cse403

Lovely Professional University, Punjab

Course Code Course Title Course Planner Lectures Tutorials Practicals Credits

INT515 DATABASE SECURITY 15857::Nitin Umesh 3.0 0.0 0.0 3.0

Course Orientation 1 :DISCIPLINE KNOWLEDGE, 4 :RESEARCH

TextBooks

Sr No Title Author Edition Year Publisher Name

T-1 Database Security and Auditing: Protecting Data Integrity and Accessibility, 1/e

Afyouni Hassan A. 1st 2013 CENGAGE LEARNING

Reference Books

Sr No Title Author Edition Year Publisher Name

R-1 Information Systems Security: Security Management, Metrics, Frameworks And Best Practices (English)

Nina Godbole 1st WILEY

Other Reading

Sr No Journals articles as Compulsary reading (specific articles, complete reference)

OR-1 https://www.owasp.org/index.php/Preventing_SQL_Injection_in_Java ,

OR-2 www.w3schools.com/sql/sql_injection.asp ,

OR-3 https://crypto.stanford.edu/cs155/papers/cowan-vulnerability.pdf ,

Relevant Websites

Sr No Web address (only if relevant to the course) Salient Features

RW-1 https://www.cs.purdue.edu/homes/ake/cs348/Chapter23.ppt Introduction to Database Security Issues

RW-2 dsl.serc.iisc.ernet.in/publications/conference/secncs96.ps.gz Introduction Database Security - Database Systems Lab

RW-3 https://www.math.uni-bielefeld.de/ahlswede/homepage/public/234.pdf ON SECURITY OF STATISTICAL DATABASES

RW-4 isaac.doctor-gabriel.com/MSIS626_Touro/OSSecurity.ppt Operating System Security Fundamentals

RW-5 www.ines-conf.org/ines-conf/59_INES2004.pdf database security models

RW-6 https://www.owasp.org/index.php/Top_10_2013-Top_10 OWASP TOP 10

LTP week distribution: (LTP Weeks)

Weeks before MTE 7

Week Number

Lecture Number

Broad Topic(Sub Topic) Chapters/Sections of Text/reference books

Other Readings,Relevant Websites, Audio Visual Aids, software and Virtual Labs

Lecture Description Learning Outcomes Pedagogical ToolDemonstration/ Case Study / Images / animation / ppt etc. Planned

Live Examples

Week 1 Lecture 1 Security architecture(overview of information security(cia))

T-1:Chapter 1 Lecture 0 and overview of CIA

Understanding of confidentiality, integrity, and availability (CIA) model

Discussion

Lecture 2 Security architecture(database security and levels)

T-1:Chapter 1 Database security levels and menaces to databases

Understanding thevarious levels of Database security and vulnerabilities

Discussion Creating a newuser for LPUUMS as anapplication

Lecture 3 Security architecture(security methods)

T-1:Chapter 1 RW-3 Database security methodology and its essential aspects

Overview database security methodology In order to prevent unintended activities in database security

Discussion

Week 2 Lecture 4 Security architecture(asset types and their values)

T-1:Chapter 1R-1:Chapter 1

RW-1 Introduction of asset types and their values and brainstormingSession on some hands-on projects and case studies

Understanding of various hands-on projects and case studies of database security

Discussion real time asset classifications

Security architecture(overview of some hands-on projects and case studies)

T-1:Chapter 1R-1:Chapter 1

RW-1 Introduction of asset types and their values and brainstormingSession on some hands-on projects and case studies

Understanding of various hands-on projects and case studies of database security

Discussion

Lecture 5 Operating system security fundamentals(operating system overview and security environment)

T-1:Chapter 2 Basic function of operating system

To initiate study of operating system security fundamentals covering basic function of operating system

Discussion operating system security

Detailed Plan For Lectures

Weeks After MTE 7

Spill Over 7

Week 2 Lecture 6 Operating system security fundamentals(the components of operating system security environment)

Various authentication modes and components of operating system security environment

About DatabaseAuthentication,Advantages of DatabaseAuthentication ,Creating a User Who isAuthenticated by theDatabase, Using theOperating System toAuthenticate Users

Discussion

Operating system security fundamentals(authentication modes)

RW-4 Various authentication modes and components of operating system security environment

About DatabaseAuthentication,Advantages of DatabaseAuthentication ,Creating a User Who isAuthenticated by theDatabase, Using theOperating System toAuthenticate Users

Discussion Authenticationas used in SQLServer

Week 3 Lecture 7 Administration of users(creating Users)

T-1:Chapter 3 L7: Creating a NewUser Account,Specifying a UserName, Assigning theUser a PasswordL8: Assigning a DefaultTablespace, TablespaceQuota, TemporaryTablespace for the User,Specifying a Profile andSetting a Default Rolefor the User

Learn about creatinga User Account,creating table spaceto create certain typeof objects andspecifying the profilefor creating the user

Demonstration andDiscussion

Study ofsegregated rolesamong owners,custodians andusers w.r.t.schema objects

Administration of users(creating a sql server Users)




Week 3 Lecture 8 Administration of users(creating a sql server Users)




Administration of users(creating Users)





Lecture 9 Administration of users(modifying users)

T-1:Chapter 3 About Altering UserAccounts, Using theALTER USERStatement to Alter aUser Account, ChangingNon-SYS UserPasswords, Changingthe SYS User Password

Learn about changingany option of a usersecurity domain


Week 4 Lecture 10 Administration of users(removing users)

T-1:Chapter 3 Dropping a UserAccount , Using DataDictionary Views,Listing All Users,Listing All TablespaceQuotas, Listing AllProfile and AssignedLimits, ViewingMemory User for EachUser Session

Learn about queryingfor the Session ID ofthe user,killing theUser session, deletingthe User Account andfinding informationabout users andprofiles


Lecture 11 Administration of users(default users)

T-1:Chapter 3 Default users for Oracle and Sql server

To differentiate the essential users from the optional users

Discussion Facebook account handling

Lecture 12 Administration of users(database links)

T-1:Chapter 3 Database link architecture and authentication methods

Understanding of database link architecture and authentication methods

Discussion

Week 5 Lecture 13 Test1

Week 5 Lecture 14 Administration of users(linked servers and remote servers)

T-1:Chapter 3 Remote server and database link architecture and authentication methods

Understanding of database link architecture and authentication methods and Remote server

Discussion

Lecture 15 Profiles, password policies, privileges and roles(defining and using profiles)

T-1:Chapter 4 Creating profiles through various platforms

Importance of defining and using profiles

Discussion and demonstration

Week 6 Lecture 16 Profiles, password policies, privileges and roles(designing and implementing password policies)

T-1:Chapter 4 Designing and execution of password policies

Learning of designing and implementing password policies

Discussion

Lecture 17 Profiles, password policies, privileges and roles(granting and revoking user privileges)

T-1:Chapter 4 RW-2 to grant and revoke privileges with syntax and examples

tutorial explains how to grant and revoke privileges with syntax and examples

Demonstration and Discussion


Lecture 18 Profiles, password policies, privileges and roles(creating, assigning and revoking user roles)

T-1:Chapter 4 Learning concept of creating, assigning and revoking user roles

As administrator, you should create your own roles and assign only those privileges that are needed

demonstration Facebook account handling

Week 7 Lecture 19 Profiles, password policies, privileges and roles(creating, assigning and revoking user roles)

T-1:Chapter 4 Learning concept of creating, assigning and revoking user roles

As administrator, you should create your own roles and assign only those privileges that are needed

demonstration Facebook account handling

SPILL OVERWeek 7 Lecture 20 Spill Over

Lecture 21 Spill Over

MID-TERMWeek 8 Lecture 22 Database application

security models(types of users and security models)

T-1:Chapter 5 RW-5 study of Various types of users and security models

Preventing unauthorized users from any access

demonstration segregation of user role

Lecture 23 Database application security models(application types)

T-1:Chapter 5 RW-5 Various application types where security can be enforced

Concept of various application types where security can be enforced

demonstration access models

Week 8 Lecture 24 Database application security models(application security models)

T-1:Chapter 5 RW-5 Security models based on different applications

Learn the common characteristics of applications from a security perspective and introduces the application security models

demonstration

Week 9 Lecture 25 Database application security models(data encryption)

T-1:Chapter 5 Role of encryption in database security

choosing encryption at the application level, the database level, or the storage level

demonstration storing confidential data

Lecture 26 Test2

Lecture 27 Virtual private databases(overview of virtual private databases)

T-1:Chapter 6 Introduction of virtual private databases

Learn aboutpreventing orpermiting the userfrom accessing datathrough theapplication

demonstration Maintaininginformationabout accountnumber toretrieve thesalary of theemployee inLPU UMS

Week 10 Lecture 28 Virtual private databases(implementing vpd using views)

T-1:Chapter 6 Concept of using views for implementing vpd

Learning views for implementing vpd

demonstration

Lecture 29 Virtual private databases(implementing vpd using application context)

T-1:Chapter 6 Implementation of Virtual Private Database using application context

Application context can be used with fine-grained access control as part of Virtual Private Database (VPD) or by itself

demonstration Application of Virtual Private Database

Lecture 30 Virtual private databases(row and column level security)

T-1:Chapter 6 Specifying Row and Column Level Security

This topic provides an overview of role and user-based security and discusses how to: Define security roles

demonstration SQL Server offers RLS/CLS - short for Row Level Security / Cell Level Security

Week 11 Lecture 31 Database auditing models(auditing classifications and types)

T-1: the detailed classification of audit will be discussed

Identifying types of audits and its need in databases

Discussion

Lecture 32 Database auditing models(advantages of auditing and overview of database security checklist)

T-1:Chapter 7 Security auditing best practices as well as the importance of conducting

Study of open Security Checklists and Recommendations

Discussion Real time audit

Lecture 33 Term Paper,Test3

Week 12 Lecture 34 Vulnerabilities existing in database system(owasp top 10 web security vulnerabilities)

OR-1RW-6

to build, design and test the security of web applications and web services specially related to databases

Understanding a powerful awareness document for web application security


Lecture 35 Vulnerabilities existing in database system(owasp top 10 web security vulnerabilities)

OR-1RW-6




Lecture 36 Vulnerabilities existing in database system(owasp top 10 web security vulnerabilities)

OR-1RW-6




Week 13 Lecture 37 Vulnerabilities existing in database system(sql injection)

OR-2 Study of a code injection technique

Learning about the most common application layer attack techniques used today


real time database attack

Lecture 38 Vulnerabilities existing in database system(sql injection)

OR-2 Study of a code injection technique

Learning about the most common application layer attack techniques used today


real time database attack

Lecture 39 Vulnerabilities existing in database system(buffer overflows - dos and ddos)

OR-3RW-6

Study of buffer over flow on detail with case studies

Understanding how a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold and what it may cause


Condition of server down

Week 14 Lecture 40 Vulnerabilities existing in database system(buffer overflows - dos and ddos)

OR-3RW-6

Study of buffer over flow on detail with case studies

Understanding how a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold and what it may cause


Condition of server down

SPILL OVERWeek 14 Lecture 41 Spill Over


Week 15 Lecture 43 Spill Over


Week 15 Lecture 45 Spill Over

Scheme for CA:Component Frequency Out Of Each Marks Total Marks

Test 2 3 10 20

Total :- 10 20

Details of Academic Task(s)

AT No. Objective Topic of the Academic Task Nature of Academic Task(group/individuals/field

work

Evaluation Mode Allottment / submission Week

Test1 To check the understanding as well as performance of the students based upon the concepts taught

Syllabus from week 1 to week 4 Individual All questions of 5 marks each or in multiples of 5

4 / 5


Syllabus from week 5 to week 9 Individual All question will be of 5 marks or multiple of 5 marks

7 / 9


Syllabus from week 10 to week 12 Individual All question will be of 5 marks or multiple of 5 marks

11 / 12

cse403

Documents