Encyclopedia of Computer Science and Technology

data structures 137ture and terminology, but also provide for varying userstatus and access to objects.Record-level SecuritySecurity on the basis of whole directories or even files maybe too “coarse” for many applications. In a particular databasefile, different users may be given access to differentdata fields. For example, a clerk may have read-only accessto an employee’s basic identification information, but notto the results of performance evaluations. An administratormay have both read and write access to the latter. Usingsome combination of database management and operatingsystem level capabilities, the system will maintain lists ofuser accounts together with the objects (such as recordtypes or fields) they can access, and the types of access(read only or read/write) that are permitted. Rather thanassigning access capabilities separately for each user, theymay be defined for a group of similar users, and then individualusers can be assigned to the group.Other Security MeasuresSecurity is also important at the program level. Because abadly written (or malicious) program might destroy importantdata or system files, most modern operating systemsrestrict programs in a number of ways. Generally, each programis allowed to access only such memory as it allocatesitself, and is not able to change data in memory belongingto other running programs. Access to hardware devices canalso be restricted: an operating system component may havethe ability to access the innermost core of the operating system(where drivers interact directly with devices), whilean ordinary applications program may be able to accessdevices only through facilities provided by the operatingsystem.There are a number of techniques that unauthorizedintruders can use to try to compromise operating systems(see computer crime and security). Access capabilitiesthat are tied to user status are vulnerable if the user can getthe login ID and password for the account. If the accounthas a high (administrator or root) status, then the intrudermay be able to give viruses, Trojan horses, or other maliciousprograms the status they need in order to be able topenetrate the defenses of the operating system (see alsocomputer virus).Files that have intrinsically sensitive or valuable dataare often further protected by encoding them (see encryption).Encryption means that even intruders who gain readaccess to the file will need either to crack the encryption(very difficult without considerable time and computerresources) or somehow obtain the key. Encryption does notprevent the deletion or copying of a file, however, just theunderstanding of its contents.The dispersal of valuable or sensitive data (such as customers’social security numbers) across expanding networksincreases the risk of “data breaches” where the privacy,financial security, and even identity of thousands of peopleare compromised (see also identity theft). In recentyears, for example, there have been numerous cases wherelaptop computers containing thousands of sensitive recordshave been stolen from universities, financial institutions,or government agencies—in such cases there is often noway to know whether the thief will actually access the data.(Often affected individuals are notified that they may beat risk, and such prophylactic measures as credit monitoringare provided.) In response to public anxiety there hasbeen pressure for federal or state legislation that wouldmake companies responsible for breaches of their data andspecify compensation or other recourse for affected customers.(Opponents of such laws cite government reports thatfind that most data breaches do not lead to identity theft,and that the regulations would increase the cost of millionsof daily transactions.)There is a continuing tradeoff between security and easeof use. From the security standpoint, it might be assumedthat the more barriers or checkpoints that can be set upfor verifying authorization, the safer the system will be.However, as security systems become more complex, itbecomes more difficult to ensure that authorized users arenot unduly inconvenienced. If users are sufficiently frustrated,they will be tempted to try to bypass security, suchas by sharing IDs and passwords or making files they create“public.”Further ReadingGarretson, Cara. “The Do’s and Don’ts of Data Breaches: HowSecurity Professionals Can Lessen the Impact.” NetworkWorld, June 18, 2007, p. 1.Grant, Gross. “Gov’t Report: Data Breaches Don’t Often Result inID Theft.” PC World, July 6, 2007, n.p. Available online. URL:http://www.pcworld.com/article/id,134203-c,privacysecurity/article.html. Accessed July 8, 2007.Killmeyer, Jan. Information Security Architecture: An IntegratedApproach to Security in the Organization. 2nd ed. Boca Raton,Fla.: Auerbach Publications, 2006.Rasch, Max. “Strict Liability for Data Breaches?” Availableonline. URL: http://www.securityfocus.com/columnists/387.Accessed July 8, 2007.Tipton, Harold F., and Micki Krause. Information Security ManagementHandbook. 6th ed. Boca Raton, Fla.: Auerbach Publications,2007.data structuresA data structure is a way of organizing data for use in acomputer program. There are three basic components to adata structure: a set of suitable basic data types, a way toorganize or relate these data items to one another, and a setof operations, or ways to manipulate the data.For example, the array is a data structure that canconsist of just about any of the basic data types, althoughall data must be of the same type. The way the data is organizedis by storing it in sequentially addressable locations.The operations include storing a data item (element) in thearray and retrieving a data item from the array.Types of Data StructuresThe data structures commonly used in computer scienceinclude arrays (as discussed above) and various types oflists. The primary difference between an array and a list isthat an array has no internal links between its elements,