National Institute of Technology Jamshedpur – 831014

Department of Computer Science & Engineering

Spring Semester (Session 2023-2024)
Course Plan
Batch nd
M. Tech (ISSE) (2 Semester)
Course No. CS4216
Course Title Database Security Lab
Instructor In-charge Dr. Chandrashekhar Azad
Contact [email protected]

Scope:
Database security concerns the use of a broad range of information security controls to protect databases (potentially
including the data, the database applications or stored functions, the database systems, the database servers and the
associated network links) against compromises of their confidentiality, integrity and availability. It involves various types or
categories of controls, such as technical, procedural/administrative and physical. Database security is a specialist topic
within the broader realms of computer security, information security and risk management.
Objectives:
The purpose of database security is to protect unauthorized accessing of data and misuses by hackers and
unauthorized personals. So here the database security comes into the picture. Database security denotes the system,
processes, and procedures that protect a database from unintended activity. Security is usually enforced through access
control, auditing, and encryption.

Course outcomes:
 Students are able to design and implement access control rules to assign privileges and protect data in
databases.
 Students are able to implement access control rule to secure data stored in databases.
 They use Oracle and Microsoft SQL server.
 Students implement Virtual Private Database to protect data in databases.
 Students implement database auditing.
 Students learn and practice various access control theories and techniques including mandatory access
control, discretionary access control, role ‐ based access control.
 Students are able to give a presentation and write reports.

Text Book:
1. Database Security and Auditing: Protecting data Integrity and accessibility, by Hassan Afyouni, Cengage Learning.

Reference Book:
1. Database Security, Alfred Basta, Melissa Zgola, Cengage Learning.
2. Database and application Security, by Bhavani Thuraisingham, Auerbatch Publication, Taylor and
Francis Group.
3. Implementing database security and auditing, Ron Ben Natan, Elsevier Digital Press.
4. Handbook of Database Security: Applications and Trends , Michael Gertz and Sushil Jajodia, Springer.
5. Oracle Database 12c Security, David Knox, Scott Gaetjen, and William Maroulis, McGraw Hill
Professional.
Course Plan

Lect. Topics to be covered Learning Objectives Refer to

No. chapter see
(text book)
1 Introduction, Technologies for Database and Overview- of database security
Applications Security (chapter– 1)
2-4 Introduction, Security, Information Systems, Database Security Architecture
Management Systems, Information Security, Information (chapter-1)
Security Architecture, Database Security, Database
Security Level, Menaces to Databases, Asset Type and
Their Value, Security Methods, Database Security
Methodology.
 5-7 Introduction, Operating System Overview, Operating Operating System Security
System Security Environment, The Components of Fundamentals (chapter-2)
Operating System Security Environment: Services, Files,
Files Permission, Files Transfer, Sharing Files, Memory.
Authentication Methods, User Administration, Password
policies, Vulnerabilities of Operating Systems, E- mail
Security.
8-10 Introduction, Documentation of User Administration, Administration of Users
Operating System Authentication, Creating an (chapter-3)
Oracle10g user, Creating a SQL Server User, Removing
Users, Modifying Windows Integrated Login Attributes;
Modifying Users, Default Users, Remote Users,
Database Links, Authentication Methods, Linked
Servers, Remote servers.
11-16 Introduction, Defining and Using Profiles, Designing Profile, Password
and implementing password Policies, Granting and policies, (chapter-4)
revoking User Privileges, Creating assigning and Privileges and Roles
Revoking User Roles, Creating Roles with Oracle,
Creating Roles with SQL Server.
17-21 Introduction, Types of Users, Security Modes, Database Application Security (chapter-5)
Application Types: Client/server, Applications, Web Models
Applications, Data Warehouse Application, Other
Applications; Application Security Models, Data
Encryption.
22-26 Introduction, Overview of Virtual Private Databases, Virtual Private Databases
Implementing a VPD Using Views, Implementing a (chapter-6)
VPD Using Application Context in Oracle,
Implementing Oracle Virtual Private Databases, Viewing
VPD Policies and Application Context Using The Data
Dictionary, Viewing VPD Policies and Application
Contexts Using Policy Manager, Implementing Row-
27-31 and Column-level
Introduction, Security with
Auditing SQL Server. Auditing
Environment, Database Auditing Models (chapter-7)
Process, Auditing Objectives, Auditing Classifications
and Types, Benefits and Side Effects of Auditing,
Auditing Models.
32-36 Introduction, DML Action Auditing Architecture, Application Data Auditing (chapter-8)
Oracle Triggers, SQL Server Triggers, Fine-grained
Auditing (FGA) with Oracle, DML Statement Audit
Trail, Auditing Application Errors with Oracle, Oracle
PL/SQL Procedure Authorization.
37-40 Introduction, Using Oracle Database Activities, Auditing Database Activities (chapter-9)
Creating DLL Triggers with Oracle: Auditing
Database Activities with Oracle, Auditing Server
Activity with Microsoft SQL Server, Implementing SQL
Profiler, Security Auditing with SQL Server.
Evaluation Scheme (EC):
EC Evaluation Date &
Duration Weightage Nature of Component
No. Component Time
Mid Term Academic
1. 02 Hours 30% Closed/Open Book
Examination Calendar
End Term Academic
2. 03 Hours 50% Closed/Open Book
Examination Calendar
(Class Test, Attendance,
Internal
3. -- 20% TBA Assignments/Reports/Projects/Seminars)
Assessment
Class Test/Reports/Projects/Seminars - 10 Marks, Assignment- 05 Marks, Attendance & Punctuality in class-
05 Marks
 Chamber consultation hour: Monday to Friday, 5PM to 6PM,
 Notices: All notices regarding the course will be displayed only on the Department of Computer Science & Engineering
notice board and communicated through e-mail.
Instructor In-Charge
CS4211