works
back
of
a
addition
on
known because the
records
much
In
53]
without
design
database
the
increase
to
extra indices.
of
Normally,
values of the key data
index can be used
searching
each
same way as you would
the
book when looking for
a
use
the
specific
to
the
key
find
the
tuple.
index
created and maintained for nonkey
be
that are the basis for frequent retrieval
Indices
elements
storage
are
not
because
space
in
automatically
there are costs
memory.
The
101
It
in
data
the
Many
topic.
systems allow the designer to specify that additional
should
the
user category.
allows efficient retrievals where
This
are
[Ref.
into the casual
be maintained
index will
elements.
the
interpreted
should be
especially true considering that
improving
of
is
is
as
better able to make these
is
user.
the
into
moment.
that
at
Placing responsibility on the DBMS could be viewed merely
a
and,
Waiting until execution time
approach.
state of the database
exact
the
is
theory, this
In
access decision means that it
the
account
model
path decisions should be made by the DBMS
access
that
basic precepts of the relational
the
indices
elements
requests.
created
involved.
decision
for
They
all
take
whether
data
up
to
create
the
additional
relative
indices depends on knowing something about
frequency
updates
of
retrievals.
and
retrievals are far more numerous than updates.
should
be
maintain
the
index
If
updates occur about as often, or
retrievals.
then the extra work required to
considered.
more often than
then an
If
index will
probably not be
profitable.
illustrates the problems associated with optimizing
design without knowing actual
This
database
useage requirements.
The bottom line is to make sure that the system supports
the
user
design
the way
it
should.
If
it
iterations are performed until
7.1.
102
does
it
not.
does.
successive
See
Figure
Database
Access
requirements
specification
Design
criteria
Figure 7.1 Design Iterations
103
S
.
VIII.
R
EC
thesis proposes an
This
database
system
valuation
first
assessment at NPS.
ME
N D A T2
N
initial design
for
a
relational
support asset identification
that will
the
as
M
step
computer
conduct
to
and
risk
Much work remains to be done before this
system can be used
remaining tasks of DBMS selection and
The
would
excellent
be
thesis
student
for
implementation
work.
recommend
that the available microcomputer DBMS
evaluated
and
design.
database
including
one be selected
that
POWERBASE.
a
implementing
be
this
dBASE
II
NPS
lOBASE.
and
microcomputer DBMS be used because they
designed
for
Users
also maintain control
can
systems
DBMSs available at
There are several
RBASE 4000,
recommend that
for
would
I
and
are
expertise.
computer
little
with
users
I
security of
system
the
easily (a matter of locking up system and data jiskettes).
The
to
DBMSs
10,000
retrievals.
hour
to determine data
microcomputer DBMS
Another
is
the
delays
Additional
sort times).
(10
work
is
6.000
second
required
quatities to determine the suitability of
g^'ven
important
determination
administrator
"acceptable"
with
records
1
handle files of about
listed above can
(DBA).
a
data volumes.
that
task
who
of
The
104
must
will
database
be
act
taken care
as
of
database
administrator
is
essential
He
operation
effective
for
of the database system.
responsible for protecting the database while
is
the
at
same time maximizing benefits to users.
users of the system must also be identified.
The
clear
who
collection
and
not
be required
will
entry,
data
to
perform the task of
who will
or
have
is
It
data
generate
to
reports for the purpose of controlling computer resources.
possible, due to the nature of this database, that
is
It
would also act as administrator.
user(s)
the
high
level
able
language interface,
manage
to
documentation
postdesign
require
and
this
even casual
system.
employing
users
would
and
skills
a
of
changes to
more
the
a
be
appropriate
Naturally.
training would have to be provided.
optimization
the
and
implementation,
design and careful
database
proper
With
Also,
system
sophisticated
would
computer
technician.
Many
of these recommendations hold
system is implemented on
is
implemented on
a
personal
larger computer
a
only if the
computer.
database
the
If
system
system the problems
are
much more complex.
One
a
disadvantage
personal
of implementing
computer is that access is
the database
somewhat
Anyone
needing access to the system will
to
and request
go
owner.
computer
restricted.
have to know
permission to access the system from
This problem can be alleviated
network
system on
and
sharing this
105
where
the
somewhat by creating
data
between
a
multiple
microcomputers.
together
possible
link
to
microcomputers
either with modems and telephone lines or by
commercially
however,
is
It
available
problems
with
Extensive
operations.
network
technology.
computer
research
networking
is
required
using
There
database
and
in
are,
this
area
before an approach could be recommended.
This
and
initial design covers only the asset identification
valuation aspects of computer risk assessment procedures.
The global
risk assessment database svstem depicted
9.1.
must also be designed and
will
provide help with the overall risk assessment
The
initial
design
has
so
process.
Th^s
decomposition
simplifies
the
of
the
process.
that
incorporate the global risk
to
Figure
implemented before the system
been constructed
be easily expanded
in
it
assessment
database
design
problem by enabling the designer to focus
individualmodulesoneatatime.
106
can
on
.
CONCLUSIONS
IX.
There
growing
computers
pressure
growth
of
throughout government due to the enormous sums
of
is
to control
the
money that are spent on computer equipment every
rapid
government, and the Navy
reliance
increased
perform
computers to
on
has
led
to
mission.
its
dependence on computers has made it necessary
Organizational
to
particular,
in
The
areas of operations
infiltration of computers into all
within
year.
assess vulnerability to threats
continually
related
to
computer resources.
directives
Numerous
identify
threats
methodologies
assessment
effort
the
structured,
the
annual
and
requires
however,
a
by
A
providing
database
a
help
to
recommend
and
assessment.
risk
technology.
process
the
resources
procedure itself would be
database
employing
enhance
perform
to
promulgated
been
computer
to
procedure.
and
have
risk
The
great
well
deal
of
served
by
would
greatly
standardized,
maintainable vehicle with which to
loss expectancy for comuputer resources of
well
compute
a
given
organi zat ion
A
global
provide such
system
data
a
database.
funct^'on
respectivly.
structure
One
diagram has been
devised
to
Figures 3.3 and 3.4 show the global
hierarchy
individual
and
data
structure
diagram
user's view has been designed as
107
.
beginning
the
system.
step toward creating
initial
The
design for asset
valuation has been presented
The
relational
interface
because
can
be
an
model
in
database
itegrated
identification
and
this thesis.
was
chosen because
database
easily understood by
tabular
its
users
and
most microcomputer DBMSs are built on the relational
model
work remains to be done
Much
need
to
must
be
the
be
this data model.
identified and responsibility for
assigned.
model
database.
can
be
on
and
A
data
DBMS must be selected
by
students
technology curricula.
108
time
in
consuming
the
database
implementing
must be collected and entered
These are difficult.
completed
for
the
Users
various
into the
tasks which
computer
APPENDIX
A
EXAMPLES OF VARIOUS FORMS USED IN THE RISK ASSESSMENT PROCESS
example of OPNAV 5239/7, ASSET VALUATION WORKSHEET
An
ASSET VALUATION WORKSHEET
1.
ASSET NAME
2.
ASSET DESaiPTION AND JUSTinCATION OP IMPACT VALUE RATINGS ASSIGNED.
3.
IMPAa VALUE BATING BY IMPACT AREA
modification
destruction disclosure
109
denial of SERVICE
example of OPNAV 5239/8. THREAT AND VULNERABILITY
EVALUATION WORKSHEET
An
THREAT AND VULNERABILITY
EVALUATION WORKSHEET
1.
2.
THREAT NAME
DESCRIPTION. EXAMPLES. AND JUSTIFICATION BASED ON
EXISTING COUNTERMEASURES AND VULNERABIUTES.
3.
SUCCESSFUL ATTACK FREQUENCY RATING BY IMPACT AREA.
MODinCAnON destruction
110
DISCLOSURE
DENIAL OF SERVICE
An example of OPNAV
5239/9, ALE COMPUTATION WORKSHEET
ADDITIONAL COUNTERMEASURE EVALUATION WORKSHEET
1.
COUNTERMEASURE NAME
3.
DESCHIFnON
4.
THREATS AFFECTED BY THIS
COUNTERMEASURE
7.
2.
9.
CURRENT
RETURN ON INVESTMENT
ANNUAL
ALE
6.
COST
ALE
SAVINGS
PROJECTED
S.
TOTAL
ALE
SAVINGS
9.
OVERLAPPING ADDITIONAL COUNTERMEASURES
111
An example of OPNAV 5239/10, ADDITIONAL COUNTERMEASURE
EVALUATION WORKSHEET
raw
x^vwni sihi moj
1V3MHJ. IVnaiAIONi
At irioi
•1
u
<
a.
a
^ s
2 «
p o
112
example of OPNAV 5239/11.
SUMMARY LISTING
An
ADDITIONAL COUNTERMEASURES
ADDITIONAL COUNTERMEASURES SUMMARY LISTING
2.
I.
4.
ROI
ALE SAVINGS
ANNUAL
B.
A.
ORIGINAL) ADJUSTED
COST
A.
B.
ORIGINAL ADJUSTED
113
3.
MANDATORY
COUNTERMEASURE REQUIREMENT
An
example of OPNAV 5239/12, RISK ASSESSMENT MATRIX
RISK ASSESSMENT MATRIX
ASSETS
AND THEIK IMPACT VALUE
TOTAL
ALE BY
THREAT
INDIVIDUAL
THREAT
$
$
$
%
r/
T>1
T
/
TVJ
$
$
$
TVJ
TV
TV
.
1
1
1
TOTAL ALE BY
TOTAL ALE
INDIVIDUAL ASSET
TV (THREAT VALUE) L (LOW)
114
M
(MEDIUM) H (HIOT)
example of OPNAV 5239/13,
SELECTION WORKSHEET
An
COUNTERMEASURES
ADDITIONAL
ADDmONALOlUNliJiMKAi^UkiilSfclLCTlUN WURKi>HLIir
A.
B.
C
D.
^-
ADDITIONAL
THREATS ORIGINAL REVISED ANNUAL
SAVINGS
ALE
ALE
COUNTERMEASURES PAIRED
I.
A.
A.
A.
A.
B.
B.
B.
B.
C
C
C
C
D.
D.
D.
D.
E.
ANNUAL
a
ADDITIONAL
COUNTERMEASURES
RETURN
COST OP
ON
ADDITIONAL
COUNTERMEASURES INVESTMENT
E.
B.
PRIORITIES
E.
ANNUAL SAVINGS SUBTOTAL
2.
A.
A.
A.
A.
B.
a
B.
a
C
c
C
c
D.
D.
D.
0.
E.
ANNUAL SAVINGS SUBTOTAL
115
E.
E.
E.
APPENDIX
AN EXAMPLE
OF THE
B
ACTIVITY ACCREDITATION SCHEDULE
Activity accreditation schedule sample format
I.
NAME & ADDRESS
OF ACTIVITY
2.
COS NAHSn^LEPHONE •
AUTOVON
COMMERaAL
8.
7.
6.
DAA(S)
ACTIVITY AOP ELEMENTS
DATA
LEVEL
I-II-III
MODES
APPUCATION
OF
NAME
OPERATION
116
HARDWARE
SOFTWARE
FAaUTT
(CPU)MFG
OS
NAME(S)
Activity accreditation schedule sample format continued
3.UIC
4.
ADPSO NAME/TELEPHONE
•
AUTOVON
COMMESaAL
8.
ACTIVITY ADP ELEMENTS
9.
ESTIMATED SCHEDULE
0.
H.
P.
COMM.
NETWORK TEMPEST COMSEC
DES
•NODES/ NAME(S)
required! REQUIRED REQUIRED
TERMINALS
YES NO
YES NO
YES
NO
117
R.A.
ST&E
CONT
PLAN
10.
NAME
ACCRED-
OP
ITATION
ADPSSO
:
Activity
Legend ex
pi
accrpditation
schedule
format
anat ion
1.
Name and address of activity
2.
Commanding
and
Commercial
3.
UIC
4.
ADP
Unit
-
sample
Officer's name and telephone number,
AUTOVON
Identification Code
Security
Officer (ADPSO) name and telephone number,
AUTOVON and Commercial
Provide
the
following information (items
5
through
10)
for
each ADP element of the activity:
5.
DAA
-
Officer,
Designated
Approving
Authority
COMNAVDAC. Director of Naval
-
Commanding
Intelligence, or Chief
Operations (OP-942)
of Naval
processed data
6.
Level
7.
Modes of operation
of
-
(I,
System
II,
and
III)
high, dedicated, controlled,
multilevel
8.
ADP element
a.
information:
Application name
(e,g..
payroll, logistics, finance,
UADPS Stockpoints, OSIS, SHARE/7, NACMIS. etc.)
b.
Hardware
(CPU)
manufacturer (e.g..
IBM
3081.
Univac
Univac
(Exec
1160, etc.)
c.
Software
1100)
d.
(operating
system)
(e.g..
)
Facility, building number/room number
118
s
e.
Commun icat 'ons
number of termi na
:
Number
of nodes
(locations).
and
1
f.
Networks (e.g.. AUTODIN
g.
TEMPEST
interface. TELNET. ARPANET)
yes or no, as applicable;
required:
if
yes,
provide TEMPEST task number
9.
10.
h.
Is
COMSEC required?
i.
Is
DES required?
(yes or no)
(yps or no)
Estimated schedule for completing accreditation:
a.
Risk assessment:
b.
ST&E:
c.
Contingency Plan development date
d.
Date
estimated star
plan development date;
for submitting request
i
o n
test date
for
Name of ADP systems security officer
119
t/ compl et
accreditation
(ADPSSO)
dates
LIST OF REFERENCES
1.
Head.
Management:
R..
S^^stems
lllX££in^ll£Il
f,£l£'^£l
The Brookings Institute.
Issues and DirectTons.
4.
p.
T^^TT
2.
National
Bureau of Standards.
^iij.l£lill£ LlL
£ £!n£Hl£I.
li^Hlill ££I.H^i£iil2" ££l A££I.^ 11^ £!!££• P* ^^' Federal
InTormation
"ProcessTng
StanB'arHs
Publication
102.
September 1983.
3.
National Bureau of Standards.
££''l£^i^££ ^9.'^ Automat i c
££l£ £l.°£££ll££ ^i^ii A£^''Z£-£" P* ^' f^^'^^'^^T TnTormatTon
Processing StandarH's PuFTication 65. August 1979.
4.
Ibj_d.
5.
Office
Management and Budget.
d_
ll£ t.£ill£ p.
n_
A-71. 27 July 1978.
of
A u t_o m a_t e
I
£X££iti£ t^^o
.
S£ c £ j_ t_^ o jF Federa
12. 0MB Circular No.
1_
U:
C.
6.
Picha.
Jill.
Budget Analyst. NAVDAC. Washington D.
Phone Conversation dated 2 April 1985
7.
Management and Budget.
D£t_a on
A£££^"£lll£'^'
i^c
Automat
Data
El.£££££l££ 1^
££^I.£H££^ ££ £££ £^
BuTTetin
No.
7 9-'S'.
TeTe£ommuj2 catj_on__s
luIiElJanuary "5.T^7"5.
Office of
i
8.
OPNAVINST.
9.
in
the
Security Considerations
Haase.
W.
W..
"Data
Annual
Computer
Seventh
Federal Government".
18.
p.
Security Conference. November 1980.
10.
££1^ e ]__i_ n_ e_ f £ r ALitomatj^c
National Bureau of Standards.
Pl.££P££l££ £ill£l££l l^£££lll ^£l ™^Ji ]l£££5.£I!l£"^
FeB"eraT InTormation Processing Stan3"ards "FublTca t ^ on TT.
foreward
June 1974.
5239. lA dated
3
August 1982.
s_
D£ta_
•
,
11.
Management and Budget.
Inf ormat on
Systems
A-71. 27 July l^T"?.
Office of
Automated
i
.
p.
Se££rit^ of_ Federal
TT. UffF CTrcuTar TIo
12.
Kroenke.
Research
David.
££l£££££ £££££l£l££
Associates. Inc.. 1977.
13.
Ibid.,
5.
p.
120
,
•
P*
^
'
Science
.
..
14.
15.
Robert.
2^ta_ba_s£
C.
7. John Wiley anB" ^ons.
Goldstp-in.
Management
.
Hawryszki ewyc z
T.,
I.
Dlta_ba__se
5, Science Research Assoc TaTes,
.
p.
b
d
p
^^^Jlll£l££l
l^^F.
p.
Ana_J_j/s^21
1'5"^4.
iHl
iHl
££ll5.Il»
15.
1 6
I
17.
Anything.
Frank.
"What.
If
Relational
is
a
no. 11. p. 119. July
Database?".
2 a t_a m a t j_o£ vol.
30.
1984.
18.
Hawryszk ewyc z
T..
I.
D^l^bjas^e Analys^2_s and
p. 36. Science Research Associates, T^M.
1
9
.
i
.
.
.
Sweet.
i
b j_d
i.
.
.
p
.
.
2
0.
20.
Kroenke.
David.
2ii^^£ £££££HllL£
Research Associates. Inc.. 1977.
2
2^11
•
•
P
•
181.
2 bid
.
.
P
.
2
1
2 2
.
££ll££-
P*
•
178.
Science
0.
23.
OPNAVINST.
24.
lbj_d.
25.
NAVPGSCGLINST. 5400. 2A dated
26.
Pressman. Roger S.. Software Eng neer ng
A££roach. p. 107. McGraw-HTJl
l?8l.
5239. lA dated
3
August 1982.
1
April
i
1982.
-<
:
A
Pract ioner
'
s
.
27.
Kroenke.
David.
^ll^^^li '^'^°££l.llll2*
Research Associates. Inc.. 1 ^77
28.
Hawryszk ewycz
T..
I.
D£i3ba_se Analys_2S_ a£d
p. 94. Science Research Associates, T^FT.
2 9
.
2 b j_d
3
.
_I
i
^11
P»
182.
.
.
.
p
.
10 0.
•
•
P
•
10 7.
Science
Des_j_£i2.
Science
31.
Kroenke.
David.
££!£ ^ a_ e £l.££££li££
Research Associates, Inc., 1977.
32.
Hawryszk ewyc z
T..
D£taba_se A£a]_^s_J_s^ and
I.
p. 115. Science Research Associates. 1984.
D££l££.
33.
Kroenke.
David.
2£^£^£££ ^'^°££££l££'
Research Associates, Inc., 1'577.
Science
s_
i
•
P«
179.
.
121
P*
188.
.
34
35
2 b j_d
.
.
p
.
2 8
9.
bid
.
.
p
.
3
5.
•
P
•
3
5-
,
p
.
310.
I
36
I^il
•
37
2 b 2d
.
38
Wipdprhold.
39
Hill
,
b_i_d
.
_I
Gio
2£l^^il£
££ll£II
•
P*
.
p
3
.
40
Ibid.,
41
Goldstein.
371.
p.
Robert
P*
^^
'
.
C..
2il^^^l£
John Wiley and "?ons.
Technol ogy
David,
Kroenke.
Databa__S£ Pf"0£e_s^s_2n^.
Research Associates. Inc.. 1977,
43
Hawryszkiewycz.
T..
Data^a_se_ An_a_2^s_j__s
I.
Science
Research
AssocTates,
1984.
p. 39,
44
Goldstein.
p.
•
45
2 b j_d
.
.
p
.
5
.
46
lbj_6
.
.
p
.
5
.
47
Hawryszkiewycz.
T..
Dat_a_ba_se A£alysj__s
I.
Science
AssocTates,
TltJ.
Research
p. 276.
48
2bj_d
p.
233.
49
2bJ_d
p.
326.
p.
328.
p.
441.
Ibid
52
Wiederhold.
Gio
Robert
.
!l£££££in££l
•
Science
a_ri_d_
Des_j_£n_.
iHl
'
2ili^il£
Hill, 1977.
Goldstein
252.
Robert.
C.
£^li^H£ l££illl£l °.£1
John Wiley and Sons. 1985.
P* ^^
]l£II£££H£Ill
51
and
1 '5'S"5'
42
53
McGraw
71.
lliIli££E!£Ill
50
^68,
1977.
P*
.
C.
.
2£ll£II
•
££l£^il£
^0. John Wiley and Sons.
122
P*
an_d_
D£1J.£I1'
589.
McGraw-
l£.£]lll£l££l
1985.
ctnd
.
INITIAL DISTRIBUTION LIST
No
1.
Library, Code 0142
Naval Postgraduate School
Monterey. California 93943
2.
CDR. Urbanek
Code 44
Naval Postgraduate
.
Copi PS
2
1
School
Monterey, California 93943
3
Prof. N. Lyons
Code 54LB
Naval Postgraduate School
Monterey. California 93943
4.
LCDR. P.S. Fischbeck
Code 55FB
Naval Postgraduate School
Monterey. California 93943
5.
NavalPostgraduateSchool
1
1
1
Computer Technology Curricular Office
Code 37
Monterey. California 93943
6.
Defense Technical Information Center
Cameron Station
Alexandria. Virginia 22314
2
7.
LCDR Fred W. Thompson, Jr.
3 North Parkway
Elkton, MD
21921
2
123
/
/>
V-(^
/
/
Thesis
1}h32
c.l
Thompson
Initial design of a
relational database
system for NPS computer asset identification and valuation for
Risk Assessment.
50 oer
p/i
25 JUL 89
3 2 9 56
3 S ~ 7 Ix
21
\j>
j^\j £~
Thesis
Tll32
c.l
Thompson
Initial design of a
relational database
system for NPS computer asset identification and valuation for
Risk Assessment.