Lovely Professional University, Punjab

Course Code

Course Title

Course Planner

INT515

DATABASE SECURITY

15857::Nitin Umesh

Course Orientation

1 :DISCIPLINE KNOWLEDGE, 4 :RESEARCH

Lectures
3.0

Tutorials Practicals Credits

0.0

TextBooks
Sr No

Title

Author

Edition

Year

Publisher Name

T-1

Database Security and Auditing:

Protecting Data Integrity and
Accessibility, 1/e

Afyouni Hassan A.

1st

2013

CENGAGE LEARNING

Year

Publisher Name

Reference Books
Sr No

Title

Author

Edition

R-1

Information Systems Security:

Security Management, Metrics,
Frameworks And Best Practices
(English)

Nina Godbole

1st

WILEY

Other Reading
Sr No

Journals articles as Compulsary reading (specific articles, complete reference)

OR-1

https://www.owasp.org/index.php/Preventing_SQL_Injection_in_Java ,

OR-2

www.w3schools.com/sql/sql_injection.asp ,

OR-3

https://crypto.stanford.edu/cs155/papers/cowan-vulnerability.pdf ,

Relevant Websites
Sr No

Web address (only if relevant to the course)

Salient Features

RW-1

https://www.cs.purdue.edu/homes/ake/cs348/Chapter23.ppt

Introduction to Database Security Issues

RW-2

dsl.serc.iisc.ernet.in/publications/conference/secncs96.ps.gz

Introduction Database Security - Database Systems Lab

RW-3

https://www.math.uni-bielefeld.de/ahlswede/homepage/public/234.pdf

ON SECURITY OF STATISTICAL DATABASES

RW-4

isaac.doctor-gabriel.com/MSIS626_Touro/OSSecurity.ppt

Operating System Security Fundamentals

RW-5

www.ines-conf.org/ines-conf/59_INES2004.pdf

database security models

RW-6

https://www.owasp.org/index.php/Top_10_2013-Top_10

OWASP TOP 10

LTP week distribution: (LTP Weeks)

Weeks before MTE

0.0

3.0

Weeks After MTE

Spill Over

Detailed Plan For Lectures

Week
Lecture
Number Number

Broad Topic(Sub Topic)

Week 1

Lecture 1

Security architecture
(overview of information
security(cia))

T-1:Chapter 1

Lecture 0 and overview Understanding of

of CIA
confidentiality,
integrity, and
availability (CIA)
model

Lecture 2

Security architecture
(database security and
levels)

T-1:Chapter 1

Database security levels Understanding the

Discussion
and menaces to
various levels of
databases
Database security and
vulnerabilities

Lecture 3

Security architecture
(security methods)

T-1:Chapter 1

RW-3

Database security
methodology and its
essential aspects

Overview database
Discussion
security methodology
In order to prevent
unintended activities
in database security

Lecture 4

Security architecture(asset
types and their values)

T-1:Chapter 1
R-1:Chapter 1

RW-1

Introduction of asset
types and their values
and brainstorming
Session on some handson projects and case
studies

Understanding of
various hands-on
projects and case
studies of database
security

Discussion

Security architecture
(overview of some hands-on
projects and case studies)

T-1:Chapter 1
R-1:Chapter 1

RW-1

Introduction of asset
types and their values
and brainstorming
Session on some handson projects and case
studies

Understanding of
various hands-on
projects and case
studies of database
security

Discussion

Operating system security

fundamentals(operating
system overview and
security environment)

T-1:Chapter 2

Basic function of
operating system

To initiate study of
Discussion
operating system
security fundamentals
covering basic
function of operating
system

Week 2

Lecture 5

Chapters/Sections of Other Readings,

Text/reference
Relevant Websites,
books
Audio Visual Aids,
software and Virtual
Labs

Lecture Description

Learning Outcomes Pedagogical Tool Live Examples

Demonstration/
Case Study /
Images /
animation / ppt
etc. Planned
Discussion

Creating a new
user for LPU
UMS as an
application

real time asset

classifications

operating
system security

Week 2

Lecture 6

Operating system security

fundamentals(the
components of operating
system security
environment)

Operating system security

fundamentals(authentication
modes)

Week 3

Lecture 7

RW-4

Various authentication
modes and components
of operating system
security environment

About Database
Discussion
Authentication,
Advantages of
Database
Authentication ,
Creating a User Who
is
Authenticated by the
Database, Using the
Operating System to
Authenticate Users

Various authentication
modes and components
of operating system
security environment

About Database
Discussion
Authentication,
Advantages of
Database
Authentication ,
Creating a User Who
is
Authenticated by the
Database, Using the
Operating System to
Authenticate Users

Authentication
as used in SQL
Server

Study of
segregated roles
among owners,
custodians and
users w.r.t.
schema objects

Administration of users
(creating Users)

T-1:Chapter 3

L7: Creating a New

User Account,
Specifying a User
Name, Assigning the
User a Password
L8: Assigning a Default
Tablespace, Tablespace
Quota, Temporary
Tablespace for the User,
Specifying a Profile and
Setting a Default Role
for the User

Learn about creating Demonstration and

a User Account,
Discussion
creating table space
to create certain type
of objects and
specifying the profile
for creating the user

Administration of users
(creating a sql server Users)

T-1:Chapter 3

L7: Creating a New

User Account,
Specifying a User
Name, Assigning the
User a Password
L8: Assigning a Default
Tablespace, Tablespace
Quota, Temporary
Tablespace for the User,
Specifying a Profile and
Setting a Default Role
for the User

Learn about creating Demonstration and

a User Account,
Discussion
creating table space
to create certain type
of objects and
specifying the profile
for creating the user

Week 3

Lecture 8

Administration of users
(creating a sql server Users)

T-1:Chapter 3

L7: Creating a New

User Account,
Specifying a User
Name, Assigning the
User a Password
L8: Assigning a Default
Tablespace, Tablespace
Quota, Temporary
Tablespace for the User,
Specifying a Profile and
Setting a Default Role
for the User

Learn about creating Demonstration and

a User Account,
Discussion
creating table space
to create certain type
of objects and
specifying the profile
for creating the user

Administration of users
(creating Users)

T-1:Chapter 3

L7: Creating a New

User Account,
Specifying a User
Name, Assigning the
User a Password
L8: Assigning a Default
Tablespace, Tablespace
Quota, Temporary
Tablespace for the User,
Specifying a Profile and
Setting a Default Role
for the User

Learn about creating Demonstration and

a User Account,
Discussion
creating table space
to create certain type
of objects and
specifying the profile
for creating the user

Administration of users
(modifying users)

T-1:Chapter 3

About Altering User

Learn about changing Demonstration and
Accounts, Using the
any option of a user Discussion
ALTER USER
security domain
Statement to Alter a
User Account, Changing
Non-SYS User
Passwords, Changing
the SYS User Password

Lecture 10 Administration of users

(removing users)

T-1:Chapter 3

Dropping a User
Account , Using Data
Dictionary Views,
Listing All Users,
Listing All Tablespace
Quotas, Listing All
Profile and Assigned
Limits, Viewing
Memory User for Each
User Session

Lecture 11 Administration of users

(default users)

T-1:Chapter 3

Default users for Oracle To differentiate the

and Sql server
essential users from
the optional users

Discussion

Lecture 12 Administration of users

(database links)

T-1:Chapter 3

Database link
architecture and
authentication methods

Discussion

Lecture 9

Week 4

Week 5

Lecture 13

Test1

Study of
segregated roles
among owners,
custodians and
users w.r.t.
schema objects

Learn about querying Demonstration and

for the Session ID of Discussion
the user,killing the
User session, deleting
the User Account and
finding information
about users and
profiles

Understanding of
database link
architecture and
authentication
methods

Facebook
account
handling

Week 5

Week 6

Week 7

Lecture 14 Administration of users

(linked servers and remote
servers)

T-1:Chapter 3

Remote server and

database link
architecture and
authentication methods

Understanding of
Discussion
database link
architecture and
authentication
methods and Remote
server

Lecture 15 Profiles, password policies,

privileges and roles(defining
and using profiles)

T-1:Chapter 4

Creating profiles
through various
platforms

Importance of
defining and using
profiles

Lecture 16 Profiles, password policies,

privileges and roles
(designing and
implementing password
policies)

T-1:Chapter 4

Designing and execution Learning of

of password policies
designing and
implementing
password policies

Lecture 17 Profiles, password policies,

privileges and roles(granting
and revoking user
privileges)

T-1:Chapter 4

Lecture 18 Profiles, password policies,

privileges and roles(creating,
assigning and revoking user
roles)
Lecture 19 Profiles, password policies,
privileges and roles(creating,
assigning and revoking user
roles)

RW-2

Discussion and
demonstration
Discussion

to grant and revoke

privileges with syntax
and examples

tutorial explains how Demonstration and

to grant and revoke Discussion
privileges with
syntax and examples

Study of
segregated roles
among owners,
custodians and
users w.r.t.
schema objects

T-1:Chapter 4

Learning concept of
creating, assigning and
revoking user roles

As administrator, you demonstration

should create your
own roles and assign
only those privileges
that are needed

Facebook
account
handling

T-1:Chapter 4

Learning concept of
creating, assigning and
revoking user roles

As administrator, you demonstration

should create your
own roles and assign
only those privileges
that are needed

Facebook
account
handling

Preventing
unauthorized users
from any access

SPILL OVER
Week 7

Lecture 20

Spill Over

Lecture 21

Spill Over

MID-TERM
Week 8

Lecture 22 Database application

security models(types of
users and security models)

T-1:Chapter 5

RW-5

study of Various types

of users and security
models

demonstration

segregation of
user role

Lecture 23 Database application

security models(application
types)

T-1:Chapter 5

RW-5

Various application
Concept of various
demonstration
types where security can application types
be enforced
where security can be
enforced

access models

Week 8

Lecture 24 Database application

security models(application
security models)

T-1:Chapter 5

Week 9

Lecture 25 Database application

security models(data
encryption)

T-1:Chapter 5

Lecture 26
Lecture 27 Virtual private databases
(overview of virtual private
databases)

RW-5

Security models based Learn the common

on different applications characteristics of
applications from a
security perspective
and introduces the
application security
models

demonstration

Role of encryption in
database security

choosing encryption
at the application
level, the database
level, or the storage
level

demonstration

storing
confidential data

Learn about
preventing or
permiting the user
from accessing data
through the
application

demonstration

Maintaining
information
about account
number to
retrieve the
salary of the
employee in
LPU UMS

Test2
T-1:Chapter 6

Introduction of virtual
private databases

Week 10 Lecture 28 Virtual private databases

(implementing vpd using
views)

T-1:Chapter 6

Concept of using views Learning views for

for implementing vpd
implementing vpd

demonstration

Lecture 29 Virtual private databases

(implementing vpd using
application context)

T-1:Chapter 6

Implementation of
Virtual Private Database
using application
context

Application context
can be used with
fine-grained access
control as part of
Virtual Private
Database (VPD) or
by itself

demonstration

Lecture 30 Virtual private databases

(row and column level
security)

T-1:Chapter 6

Specifying Row and

Column Level Security

This topic provides demonstration

an overview of role
and user-based
security and
discusses how to:
Define security roles

T-1:

the detailed
classification of audit
will be discussed

Identifying types of Discussion

audits and its need in
databases

T-1:Chapter 7

Security auditing best

practices as well as the
importance of
conducting

Study of open
Security Checklists
and
Recommendations

Week 11 Lecture 31 Database auditing models

(auditing classifications and
types)
Lecture 32 Database auditing models
(advantages of auditing and
overview of database
security checklist)
Lecture 33

Term Paper,Test3

Discussion

Application of
Virtual Private
Database

SQL Server
offers RLS/CLS
- short for Row
Level Security /
Cell Level
Security

Real time audit

Week 12 Lecture 34 Vulnerabilities existing in

database system(owasp top
10 web security
vulnerabilities)

OR-1
RW-6

to build, design and test

the security of web
applications and web
services specially
related to databases

Understanding a
powerful awareness
document for web
application security

Discussion and
demonstration

Lecture 35 Vulnerabilities existing in

database system(owasp top
10 web security
vulnerabilities)

OR-1
RW-6

to build, design and test

the security of web
applications and web
services specially
related to databases

Understanding a
powerful awareness
document for web
application security

Discussion and
demonstration

Lecture 36 Vulnerabilities existing in

database system(owasp top
10 web security
vulnerabilities)

OR-1
RW-6

to build, design and test

the security of web
applications and web
services specially
related to databases

Understanding a
powerful awareness
document for web
application security

Discussion and
demonstration

Week 13 Lecture 37 Vulnerabilities existing in

database system(sql
injection)

OR-2

Study of a code
injection technique

Learning about the

most common
application layer
attack techniques
used today

Demonstration and real time

Discussion
database attack

Lecture 38 Vulnerabilities existing in

database system(sql
injection)

OR-2

Study of a code
injection technique

Learning about the

most common
application layer
attack techniques
used today

Demonstration and real time

Discussion
database attack

Lecture 39 Vulnerabilities existing in

database system(buffer
overflows - dos and ddos)

OR-3
RW-6

Study of buffer over

Understanding how a Demonstration and Condition of
flow on detail with case program or process Discussion
server down
studies
tries to store more
data in a buffer
(temporary data
storage area) than it
was intended to hold
and what it may
cause

Week 14 Lecture 40 Vulnerabilities existing in

database system(buffer
overflows - dos and ddos)

OR-3
RW-6

Study of buffer over

Understanding how a Demonstration and Condition of
flow on detail with case program or process Discussion
server down
studies
tries to store more
data in a buffer
(temporary data
storage area) than it
was intended to hold
and what it may
cause

SPILL OVER
Week 14 Lecture 41

Spill Over

Lecture 42

Spill Over

Week 15 Lecture 43

Spill Over

Lecture 44

Spill Over

Week 15 Lecture 45

Spill Over

Scheme for CA:

Component

Frequency

Test

Out Of
2

Each Marks Total Marks

3

Total :-

10

20

10

20

Details of Academic Task(s)

AT No.

Objective

Topic of the Academic Task

Nature of Academic Task

(group/individuals/field
work

Evaluation Mode

Allottment /
submission Week

Test1

To check the
Syllabus from week 1 to week 4
understanding as
well as performance
of the students based
upon the concepts
taught

Individual

All questions of 5
marks each or in
multiples of 5

4/5

Test2

To check the
Syllabus from week 5 to week 9
understanding as
well as performance
of the students based
upon the concepts
taught

Individual

All question will be

of 5 marks or
multiple of 5 marks

7/9

Test3

To check the
Syllabus from week 10 to week 12
understanding as
well as performance
of the students based
upon the concepts
taught

Individual

All question will be

of 5 marks or
multiple of 5 marks

11 / 12