Your company sells toys online worldwide, which is supported by a three-tiered web-based E-Commerce system. The data tier is an active-passive high-availability cluster of RDBMS servers. A special-priced toy is hot selling so much so that only one is available in stock. Two customers online concurrently place an order, and both receive a success response. The stock quantity becomes an unreasonable value, a negative one. Which of the following is least helpful to mitigate the risk?
A. Isolation
B. The ACID principle
C. The * (star) Integrity Property
D. Concurrency control
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. The * (star) Integrity Property.
The Biba model
In the Biba model, “the * (star) Integrity Property states that a subject at a given level of integrity must not write to data at a higher level of integrity (no write up).” (Wikipedia)
The Biba model maintains integrity in the MAC (Mandatory Access Control) environment that entails a subject’s clearance and an object’s label. Few RDBMSs support MAC. If a database management system (DBMS) supports MAC, it is better known as multi-level databases. Most of the multi-level databases support the Bell-LaPadula Model for confidentiality.
ACID
Transactions are controls to maintain data integrity in an RDBMS, e.g., entity, semantic, and referential integrity. The Clark-Wilson model introduces the idea of transactions. ACID is the acronym for atomicity, consistency, isolation, and durability. Transactions are typically implemented per the ACID principle or properties.
Concurrency Control
Concurrency control mitigates race conditions for shared resources. Several users, processes, or threads may compete for shared resources. Lock, mutex, and semaphore are common concurrency controls for processes or threads. If requests for shared resources are not appropriately mediated, deadlocks are common adverse outcomes in an RDBMS.
Transaction Isolation Levels
Transactions can be isolated to avoid race conditions and enforce integrity. Different transaction isolation levels meet different levels of isolation requirements. For example, Microsoft SQL Server supports isolation levels, such as Read uncommitted, Read committed, Repeatable read, and Serializable.
Reference
- Isolation
- Concurrency control
- ACID properties of transactions
- Active-Active vs. Active-Passive High-Availability Clustering
- Transaction Isolation Levels (ODBC)
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.