F I G U R E 7 . 1 Common Object Request Broker Architecture CORBA Object Request Brokers ORBs are an offshoot of object-oriented program- ming, a topic discussed later in this chapter. The discussion of CORBA and ORBs presented here is, by necessity, an over- simplification designed to provide security professionals with an overview of the process. CORBA extends well beyond the model presented in Figure 7.1 to facilitate ORB-to-ORB interaction, load balancing, fault tolerance, and a num- ber of other features. If you’re interested in learning more about CORBA, the OMG has an excellent tutorial on their website at www.omg.orggetting- startedindex.htm . Microsoft Component Models The driving force behind OMG’s efforts to implement CORBA was the desire to create a com- mon standard that enabled non-vendor-specific interaction. However, as such things often go, Microsoft decided to develop its own proprietary standards for object management: COM and DCOM. The Component Object Model COM is Microsoft’s standard architecture for the use of components within a process or between processes running on the same system. It works across the range of Microsoft products, from development environments to the Office pro- ductivity suite. In fact, Office’s object linking and embedding OLE model that allows users to create documents that utilize components from different applications uses the COM architecture. Although COM is restricted to local system interactions, the Distributed Component Object Model DCOM extends the concept to cover distributed computing environments. It replaces COM’s interprocess communications capability with an ability to interact with the network stack and invoke objects located on remote systems. Client Request Object Request Object Request Broker ORB Although DCOM and CORBA are competing component architectures, Microsoft and OMG agreed to allow some interoperability between ORBs uti- lizing different models. Databases and Data Warehousing Almost every modern organization maintains some sort of database that contains information critical to operations—be it customer contact information, order tracking data, human resource and benefits information, or sensitive trade secrets. It’s likely that many of these databases con- tain personal information that users hold secret, such as credit card usage activity, travel habits, grocery store purchases, and telephone records. Because of the growing reliance on database systems, information security professionals must ensure that adequate security controls exist to protect them against unauthorized access, tampering, or destruction of data. In the following sections, we’ll discuss database management system DBMS architecture, the var- ious types of DBMSs, and their features. Then we’ll discuss database security features, polyinstantia- tion, ODBS, aggregation, inference, and data mining. They’re loaded sections, so pay attention. Database Management System DBMS Architecture Although there is variety of database management system DBMS architectures available today, the vast majority of contemporary systems implement a technology known as relational database management systems RDBMSs. For this reason, the following sections focus prima- rily on relational databases. However, first we’ll discuss two other important DBMS architec- tures: hierarchical and distributed. Hierarchical and Distributed Databases A hierarchical data model combines records and fields that are related in a logical tree structure. This is done so that each field can have one child, many, or no children, but each field can have only a single parent, resulting in a consistent data mapping relationship of one-to-many. The hier- archical database model is not considered to be as flexible as the model for relational databases which uses a data mapping relationship of one-to-one. This is due to the hierarchical database’s tree structure created by its linkages of data elements. Changing a single leaf or field is easy, but altering an entire branch called pruning is difficult. A great example of the hierarchical data model is the DNS system or the forked competition maps used in sports tournaments. The distributed data model has data stored in more than one database, but those databases are logically connected. The user perceives the database as a single entity, even though it com- prises numerous parts interconnected over a network. Each field can have numerous children as well as numerous parents. Thus, the data mapping relationship for distributed databases is many-to-many.