SRM INSTITUTE OF SCIENCE AND

TECHNOLOGY
FACULTY OF ENGINEERING AND TECHNOLOGY
SCHOOL OF COMPUTING
DEPARTMENT OF CSE
COURSE PLAN

Course Code : 15CS338E

Course Title : DATABASE SECURITY AND PRIVACY
Semester : VI
Course Time : JAN 18- MAY 18

DAY MURUGANANTHAM.B ANNAPOORANI.P

Hour Timing Hour Timing
H 11.35-12.25
1 10 4.05 – 4.55 5

1,2 8.00-9.40 6,7 12.30-2.15

4

Location : S.R.M –Tech Park, Annexure Campus.

FacultyDetails

SLOT OFFICE
& NAME OFFICE HOUR MAIL ID
BATCH
Muruganantham.B murugannatham.b@
D and B1 TP014 Monday- ktr.srmuniv.ac.in
Friday
D and B2 Monday- Annapoorani.p@ktr.srmuniv.ac.in
Dr.Annapoorani.P TP706 Friday

TEXT BOOK
1. Hassan A. Afyouni, “Database Security and Auditing”, Third Edition, Cengage Learning,
2009.(UNIT 1 to IV)
2.Charu C. Aggarwal, Philip S Yu, “Privacy Preserving Data Mining”: Models and Algorithms,
Kluwer Academic Publishers, 2008.(UNIT V).

REFERENCES
1. Ron Ben Natan, ”Implementing Database Security and Auditing”, Elsevier Digital Press,
2005.
2. http://charuaggarwal.net/toc.pdf
3. http://adrem.ua.ac.be/sites/adrem.ua.ac.be/files/securitybook.pdf

Prerequisite : NIL
Objectives
1. To understand the fundamentals of security, and how it relates to information systems.
2. To identify risks and vulnerabilities in operating systems from a database perspective.
3. To learn good password policies, and techniques to secure passwords in an organization.
4. To learn and implement administration policies for users.
5. To understand the various database security models and their advantages or
 disadvantages.
6. To learn to implement privacy preserving data mining algorithms.

Assessment Details

Cycle Test–I : 15 Marks

Surprise Test–I : 5 Marks
Assignment / Quiz 5 Marks
Cycle Test–II : 25 Marks
Test Schedule

S.No. DAT TEST TOPICS DURATION

1 19/02/18 Cycle Test-I Unit I & II 2 period
2 17/04/18 Cycle Test-II Unit III , IV & V 4 period

Outcomes
Students who have successfully completed this course will have full understanding of the
following Concepts.
Detailed Session Plan

UNIT I - SECURITY ARCHITECTURE & OPERATING SYSTEM SECURITY

FUNDAMENTALS
Security Architecture: Introduction-Information Systems- Database Management Systems-Information
Security Architecture- Database Security–Asset Types and value-Security Methods.
Operating System Security Fundamentals: Introduction-Operating System Overview-Security
Environment – Components- Authentication Methods-User Administration-Password Policies-
Vulnerabilities-E-mail Security.
Session
Time Teaching
No. Topics to be covered Ref Testing Method
(min) Method
Security Architecture: Introduction Group discussion
1 50 1,R1 BB
Quiz
Information Systems BB Objectivetypetest
2 50 1,R1
Quiz
3 Database Management Systems 50 1,R2 BB Quiz

4 Information Security Architecture 50 1 BB Quiz

Database Security–Asset Types and BB Quiz
5 50 1
value
Security Methods BB Quiz
6 50 1 Objectivetypetest
7 Introduction-Operating ystem Overview 50 1,R1 BB Quiz,Assignment
Security Environment – Components-
Authentication Methods

User Administration-Password Policies- Groupdiscussion

8 Vulnerabilities-E-mail Security. 50 1,R1 BB Comparativestudy
UNIT II - ADMINISTRATION OF USERS & PROFILES,PASSWORD POLICIES, PRIVILEGES
AND ROLES

Administration of Users: Introduction-Authentication-Creating Users, SQL Server User-Removing,

Modifying Users-Default, Remote Users-Database Links-Linked Servers-Remote Servers-Practices for
Administrators and Managers-Best Practices Profiles, Password Policies,
Privileges and Roles: Introduction-Defining and Using Profiles-Designing and Implementing Password
Policies-Granting and Revoking User Privileges-Creating, Assigning and Revoking User Roles-Best
Practices
9 Introduction-Authentication-Creating 50 1 BB Quiz
Users, SQL Server User
Removing, Modifying Users-Default, Quiz
10& 100 1 BB
Remote Users-Database Links Brainstorming
11
Linked Servers-Remote Servers-Practices Quiz
12 100 1 BB
for Administrators and Managers-Best Surprise Test
& 13 Practices Profiles, Password Policies.
Introduction-Defining and Using Profiles- Group discussion
14 & Designing and Implementing Password 100 1 BB
Quiz
15 Policies
16 Granting and Revoking User Privileges 50 1 BB Group discussion, Quiz
17 Creating, Assigning and Revoking User 50 1 BB Quiz, Assignment
18 Best Practices 50 1 BB Quiz, Assignment

UNIT III - DATABASE APPLICATION SECURITY MODELS & VIRTUAL PRIVATE

DATABASES
Database Application Security Models: Introduction-Types of Users-Security Models- Application
Types-Application Security Models-Data Encryption
Virtual Private Databases: Introduction-Overview of VPD-Implementation of VPD using Views,
Application Context in Oracle-Implementing Oracle VPD-Viewing VPD Policies and Application contexts
using Data Dictionary, Policy Manager Implementing Row and Column level Security with SQL Server

Introduction-Types of Users-Security Quiz

19 50 1 PPT
Models Groupdiscussion
Application Types-Application Security PPT Quiz,Comparative
20 Models 50 1
study
Data Encryption PPT Quiz
21 50 1
SurpriseTest
Introduction-Overview of VPD- PPT Quiz
22 50 1
Implementation of VPD using Views Groupdiscussion
Application Context in Oracle- PPT Quiz
23 50 1
Implementing Oracle VPD Comparativestudy
Viewing VPD Policies and Application PPT Quiz
24 50 1
contexts using Data Dictionary Groupdiscussion
25-
Policy Manager Implementing Row 100 1 PPT Quiz
26
Column level Security with SQL Server Quiz
27 50 1
PPT Brainstorming
UNIT IV-AUDITING DATABASE ACTIVITIES

Auditing Database Activities: Using Oracle Database Activities-Creating DLL Triggers with Oracle-
Auditing Database Activities with Oracle-Auditing Server Activity with SQL Server 2000-Security and
Auditing Project Case Study.
Using Oracle Database Activities Group discussion
28& 100 1 PPT
Assignment
29
Creating DLL Triggers with Oracle Group discussion
30& 100 1 PPT
Quiz
31
Auditing Database Activities with Oracle Group discussion
32& 100 1 PPT
Assignment
33
Auditing Server Activity with SQL Group discussion
34 50 1 PPT
Server 2000 Assignment
Security and Auditing Project Case Objective type test
35& Study. 100 1 PPT Quiz
36 Group discussion
UNIT V - PRIVACY PRESERVING DATA MINING TECHNIQUES

Privacy Preserving Data Mining Techniques: Introduction- Privacy Preserving Data Mining Algorithms-
General Survey-Randomization Methods-Group Based Anonymization-Distributed Privacy Preserving Data
Mining-Curse of Dimensionality-Application of Privacy Preserving Data Mining
37 Privacy Preserving Data Mining 100 1 PPT Group discussion
& Techniques: Introduction
38
Privacy Preserving Data Mining Group discussion
39& 100 1 PPT
Algorithms Comparative study
40

General Survey-Randomization Methods Objective type test

41 50 1 PPT
Comparative study
42 Group Based Anonymization 50 1 PPT Brain storming
Distributed Privacy Preserving Data
43 50 1 PPT Brain storming
Mining
Curse of Dimensionality Surprise test
44 50 1 PPT Quiz
Group discussion
Application of Privacy Preserving Data Comparative study
45 50 1 PPT
Mining Assignment
BB-Black board PPT-Power Point

PREPARED BY APPROVED BY

MURUGANNATHAM.B HOD / CSE