| |
Course Syllabus
Course objectives:
The objective of this course is to introduce the security challenges and threats in database
systems and provide an understanding of the state-of-the art security technologies. The course
discusses policies, models and technologies to ensure confidentiality, integrity and availability.
In particular, students will study about models and mechanisms for access control, integrity
models and mechanisms, multi-level secure database architectures, inference problem,
distributed transaction processing, recovery and fault tolerance, and security problems raised
by data warehousing and data mining.
Student Work:
- Research project: there will be one group (3-4 students) research project and the
students must present their results to the class in the last week of the semester.
- Homework assignments: there will be 4-5 homework assignments during the semester.
Homework should be individual work.
- Tests: there will be two tests covering the course material.
Grades:Will be calculated from grades received for project (40%) and its
presentation (5%), assignments (15%), and tests (Test 1: 15%, Test 2: 25% each).
Topics
Week 1:Introduction
Week 2:Security Controls - Flow control, Inference Control, Access Control;
Access Control Models - Discretionary Access Control (DAC)
Week 3:Access Control Models - Mandatory Access Control (MAC);
Access Control Models - Mandatory Access Control (MAC)
Week 4:Access Control Models - Role-Based Access Control (RBAC);
Access Control Models - Role-Based Access Control (RBAC)
Week 5:Flexible Authorization Model; Indirect Information Flow Channels
Week 6:Multilevel Security; Multilevel Security Architectures
Week 7:Oracle Virtual Database System; TEST 1
Week 8:Identification/Authentication; Database Intrusion Control
Week 9:Survivable Database Systems 1; Survivable Database Systems 2.
Week 10:Distributed databases- secure transaction processing 1;
Distributed databases- secure transaction processing 2
Week 11: Security in data warehousing; Data Mining and Security
Week 12: Web Databases; Semi-structured Databases
Week 13: XML Security 1; XML Security 2.
Week 14:Secure Web Services; TEST 2
Week 15:Student Presentations
Basic Bibliography
- S. Castano, M. Fugini, G. Martella, P. Samarati: Database Security, Addison-Wesley, 1995
- Lecture handouts from current proceedings of conferences, like Working Conference on
Database Security of IFIP WG 11.3, and journals, like IEEE TKDE
Recommended:
- M.L. Theriault and A. Newman: Oracle Security Handbook: Implement a Sound Security Plan
in Your Oracle Environment, McGraw-Hill Osborne Media, 2001
|
|
|