cse403
Post on 11-Feb-2016
221 Views
Preview:
DESCRIPTION
TRANSCRIPT
Lovely Professional University, Punjab
Course Code Course Title Course Planner Lectures Tutorials Practicals Credits
INT515 DATABASE SECURITY 15857::Nitin Umesh 3.0 0.0 0.0 3.0
Course Orientation 1 :DISCIPLINE KNOWLEDGE, 4 :RESEARCH
TextBooks
Sr No Title Author Edition Year Publisher Name
T-1 Database Security and Auditing: Protecting Data Integrity and Accessibility, 1/e
Afyouni Hassan A. 1st 2013 CENGAGE LEARNING
Reference Books
Sr No Title Author Edition Year Publisher Name
R-1 Information Systems Security: Security Management, Metrics, Frameworks And Best Practices (English)
Nina Godbole 1st WILEY
Other Reading
Sr No Journals articles as Compulsary reading (specific articles, complete reference)
OR-1 https://www.owasp.org/index.php/Preventing_SQL_Injection_in_Java ,
OR-2 www.w3schools.com/sql/sql_injection.asp ,
OR-3 https://crypto.stanford.edu/cs155/papers/cowan-vulnerability.pdf ,
Relevant Websites
Sr No Web address (only if relevant to the course) Salient Features
RW-1 https://www.cs.purdue.edu/homes/ake/cs348/Chapter23.ppt Introduction to Database Security Issues
RW-2 dsl.serc.iisc.ernet.in/publications/conference/secncs96.ps.gz Introduction Database Security - Database Systems Lab
RW-3 https://www.math.uni-bielefeld.de/ahlswede/homepage/public/234.pdf ON SECURITY OF STATISTICAL DATABASES
RW-4 isaac.doctor-gabriel.com/MSIS626_Touro/OSSecurity.ppt Operating System Security Fundamentals
RW-5 www.ines-conf.org/ines-conf/59_INES2004.pdf database security models
RW-6 https://www.owasp.org/index.php/Top_10_2013-Top_10 OWASP TOP 10
LTP week distribution: (LTP Weeks)
Weeks before MTE 7
Week Number
Lecture Number
Broad Topic(Sub Topic) Chapters/Sections of Text/reference books
Other Readings,Relevant Websites, Audio Visual Aids, software and Virtual Labs
Lecture Description Learning Outcomes Pedagogical ToolDemonstration/ Case Study / Images / animation / ppt etc. Planned
Live Examples
Week 1 Lecture 1 Security architecture(overview of information security(cia))
T-1:Chapter 1 Lecture 0 and overview of CIA
Understanding of confidentiality, integrity, and availability (CIA) model
Discussion
Lecture 2 Security architecture(database security and levels)
T-1:Chapter 1 Database security levels and menaces to databases
Understanding thevarious levels of Database security and vulnerabilities
Discussion Creating a newuser for LPUUMS as anapplication
Lecture 3 Security architecture(security methods)
T-1:Chapter 1 RW-3 Database security methodology and its essential aspects
Overview database security methodology In order to prevent unintended activities in database security
Discussion
Week 2 Lecture 4 Security architecture(asset types and their values)
T-1:Chapter 1R-1:Chapter 1
RW-1 Introduction of asset types and their values and brainstormingSession on some hands-on projects and case studies
Understanding of various hands-on projects and case studies of database security
Discussion real time asset classifications
Security architecture(overview of some hands-on projects and case studies)
T-1:Chapter 1R-1:Chapter 1
RW-1 Introduction of asset types and their values and brainstormingSession on some hands-on projects and case studies
Understanding of various hands-on projects and case studies of database security
Discussion
Lecture 5 Operating system security fundamentals(operating system overview and security environment)
T-1:Chapter 2 Basic function of operating system
To initiate study of operating system security fundamentals covering basic function of operating system
Discussion operating system security
Detailed Plan For Lectures
Weeks After MTE 7
Spill Over 7
Week 2 Lecture 6 Operating system security fundamentals(the components of operating system security environment)
Various authentication modes and components of operating system security environment
About DatabaseAuthentication,Advantages of DatabaseAuthentication ,Creating a User Who isAuthenticated by theDatabase, Using theOperating System toAuthenticate Users
Discussion
Operating system security fundamentals(authentication modes)
RW-4 Various authentication modes and components of operating system security environment
About DatabaseAuthentication,Advantages of DatabaseAuthentication ,Creating a User Who isAuthenticated by theDatabase, Using theOperating System toAuthenticate Users
Discussion Authenticationas used in SQLServer
Week 3 Lecture 7 Administration of users(creating Users)
T-1:Chapter 3 L7: Creating a NewUser Account,Specifying a UserName, Assigning theUser a PasswordL8: Assigning a DefaultTablespace, TablespaceQuota, TemporaryTablespace for the User,Specifying a Profile andSetting a Default Rolefor the User
Learn about creatinga User Account,creating table spaceto create certain typeof objects andspecifying the profilefor creating the user
Demonstration andDiscussion
Study ofsegregated rolesamong owners,custodians andusers w.r.t.schema objects
Administration of users(creating a sql server Users)
T-1:Chapter 3 L7: Creating a NewUser Account,Specifying a UserName, Assigning theUser a PasswordL8: Assigning a DefaultTablespace, TablespaceQuota, TemporaryTablespace for the User,Specifying a Profile andSetting a Default Rolefor the User
Learn about creatinga User Account,creating table spaceto create certain typeof objects andspecifying the profilefor creating the user
Demonstration andDiscussion
Week 3 Lecture 8 Administration of users(creating a sql server Users)
T-1:Chapter 3 L7: Creating a NewUser Account,Specifying a UserName, Assigning theUser a PasswordL8: Assigning a DefaultTablespace, TablespaceQuota, TemporaryTablespace for the User,Specifying a Profile andSetting a Default Rolefor the User
Learn about creatinga User Account,creating table spaceto create certain typeof objects andspecifying the profilefor creating the user
Demonstration andDiscussion
Administration of users(creating Users)
T-1:Chapter 3 L7: Creating a NewUser Account,Specifying a UserName, Assigning theUser a PasswordL8: Assigning a DefaultTablespace, TablespaceQuota, TemporaryTablespace for the User,Specifying a Profile andSetting a Default Rolefor the User
Learn about creatinga User Account,creating table spaceto create certain typeof objects andspecifying the profilefor creating the user
Demonstration andDiscussion
Study ofsegregated rolesamong owners,custodians andusers w.r.t.schema objects
Lecture 9 Administration of users(modifying users)
T-1:Chapter 3 About Altering UserAccounts, Using theALTER USERStatement to Alter aUser Account, ChangingNon-SYS UserPasswords, Changingthe SYS User Password
Learn about changingany option of a usersecurity domain
Demonstration andDiscussion
Week 4 Lecture 10 Administration of users(removing users)
T-1:Chapter 3 Dropping a UserAccount , Using DataDictionary Views,Listing All Users,Listing All TablespaceQuotas, Listing AllProfile and AssignedLimits, ViewingMemory User for EachUser Session
Learn about queryingfor the Session ID ofthe user,killing theUser session, deletingthe User Account andfinding informationabout users andprofiles
Demonstration andDiscussion
Lecture 11 Administration of users(default users)
T-1:Chapter 3 Default users for Oracle and Sql server
To differentiate the essential users from the optional users
Discussion Facebook account handling
Lecture 12 Administration of users(database links)
T-1:Chapter 3 Database link architecture and authentication methods
Understanding of database link architecture and authentication methods
Discussion
Week 5 Lecture 13 Test1
Week 5 Lecture 14 Administration of users(linked servers and remote servers)
T-1:Chapter 3 Remote server and database link architecture and authentication methods
Understanding of database link architecture and authentication methods and Remote server
Discussion
Lecture 15 Profiles, password policies, privileges and roles(defining and using profiles)
T-1:Chapter 4 Creating profiles through various platforms
Importance of defining and using profiles
Discussion and demonstration
Week 6 Lecture 16 Profiles, password policies, privileges and roles(designing and implementing password policies)
T-1:Chapter 4 Designing and execution of password policies
Learning of designing and implementing password policies
Discussion
Lecture 17 Profiles, password policies, privileges and roles(granting and revoking user privileges)
T-1:Chapter 4 RW-2 to grant and revoke privileges with syntax and examples
tutorial explains how to grant and revoke privileges with syntax and examples
Demonstration and Discussion
Study ofsegregated rolesamong owners,custodians andusers w.r.t.schema objects
Lecture 18 Profiles, password policies, privileges and roles(creating, assigning and revoking user roles)
T-1:Chapter 4 Learning concept of creating, assigning and revoking user roles
As administrator, you should create your own roles and assign only those privileges that are needed
demonstration Facebook account handling
Week 7 Lecture 19 Profiles, password policies, privileges and roles(creating, assigning and revoking user roles)
T-1:Chapter 4 Learning concept of creating, assigning and revoking user roles
As administrator, you should create your own roles and assign only those privileges that are needed
demonstration Facebook account handling
SPILL OVERWeek 7 Lecture 20 Spill Over
Lecture 21 Spill Over
MID-TERMWeek 8 Lecture 22 Database application
security models(types of users and security models)
T-1:Chapter 5 RW-5 study of Various types of users and security models
Preventing unauthorized users from any access
demonstration segregation of user role
Lecture 23 Database application security models(application types)
T-1:Chapter 5 RW-5 Various application types where security can be enforced
Concept of various application types where security can be enforced
demonstration access models
Week 8 Lecture 24 Database application security models(application security models)
T-1:Chapter 5 RW-5 Security models based on different applications
Learn the common characteristics of applications from a security perspective and introduces the application security models
demonstration
Week 9 Lecture 25 Database application security models(data encryption)
T-1:Chapter 5 Role of encryption in database security
choosing encryption at the application level, the database level, or the storage level
demonstration storing confidential data
Lecture 26 Test2
Lecture 27 Virtual private databases(overview of virtual private databases)
T-1:Chapter 6 Introduction of virtual private databases
Learn aboutpreventing orpermiting the userfrom accessing datathrough theapplication
demonstration Maintaininginformationabout accountnumber toretrieve thesalary of theemployee inLPU UMS
Week 10 Lecture 28 Virtual private databases(implementing vpd using views)
T-1:Chapter 6 Concept of using views for implementing vpd
Learning views for implementing vpd
demonstration
Lecture 29 Virtual private databases(implementing vpd using application context)
T-1:Chapter 6 Implementation of Virtual Private Database using application context
Application context can be used with fine-grained access control as part of Virtual Private Database (VPD) or by itself
demonstration Application of Virtual Private Database
Lecture 30 Virtual private databases(row and column level security)
T-1:Chapter 6 Specifying Row and Column Level Security
This topic provides an overview of role and user-based security and discusses how to: Define security roles
demonstration SQL Server offers RLS/CLS - short for Row Level Security / Cell Level Security
Week 11 Lecture 31 Database auditing models(auditing classifications and types)
T-1: the detailed classification of audit will be discussed
Identifying types of audits and its need in databases
Discussion
Lecture 32 Database auditing models(advantages of auditing and overview of database security checklist)
T-1:Chapter 7 Security auditing best practices as well as the importance of conducting
Study of open Security Checklists and Recommendations
Discussion Real time audit
Lecture 33 Term Paper,Test3
Week 12 Lecture 34 Vulnerabilities existing in database system(owasp top 10 web security vulnerabilities)
OR-1RW-6
to build, design and test the security of web applications and web services specially related to databases
Understanding a powerful awareness document for web application security
Discussion and demonstration
Lecture 35 Vulnerabilities existing in database system(owasp top 10 web security vulnerabilities)
OR-1RW-6
to build, design and test the security of web applications and web services specially related to databases
Understanding a powerful awareness document for web application security
Discussion and demonstration
Lecture 36 Vulnerabilities existing in database system(owasp top 10 web security vulnerabilities)
OR-1RW-6
to build, design and test the security of web applications and web services specially related to databases
Understanding a powerful awareness document for web application security
Discussion and demonstration
Week 13 Lecture 37 Vulnerabilities existing in database system(sql injection)
OR-2 Study of a code injection technique
Learning about the most common application layer attack techniques used today
Demonstration and Discussion
real time database attack
Lecture 38 Vulnerabilities existing in database system(sql injection)
OR-2 Study of a code injection technique
Learning about the most common application layer attack techniques used today
Demonstration and Discussion
real time database attack
Lecture 39 Vulnerabilities existing in database system(buffer overflows - dos and ddos)
OR-3RW-6
Study of buffer over flow on detail with case studies
Understanding how a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold and what it may cause
Demonstration and Discussion
Condition of server down
Week 14 Lecture 40 Vulnerabilities existing in database system(buffer overflows - dos and ddos)
OR-3RW-6
Study of buffer over flow on detail with case studies
Understanding how a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold and what it may cause
Demonstration and Discussion
Condition of server down
SPILL OVERWeek 14 Lecture 41 Spill Over
Lecture 42 Spill Over
Week 15 Lecture 43 Spill Over
Lecture 44 Spill Over
Week 15 Lecture 45 Spill Over
Scheme for CA:Component Frequency Out Of Each Marks Total Marks
Test 2 3 10 20
Total :- 10 20
Details of Academic Task(s)
AT No. Objective Topic of the Academic Task Nature of Academic Task(group/individuals/field
work
Evaluation Mode Allottment / submission Week
Test1 To check the understanding as well as performance of the students based upon the concepts taught
Syllabus from week 1 to week 4 Individual All questions of 5 marks each or in multiples of 5
4 / 5
Test2 To check the understanding as well as performance of the students based upon the concepts taught
Syllabus from week 5 to week 9 Individual All question will be of 5 marks or multiple of 5 marks
7 / 9
Test3 To check the understanding as well as performance of the students based upon the concepts taught
Syllabus from week 10 to week 12 Individual All question will be of 5 marks or multiple of 5 marks
11 / 12
top related